How to add up values from list and send only that value to elasticserach

Adriann · November 5, 2020, 5:31pm

Hello,

I want to write logstash script that use snmpwalk to get cpu values form network devices average them and send one field to elasticsearch. I guess I can do this in ruby plugin but I have so fare only expiernce in Java nad Python. How can I do this using ruby filter or other logstash capabilities?

This is how my document looks like before any manipulation.

{
                       "tags" => [
        [0] "snmp",
        [1] "metrics"
    ],
                    "host.ip" => "ip",
                 "@timestamp" => 2020-11-05T14:43:20.707Z,
                   "@version" => "1",
    "cisco.device.system.cpu" => [
        [0] {
                                                                 "index" => "1",
            "iso.org.dod.internet.private.enterprises.9.9.109.1.1.1.1.7" => 15
        },
        [1] {
                                                                 "index" => "2",
            "iso.org.dod.internet.private.enterprises.9.9.109.1.1.1.1.7" => 15
        },
        [2] {
                                                                 "index" => "3",
            "iso.org.dod.internet.private.enterprises.9.9.109.1.1.1.1.7" => 15
        }
    ],
              "host.hostname" => "name"
}

Badger · November 5, 2020, 6:22pm

You could try something like

ruby {
    code => '
        cpus = event.get("cisco.device.system.cpu")
        if cpus
            count = 0
            total = 0
            cpus.each { |x|
                count += 1
                total += x["iso.org.dod.internet.private.enterprises.9.9.109.1.1.1.1.7"]
            }
            event.set("averageCpu", total/count)
        end
    '
}

system · December 3, 2020, 6:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.