Hi I have a log file and in each line it contains a number that I need to keep adding to get the total produced per log.
So some of the lines in the log file could be...
10.05.17 20:06:39.79 UPDATE/Add: Legs:15
10.05.17 20:06:39.79 UPDATE/Add: Legs:30
I want to add up the number after Legs to be able to get a total of 45 but im having a hard time doing that. Help would be greatly appreciated. I am using the aggregate filter but not sure how to use it in this case.
my config file looks something like this.
input {
file {
path => "C:\Logstash\logstash-5.6.1\ExampleLogs\legs.log"
type => "legs"
start_position => "beginning"
}
}
filter{
if [type] == "legs" {
grok {
match => ["message", "(?<OriginalLogTime>%{MONTHNUM}.%{MONTHDAY}.%{YEAR} %{TIME})%{SPACE}(?<legCount>%{DATA:StatusEvent}:%{SPACE}Legs:?%{SPACE}%{BASE16NUM:theLegs})%{GREEDYDATA:message}"]
}
mutate {
convert => { "theLegs" => "integer" }
}
aggregate {
task_id => "%{P.23.P24.ABK}"
code => "map['total_legs'] ||= 0 ; map['total_legs'] += event.get('theLegs')"
push_map_as_event_on_timeout => true
}
}
}
output {
if [type] == "legs" {
elasticsearch {
index => "legsloaded"
hosts => "localhost:9200"
}
}
I know the filter is a little confusing but it does work. I check Kibana but there is no total_legs field created not sure what I am doing wrong.
thank you!