We're trying to aggregate Web Access Logs:
- HTTP Method;
- PATH;
- HTTP Status Code;
Aggregating the logs in buckets of X seconds by Response Time (ex: Median, Mean, Percentiles, etc),
To only send only 1 summary (aggregation) per each combination of Method/Path/Response_Status every X seconds,
Thus preventing an explosion of Space and Write requirements.
However, for the life of me I'm not being able to figure out how to properly setup the aggregator Filter Plugin nor can I find a similar example - the ones presented are not making aggregations per time but per .. type of log.
Can anyone point me to or show me a similar example of LogStash aggregation of logs?