Hi,
i'am trying to read a csv file with log data that is arranged according to timestamp.
i want to check the current record value with all the previous records values and if the condition is true set a field with value 1 or else 0.
currently m able to check with the immediate previous record but i want to check with all the previous records.
Is it possible to do that in aggregate filter.
my current aggregate filter is as follows
aggregate {
task_id => "%{odr}"
code => "
map['dur'] ||= event.get('endtime');
event.set('cc', (event.get('starttime') < map['dur'])?1:0);
map['dur'] = event.get('endtime');
"
push_previous_map_as_event => true
push_map_as_event_on_timeout => true
timeout_task_id_field => "odr"
timeout => 30
timeout_tags => ['_aggregatetimeout']
timeout_code => ""
}
Thanks