How to convert gc logs from mb kb to bytes

jagadees · January 5, 2017, 9:56am

filter {
match => { "store" => "^%{[@metadata][store_number]:float}(?INT:before_memory)[kKmMgGtT])(?INT:after_memory[kKmMgGtT])(?NOTSPACE:total_memory[kKmMgGtT])" }
}

mutate {
    add_field => {
        "[@metadata][before_memory][INT:after_memory][NOTSPACE:total_memory]" => "%{INT:before_memory}","%{INT:after_memory}","%{NOTSPACE:total_memory}"
    }
    remove_field => [ "[before_memory][INT:after_memory][NOTSPACE:total_memory]" ]
}
if [@metadata][before_memory][INT:after_memory][NOTSPACE:total_memory] == "K" or [@metadata][before_memory][INT:after_memory][NOTSPACE:total_memory] == "K" {
    mutate { add_field => { "[@metadata][store_multiplier]" => 1024 } }
} else if [@metadata][before_memory][INT:after_memory][NOTSPACE:total_memory] == "M" or [@metadata][before_memory][INT:after_memory][NOTSPACE:total_memory] == "M" {
    mutate { add_field => { "[@metadata][store_multiplier]" => 1048576 } }
}
	mutate {
    convert => { "[@metadata][store_multiplier]" => "integer" }
}

magnusbaeck · January 10, 2017, 6:41am

I don't believe there's a plugin for this specific purpose, but you can use a ruby filter.

ruby {
  code => "event.set('fieldname', event.get('fieldname') / event.get('[@metadata][store_multiplier]'))"
}

system · February 7, 2017, 6:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.