Hi!!!
I'm absolutely new in Logstash. And I have a couple of questions:
- I need to install this plugin https://github.com/logstash-plugins/logstash-filter-aggregate. Tell me please how can I do this?
My config file parses parameters like this:
grok {
match => [ "message", " id: %{INT:user-id:int};" ]
tag_on_failure => []
}
if [message] =~ /^Deauthorizing client / {
noop {
add_field => { "event" => "deauthorize" }
}
}
if [message] =~ /^Logged in / {
noop {
add_field => { "event" => "logged in" }
}
}
I want to add field with session length between "Logged in" and Deauthorizing client" in "Deauthorizing client" documents. All my logs use timestamp.
Can you help me with config file for this task?
Many thanks for helping me.