Hi,
I am trying to send 75 percentile of "duration" field(type is number) value to kafka servers by using logstash pipeline. But i did not get idea how to write aggregate filter in logstash. Could you please help me how to write pipeline. Here i am sharing logstash config which i have now.
input {
elasticsearch {
hosts => ["XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXx"]
index => "abc*"
query => '{"query": {
"bool": {
"must": ,
"filter": [
{
"exists": {
"field": "duration"
}
},
{"range": {
"@timestamp": {
"gte": "now-1d/d","lt": "now/d"
}
}}]}} }'
}
}
filter {
aggregate {
task_id => "%{duration}"
code => "
"
push_map_as_event_on_timeout => true
timeout_task_id_field => "duration"
timeout => 60
}
}