Hi folks,
I would like to get some general ideas for the following challenge:
We got a system that makes some checks that we want to grab with logstash. This system provides an simple API point which responds with all configured checks and their last states.
The thing is, this list contains always the complete list of checks and their results together with a timestamp "lastupdate". The update interval differs from check to check. I want to avoid duplicate entries for the same results.
So for example I configure http_poller to poll every 180 seconds. I always get three checks back like this:
volumestore
mqservice
ramusage
Every check has a state (ok/warn/crit) and a "lastupdate" timestamp.
So lets assume my http poller grabs data at 1pm and every checks responds with lastupdate 1pm, I would like to write everything out.
Later on the http poller grabs again at 1:03pm and two checks respond again with lastupdate 1pm. In this case I only want to write the third check out.
Is this possible with logstash own techniques or do I have to create some bash magic around it?
Thanks for helping me!