Can we do aggregations with logstash?
I want to read data from elasticsearch, say for last 10 mins and aggregate over a field and perform metrics over this aggregated data. Is it possible?
Thanks.
1 Like
Perhaps this filter will do what you want https://www.elastic.co/guide/en/logstash/current/plugins-filters-collate.html
Otherwise, I'd suggest checking the others out.
Collate seems get me the data, but what I am looking for mainly is aggregation over a field.
Can Logstash do that?
Maybe logstash-filter-aggregate could help.