NerdSec
August 2, 2018, 5:27am
4
Hi,
You can do arithmetic operations using the ruby filter. Here are some links.
if 'time_duration' < '500' {
mutate { add_tag => [ "FAST" ]
}
Two problems:
Fields are referred via the square bracket notation, i.e. [time_duration] in this case.
You need fields to be integers (or doubles) for numerical comparisons to work. See below.
I am using haproxy config, which I don't think I need to print here. But for reference, the bytes_read and the time_duration are INT types.
No, they're strings. That's obvious from the stdout output. The fact that a grok expression use…
I want to multiply or divide two fields and create a new field based on that. I've got this ruby code:
ruby {
code => "event['hit_rate'] = event['MAIN_client_req'] * event['MAIN_cache_hit']"
}
When I try to use it I'm getting:
Ruby exception occurred: undefined method `*' for nil:NilClass {:level=>:error}
Ruby exception occurred: NilClass can't be coerced into Fixnum {:level=>:error}
This is a part of my logstash config:
grok {
match => { "message" => "(?<par…
logstash
Regards,