Logstasch pipeline filter

max_cyril · January 11, 2022, 9:57am

Hi,
I am new to ELK and struggling to write my first logstash pipeline.
Can anyone help me to write the filter section?
Thanks in advance.

i want to filter and only output the maximum of completion per users

for instance :
user completion
u2 20
...
u48 100

that is my trial whitout succeed.

input
{elasticsearch
{hosts => "...."
user => "..."
password => "..."
index => "index1"
codec =>"json"
docinfo => true
}}



filter {
aggregate {
task_id => "%{users}"
code => "map['completion'] = event.get('completion') ;
event.cancel if (map['completion']) != map['completion'].max()"
map_action => "create" }



}output
{elasticsearch
{hosts => "..."
user => "...l"
password => "..."
index => "index2"
document_type =>"%{[@metadata][_type]}"
document_id =>"%{[@metadata][_id]}"
}}

can someone helps me please, thank you!

grumo35 · January 11, 2022, 10:13am

Hey,

After defining all your pipelines in the pipelines.yml you'll have to set an "input" pipeline then filter the logs you want like this

output {
        if "water" in [tags] {
          pipeline { send_to => pool }
        } else if "lava" in [tags] {
          pipeline { send_to => volcano }
        } else if "tree" in [tags] or "bush" in [tags] {
          pipeline { send_to => forest }
        }
    }

system · February 8, 2022, 10:14am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.