Hello All,
I have a scenario, I need the expertise to support this, and thanks in advanced
I have a statement running by the JDBC input plugin every 1 minute, so the results returned every 1 minute until if the results are NULL I did assigned a default value like zero to control that every 1 minute there is data,
so this statement returned different types and counts, if I want to track these counts based on each result or If the last 10 minutes the sum of counts = 0 this moment I know there is no data,
input {
jdbc {
jdbc_driver_library => ""
jdbc_driver_class => ""
jdbc_connection_string => ""
jdbc_user => ""
jdbc_password => ""
schedule => "* * * * *"
statement => "select type, count from mytable
filter {
if "type1" in [itype] {
aggregate {
task_id => "%{type1}"
code => "map['count'] ||= 0; map['count'] += event.get('totalcount')"
push_map_as_event_on_timeout => true
timeout_task_id_field => "invoice type"
timeout => 600
timeout_code => "event.set('sumcount', event.get('totalcoun'))" }
}
}
output {
elasticsearch {}
}
1- I want to calculate the sum count of the last 10 or 60 minutes whatever
2- if the count of last 10 events of last 10 minutes equal 0 take action else take another action like (add count = 0),
thanks,