Hi,
Here is my es data.I can query them correctly.
{"count":1,"time":"2021-08-10T00:15:00.000+08:00"}
{"count":2,"time":"2021-08-10T00:30:00.000+08:00"}
I want to sum the count by day.
Here are the results I want.
{"count":3,"time":"2021-08-10T00:00:00.000+08:00"}
Here is the filter configuration.I use version 7.12.0.I refer to the official website example.Aggregate filter plugin | Logstash Reference [7.12] | Elastic
filter {
ruby {
code => "event.set('date', event.get('time')[0..9] + 'T00:00:00.000+08:00')"
}
aggregate {
task_id => "%{date}"
code => "map['count'] ||= 0; map['count'] += event.get('count');"
push_map_as_event_on_timeout => true
timeout_task_id_field => "date"
timeout => 3600 # 1 hour timeout, user activity will be considered finished one hour after the first event, even if events keep coming
inactivity_timeout => 300 # 5 minutes timeout, user activity will be considered finished if no new events arrive 5 minutes after the last event
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('several_clicks', event.get('count') > 1)"
}
}
Here are my results.It doesn't work properly.It seems that there is the last record.
{"count":2,"date":"2021-08-10T00:00:00.000+08:00"}