I am looking for aggregate function to get sum of field(TotalOrderReceivedToday) in a new field (sum). but i think it's aggregating everything based on TotalOrderReceivedToday field, I need sum of one field only to
{
"Salesperson name" => "Online Order",
"Order Complete?" => "True",
"Expected Ship Date" => 2020-08-05T04:00:00.000Z,
"Order Type" => "O",
"Total Order Value" => 301.0,
"host" => "server",
"@timestamp" => 2020-12-14T19:04:07.973Z,
"path" => "D:/ELK/logstash-7.9.3/config/TotatOrderOfDay.csv",
"Inv #" => " 461872",
"Order Date" => 2020-08-05T04:00:00.000Z,
"Doc #" => 461872,
"TotalOrderReceivedToday" => 1,
"message" => "\"I 461872\",\" 1170\",\"I\",\" 461872\",\" 416889\",\"O\",\"True\",05-Aug-20,301,340.13,0,\" 461872\",07-Aug-20,05-Aug-20,07-Aug-20,0,0,\" WEB\",\"Online Order\",\" GS\",0\r",
"Doc Type" => "I",
"Order #" => 416889,
"ThisWeekOrders" => 0,
"Inv Date" => 2020-08-07T04:00:00.000Z,
"Salesperson" => " WEB",
"Cust #" => 1170,
"@version" => "1",
"Total Dollar Value" => 340.13,
"TotalShipped" => 0,
"Order Key" => "I 461872",
"Loc" => " GS",
"Shipment Date" => 2020-08-07T04:00:00.000Z,
"Order Status" => "AlreadyInvoiced",
"ShippedYesterday" => 0
}
Aggregation function
aggregate {
task_id => "%{TotalOrderReceivedToday}"
code => "map['action'] ||= ''
map['action'] = event.get('TotalOrderReceivedToday')
map['sum'] ||= 0
map['sum'] += 1
event.cancel"
push_map_as_event_on_timeout => true
timeout_task_id_field => "TotalOrderReceivedToday"
timeout => 10
}