Logstash aggregation to get total memory available at a timestamp

Elastic Stack Logstash
1

Hi,

I am new to logstash filters. My input files looks something like below
'''
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "slab_unrecl",
"plugin" => "memory",
"value" => 29790208.0,
"@timestamp" => 2021-03-26T03:49:56.814Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "slab_recl",
"plugin" => "memory",
"value" => 69140480.0,
"@timestamp" => 2021-03-26T03:49:56.814Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "free",
"plugin" => "memory",
"value" => 1964318720.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "slab_unrecl",
"plugin" => "memory",
"value" => 29782016.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "slab_recl",
"plugin" => "memory",
"value" => 69222400.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "used",
"plugin" => "memory",
"value" => 2545074176.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "buffered",
"plugin" => "memory",
"value" => 81203200.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
{
"@version" => "1",
"collectd_type" => "memory",
"host" => "ubuntues",
"type_instance" => "cached",
"plugin" => "memory",
"value" => 1032192000.0,
"@timestamp" => 2021-03-26T03:50:06.782Z
}
'''
I need to find a sum of all the values at same timestamp, so that I will get the total memory available at that time stamp. Your help will be much appreciated.

2

The aggregation has to be made in Elasticsearch.
Logstash is more for parsing, enrichment and filtering.....

So what you need to do is collecting this events with e.g. an Logstash input and then send the events to Elasticsearch with the output.
In Elasticsearch you can do these aggregation and many other things.

3

I am looking for some aggregation filter where it can be added as new field with logstash filter plugin

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.