Logstash - counting field entries

ifishy · September 19, 2018, 11:08am

Hi,
i have built a small filter, that groks a Mac-Adress out of the message of a log.

Know, i want to count the entries, how much same mac-adresses in twenty minutes, i tested with "metrics" filter, but i think, i haven't understand, how it works.
Here my filter:

filter {
    if [source] == "d:\SMS_DP$\sms\logs\SMSPXE.log" {
            grok {
                    match => [ "message" , "%{COMMONMAC:MacAdresse}" ]
            }

            metrics {
                    meter => [ "%{MacAdresse}" ]
                     flush_interval => 1300
                     clear_interval => 1200
                    add_tag => "metric"
            }

    }
}

Somebody can give me please a hint to solve this problem?

Thank you
Wolfgang

system · October 17, 2018, 11:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.