Hi.
I have problem with elapsed filter il tried everything but it random miss events.
It matches around 75% of all events only and different everytime I sent the log in.
Starting Logstash with one worker also.
Can I use another ruby filter or aggregate instead.
I need elapsed time like this HH:MM:SS
.\bin\logstash.bat -w 1 -f .\config\auto.yml
here is my configs.
filter {
if "RU" in [tags] {
elapsed {
start_tag => "STARTING-RUNNER"
end_tag => "ENDING-RUNNER"
periodic_flush => false
unique_id_field => "host_name"
timeout => 86400
new_event_on_match => false
}
}
}
filter {
if "ST" in [tags] {
elapsed {
start_tag => "STARTING-STAGE"
end_tag => "ENDING-STAGE"
periodic_flush => false
unique_id_field => "runner"
timeout => 86400
new_event_on_match => false
}
}
}
Best Regards Dennis