Logstash - select data by Range


(Parveen) #1

We have following web log transaction data. we need to count number of transactions every 30 second.

input data file:

2017-10-11 10:42:19,server1,load,1
2017-10-11 10:42:19,server1,load,1
2017-10-11 10:42:20,server1,load,1
2017-10-11 10:42:23,server1,load,1
2017-10-11 10:42:23,server1,load,1
2017-10-11 10:42:44,server1,load,1
2017-10-11 10:42:44,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:54,server1,load,1
2017-10-11 10:42:54,server1,load,1
2017-10-11 10:42:55,server1,load,1
2017-10-11 10:42:55,server1,load,1
2017-10-11 10:42:58,server1,load,1
2017-10-11 10:42:58,server1,load,1
2017-10-11 11:03:30,server1,load,1
2017-10-11 11:03:38,server1,load,1
2017-10-11 11:03:49,server1,load,1
2017-10-11 11:03:49,server1,load,1
2017-10-11 11:03:50,server1,load,1
2017-10-11 11:03:53,server1,load,1
2017-10-11 11:03:53,server1,load,1
2017-10-11 11:04:40,server1,load,1

Output expected:

2017-10-11 10:42:30,server1,load,5
2017-10-11 10:43:00,server1,load,14
2017-10-11 11:03:30,server1,load,1
2017-10-11 11:04:00,server1,load,6
2017-10-11 11:04:30,server1,load,1

Pls provide any inputs on how to achieve this using Logstash script.


(Magnus B├Ąck) #2

Why do you need to do this in Logstash? If you're using the full Elastic stack this is something you'd typically do in Elasticsearch (and optionally visualizing it in Kibana).


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.