Logstash - select data by Range

We have following web log transaction data. we need to count number of transactions every 30 second.

input data file:

2017-10-11 10:42:19,server1,load,1
2017-10-11 10:42:19,server1,load,1
2017-10-11 10:42:20,server1,load,1
2017-10-11 10:42:23,server1,load,1
2017-10-11 10:42:23,server1,load,1
2017-10-11 10:42:44,server1,load,1
2017-10-11 10:42:44,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:45,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:48,server1,load,1
2017-10-11 10:42:54,server1,load,1
2017-10-11 10:42:54,server1,load,1
2017-10-11 10:42:55,server1,load,1
2017-10-11 10:42:55,server1,load,1
2017-10-11 10:42:58,server1,load,1
2017-10-11 10:42:58,server1,load,1
2017-10-11 11:03:30,server1,load,1
2017-10-11 11:03:38,server1,load,1
2017-10-11 11:03:49,server1,load,1
2017-10-11 11:03:49,server1,load,1
2017-10-11 11:03:50,server1,load,1
2017-10-11 11:03:53,server1,load,1
2017-10-11 11:03:53,server1,load,1
2017-10-11 11:04:40,server1,load,1

Output expected:

2017-10-11 10:42:30,server1,load,5
2017-10-11 10:43:00,server1,load,14
2017-10-11 11:03:30,server1,load,1
2017-10-11 11:04:00,server1,load,6
2017-10-11 11:04:30,server1,load,1

Pls provide any inputs on how to achieve this using Logstash script.

Why do you need to do this in Logstash? If you're using the full Elastic stack this is something you'd typically do in Elasticsearch (and optionally visualizing it in Kibana).

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.