Hello ,We now get a network package data by tshark.
We send these data to elasticsearch system with the step:
-
get the package data and convert it to json file : tshark -i eth0 ... -T ek > packets.json
-
send this data to logstash by filebeat.
-
Create a data table to analyze these data.
In this table we have to know the previous relative time data.
So we coding the logstash ruby code to do it.
The ruby code is:
ruby {
init => "@@count = 0 "
code => "
event.set('[test]', @@count)
@@count = event.get('[layers][frame_time_relative]')
"
}
The last time data in the "test"column.
And the table is:
We find the test column has the wrong position in data table.
I have no idea what caused it.
I think that maybe, it is multi-thread issue.
Is it possible to set mutex in logstash ruby code?