[SOLVED] Increment field value in logstash filter

pastechecker · February 1, 2019, 3:53pm

Hello,
I have a data taken from the filter elasticsearch query.

elasticsearch {
hosts => ["localhost:9200"]
index => "elasticinput"
query => '_id=%{fingerprint}'
fields => { "request_ip_count" => "new_request_ip_count" }
fields => { "request_counter_attempts" => "new_request_counter_attempts" }
fields => { "request_domain_root" => "new_request_domain_root" }
}

The fields contains a number:
"request_ip_count":"3"

How can I increment this field by 1?
I want it to be: "request_ip_count":"4"

Is there a way?

Badger · February 1, 2019, 7:13pm

How about

    ruby {
        code => '
            c = event.get("request_ip_count")
            if c
                event.set("request_ip_count", c.to_i + 1)
            end
        '
    }

pastechecker · February 4, 2019, 9:42am

Hey Badger,
my solution last week that I forgot to publish was:

if [request_ip_count] != "" {
ruby {
code => '
event.set("request_ip_count", event.get("request_ip_count").to_i + 1)
'
}
}

pastechecker · February 4, 2019, 9:42am

Thank you for your help as well!

system · March 4, 2019, 9:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Increment field of Elasticsearch from logstash Elasticsearch	1	1156	July 5, 2017
How do I increment my count field of my document from logstash? Elasticsearch	1	1614	July 5, 2017
Increment field value when event occur in logstash output Logstash	1	559	November 12, 2020
Increment field no work Logstash	2	225	March 29, 2019
Need to do a calculation in logstash Logstash	3	1085	January 7, 2020

[SOLVED] Increment field value in logstash filter

Related topics