[SOLVED] Increment field value in logstash filter

pastechecker · February 1, 2019, 3:53pm

Hello,
I have a data taken from the filter elasticsearch query.

elasticsearch {
hosts => ["localhost:9200"]
index => "elasticinput"
query => '_id=%{fingerprint}'
fields => { "request_ip_count" => "new_request_ip_count" }
fields => { "request_counter_attempts" => "new_request_counter_attempts" }
fields => { "request_domain_root" => "new_request_domain_root" }
}

The fields contains a number:
"request_ip_count":"3"

How can I increment this field by 1?
I want it to be: "request_ip_count":"4"

Is there a way?

Badger · February 1, 2019, 7:13pm

How about

    ruby {
        code => '
            c = event.get("request_ip_count")
            if c
                event.set("request_ip_count", c.to_i + 1)
            end
        '
    }

pastechecker · February 4, 2019, 9:42am

Hey Badger,
my solution last week that I forgot to publish was:

if [request_ip_count] != "" {
ruby {
code => '
event.set("request_ip_count", event.get("request_ip_count").to_i + 1)
'
}
}

pastechecker · February 4, 2019, 9:42am

Thank you for your help as well!

system · March 4, 2019, 9:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Increment field value when event occur in logstash output Logstash	1	578	November 12, 2020
Increment field of Elasticsearch from logstash Elasticsearch	1	1173	July 5, 2017
Increment field no work Logstash	2	240	March 29, 2019
How do I increment my count field of my document from logstash? Elasticsearch	1	1623	July 5, 2017
Increment counter if document already exists Logstash	5	6705	August 8, 2018

[SOLVED] Increment field value in logstash filter

Related topics