Throttle Moving Window

brian-spot · July 19, 2017, 6:12pm

Is it possible to have a moving window to monitor events through throttle filter or something similar?

Ex.
If I run this throttle filter:

if [event] == "SomeEvent" {
  throttle {
    after_count => 2
    period => 10
    key => "throttle_key"
    add_tag => "Alert"
  }
}

If I have messages that would match the event with the following timestamps

None of the messages will get the tag, even though there are 3 messages in a 10 second period (2, 3, and 4). Is there anything that will catch that?

Andrew_Cholakian1 · July 21, 2017, 4:00pm

Hmmm, that should work. Is it tagging any events at all?

system · August 18, 2017, 4:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Throttle filter: Notify on throttle Logstash	9	1073	February 21, 2021
Pipeline throttle not working properly Logstash	1	432	March 5, 2020
Throttle Filter Logstash Logstash	2	199	June 3, 2022
Logstash tag events if it occurs more than certain limit Logstash	2	698	July 6, 2017
Throttle filter is not throttling correctly Logstash	1	429	February 24, 2021