I have a field that i'm trying to use for stats. However, kibana is not displaying any data.
In logstash im using ruby code to add the value of two fields into a third one. I'm trying to graph the value of the third one. However, no values show up in the stats pannel.
I've tried using a mutate filter to format the resulting field as float or integer. However, that didn't help.
if [bytes_sent] and [bytes_rcvd] {
ruby { code => "event['bytes'] = event['bytes_sent'] + event['bytes_rcvd']" }
} else if [bytes_sent] {
mutate {
rename => [ "bytes_sent", "bytes" ]
}
} elseif [bytes_rcvd] {
mutate {
rename => [ "bytes_rcvd", "bytes" ]
}
} else { }
logstash output:
"message" => "2015-03-18T23:59:41.802932-07:00 x.x.x.x id=my_host sn=my_sn_number time=\"2015-03-19 00:02:27\" fw=x.x.x.x pri=6 c=1024 m=537 msg=\" Connection Closed\" n=14957 src=x.x.x.x:123:X1 dst=x.x.x.x:123:X1 proto=udp/ntp sent=380 rcvd=380 ",
"@version" => "1",
"@timestamp" => "2015-10-14T21:00:52.213Z",
"path" => "/tmp/sonicwall.log",
"type" => "fw-sonicwall",
"tags" => [
[0] "sonicwall",
[1] "firewall_log"
],
"id" => "booth_firewall",
"time" => "2015-03-19 00:02:27",
"msg" => "Connection Closed",
"proto" => "udp/ntp",
"msg_count" => "14957",
"msg_id" => "537",
"msg_category" => "1024",
"msg_priority" => "6",
"serial_number" => "C0EAE490A1A6",
"src_ip" => "x.x.x.x",
"src_port" => "123",
"src_interface" => "X1",
"dst_ip" => "x.x.x.x",
"dst_port" => "123",
"dst_interface" => "X1",
"action" => "Closed",
"bytes_sent" => 380,
"bytes_rcvd" => 380,
"bytes" => 760,
"application" => "NTP",
"logstash_host" => "logstash-dev",
"host" => "x.x.x.x"