我用的是7.12.0版本
下面是我的elasticsearch数据
{"count":1,"time":"2021-08-10T00:15:00.000+08:00"}
{"count":2,"time":"2021-08-10T00:30:00.000+08:00"}
我想要按天统计count,比如下面的结果
{"count":3,"date":"2021-08-10T00:00:00.000+08:00"}
下面是我的过滤器配置,我参考的是官网例子,https因为不能加外链://因为不能加外链www.elastic.co/guide/en/logstash/7.12/plugins-filters-aggregate.html#plugins-filters-aggregate-example5
filter {
ruby {
code => "event.set('date', event.get('time')[0..9] + 'T00:00:00.000+08:00')"
}
aggregate {
task_id => "%{date}"
code => "map['count'] ||= 0; map['count'] += event.get('count');"
push_map_as_event_on_timeout => true
timeout_task_id_field => "date"
timeout => 3600 # 1 hour timeout, user activity will be considered finished one hour after the first event, even if events keep coming
inactivity_timeout => 300 # 5 minutes timeout, user activity will be considered finished if no new events arrive 5 minutes after the last event
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('several_clicks', event.get('count') > 1)"
}
}
下面是保存的结果,count没有累加成功,好像存的是最后一条记录
{"count":2,"date":"2021-08-10T00:00:00.000+08:00"}
下面是我的elasticsearch数据
{"count":1,"time":"2021-08-10T00:15:00.000+08:00"}
{"count":2,"time":"2021-08-10T00:30:00.000+08:00"}
我想要按天统计count,比如下面的结果
{"count":3,"date":"2021-08-10T00:00:00.000+08:00"}
下面是我的过滤器配置,我参考的是官网例子,https因为不能加外链://因为不能加外链www.elastic.co/guide/en/logstash/7.12/plugins-filters-aggregate.html#plugins-filters-aggregate-example5
filter {
ruby {
code => "event.set('date', event.get('time')[0..9] + 'T00:00:00.000+08:00')"
}
aggregate {
task_id => "%{date}"
code => "map['count'] ||= 0; map['count'] += event.get('count');"
push_map_as_event_on_timeout => true
timeout_task_id_field => "date"
timeout => 3600 # 1 hour timeout, user activity will be considered finished one hour after the first event, even if events keep coming
inactivity_timeout => 300 # 5 minutes timeout, user activity will be considered finished if no new events arrive 5 minutes after the last event
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('several_clicks', event.get('count') > 1)"
}
}
下面是保存的结果,count没有累加成功,好像存的是最后一条记录
{"count":2,"date":"2021-08-10T00:00:00.000+08:00"}
1 个回复
tongchuan1992 - 学无止境、学以致用
赞同来自: