Well,不要刷屏了

logstash aggregate filter 累加不正确

Logstash | 作者 zhuyangping | 发布于2021年08月28日 | 阅读数:1550

我用的是7.12.0版本

下面是我的elasticsearch数据

{"count":1,"time":"2021-08-10T00:15:00.000+08:00"}
{"count":2,"time":"2021-08-10T00:30:00.000+08:00"}

我想要按天统计count,比如下面的结果

{"count":3,"date":"2021-08-10T00:00:00.000+08:00"}

下面是我的过滤器配置,我参考的是官网例子,https因为不能加外链://因为不能加外链www.elastic.co/guide/en/logstash/7.12/plugins-filters-aggregate.html#plugins-filters-aggregate-example5

filter {
ruby {
code => "event.set('date', event.get('time')[0..9] + 'T00:00:00.000+08:00')"
}
aggregate {
task_id => "%{date}"
code => "map['count'] ||= 0; map['count'] += event.get('count');"
push_map_as_event_on_timeout => true
timeout_task_id_field => "date"
timeout => 3600 # 1 hour timeout, user activity will be considered finished one hour after the first event, even if events keep coming
inactivity_timeout => 300 # 5 minutes timeout, user activity will be considered finished if no new events arrive 5 minutes after the last event
timeout_tags => ['_aggregatetimeout']
timeout_code => "event.set('several_clicks', event.get('count') > 1)"
}
}

下面是保存的结果,count没有累加成功,好像存的是最后一条记录

{"count":2,"date":"2021-08-10T00:00:00.000+08:00"}
已邀请:

tongchuan1992 - 学无止境、学以致用

赞同来自:

你需要将Logstash filter workers设置为1,不然会出现计算不正确的现象。

要回复问题请先登录注册