当前位置: 动力学知识库 > 问答 > 编程问答 >

elasticsearch - Retain tag/field across events in logstash 1.5

问题描述:

I'm using logstash 1.5 to analyze logs.

I want to track two events which occur one after the other.

So I would like to set a flag/field/tag when first event occurs and retain the value across events.

I looked at this link but looks like grep and drop are not supported in logstash 1.5.

Is there a way of achieving this?

网友答案:

The closest you can get with logstash is the elapsed{} filter. You could use that code as a basis for your own filter if it doesn't meet your needs. I also run some external (python) post-processing to do more than elapsed{} can (or should) do.

分享给朋友:
您可能感兴趣的文章:
随机阅读: