Math functions in Logstash

The logstash-filter-math is not a core plugin but it is available here. You can follow the next steps in order or install it:

> git clone https://github.com/robin13/logstash-filter-math.git
> cd logstash-filter-math
> gem build
> $LS_HOME/bin/logstash-plugin install logstash-filter-math-0.2.gem

If you don't want to install a 3rd party plugin just for that, you can also easily achieve the same computation with a ruby filter:

filter {
   ruby {
      code => "event['data']['doc_size_mb'] = event['data']['doc_size'].to_i / (1024 * 1024)"
   }
}

I tried using the above approach to multiply an existing field by a factor value and update the value of the existing field in the event by this new scaled value in Logstash 7.0.1, but it did not work as expected. I modified it to use the Event API's set() and get() methods which worked out for me.

Initial approach (did not work) -

filter {
     ruby {
        code => "event['data']['myField'] = event['data']['myField'].to_i * 0.25"
          }
       }

Working solution -

filter {
     ruby {
        code => "event.set('myField',event.get('myField')* 0.25)
          }
       }

Math functions in Logstash

Tags:

Logstash

Related

Recent Posts