Im looking for a way to measure the elapsed time between to events using fluentd. Also it would be awesome to be able to merge two or more events.
Until now I was using logstash. There are two plugins for my usecase in logstash:
- elapsed and merge.
I just can't figure out how to do this in fluentd. What am I missing here ?
Example:
I have a text file containing process logs which looks like this:
Fri May 8 05:00:00 GMT 2015: start subprocess 1 with param p
Fri May 8 05:10:42 GMT 2015: some other message
Fri May 8 05:11:44 GMT 2015: doing more stuff
Fri May 8 05:10:00 GMT 2015: end subprocess 1
My goal is to measure the time it took to finish subprocess 1 based on the event's timestamps. This can easily be done using the elapsed filter in logstash but I have no clue how to solve this in fluentd.
I want a :
2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0"}
.. or even better I want to merge some of fields of the events (e.g. the param from the start event):
2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0", "param": "p"}
