0

I'm using logstash 1.5 to analyze logs.

I want to track two events which occur one after the other. So I would like to set a flag/field/tag when first event occurs and retain the value across events.

I looked at this link but looks like grep and drop are not supported in logstash 1.5.

Is there a way of achieving this?

Community
  • 1
  • 1
Yellowjacket
  • 548
  • 2
  • 7
  • 19

1 Answers1

0

The closest you can get with logstash is the elapsed{} filter. You could use that code as a basis for your own filter if it doesn't meet your needs. I also run some external (python) post-processing to do more than elapsed{} can (or should) do.

Alain Collins
  • 16,268
  • 2
  • 32
  • 55