Chris
Reputation: 407
Averaging multiple fields in Logstash
I have an event that comes through with a variable number of fields { "dev_1": 12, "dev_2": 34, ... }. What logstash filters should I look at to produce an average of those fields, something like { "device_avg": 23 }?
I don't know the exact field names ahead of time. I will need to do some pattern matching to average all fields that match dev_* but I'm not sure if that is something I can do simply with an aggregate filter
Upvotes: 0
Views: 103
Answers (1)
Badger
Reputation: 4072
You would have to use a ruby filter. Try
ruby {
code => '
total = 0
count = 0
event.to_hash.each { |k, v|
if k =~ /^dev_/
count += 1
total += v.to_f
end
}
if count > 0 ; event.set("average", total/count) ; end
'
}
Upvotes: 1
Related Questions
- Creating an array by using aggregate filter
- aggregate logstash filter with "multiple pipelines"
- Average or Any other Aggregation on multiple fields of same type in Elastic Search
- Aggregation in Logstash-ElasticSearch
- Combining log entries with logstash
- logstash, generate multiple fields from multiple match
- How to aggregate same events in logstash into one new event
- Logstash, how to handle a field with sub fields
- Sum a Column result in Logstash
- kibana - display average times