No commit activity in last 3 years
No release in over 3 years
This filter does a cumulative sum and overrides event fields with its value
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

>= 1.60, <= 2.99
 Project Readme

Logstash cumulative sum filter

Was developed and tested with logstash 7.6

This is a plugin for Logstash.

It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.

Documentation

This plugin is used to do a simple cumulative sum. It has 3 simple parameters:

  1. fields [array, required] this contains the name of the fields that will contain the current cumulative sum value
  2. add_values [hash] a dictionary that indicates the value to add for each field. Defaults to 0
  3. initial_values [hash] a dictionary that indicates the value to use if no stored value is found. Defaults to 0

You can use it in this simple way:

filter {
  cusum{
    fields => ["apples","bananas"]
    add_values => {
        "apples"  => "%{apples_to_add}"
        "bananas" => "-2"
      }
    initial_values => {
        "bananas" => "%{[default_bananas]}"
      }
  }
}	

How to install

1. From gem file

  • Download the latest gemfile from releases

  • Install in logstash

/bin/logstash-plugin install /path/to/gem/logstash-filter-cumsumm-<version>.gem
  • Run logstash and have fun

2. Build it yourself

  • To get started, you'll need JRuby with the Bundler gem installed.

  • Clone or download this repo

  • Install dependencies

bundle install
  • compile gem file
gem build logstash-filter-example.gemspec
  • Install the plugin as in 1.