Logstash - Use of Memorize plugin
Question
Trying to use the "memorize" plugin like so:
if [message] =~ /matching event/ {
grok {
match => [ "message", "%{mymatch:datetime}" ]
}
memorize {
field => [datetime]
}
}
if [message] =~ /another event/ {
mutate {
add_field => {
datetime => "%{datetime}"
}
}
}
A field called datetime is being added, but it only contains the text "%{datetime}". Clearly I'm using the plugin incorrectly. Can anyone advise on how to reference the memorized value please?
Thanks.
1 answers
solution1
2 2014-10-14 17:06:12
The way that plugin works would be like this:
if [message] =~ /matching event/ {
grok {
match => [ "message", "%{mymatch:datetime}" ]
}
}
# either save the datetime or add it based on last value
memorize {
field => 'datetime'
default => '00:00:00'
}
if [message] =~ /another event/ {
# datetime has already been added based on the above line
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Logstash - Offline Plugin Installation
logstash plugin for stomp
Logstash Plugin not getting installed
Logstash plugin to output to Kafka not working
logstash access with readonly rest plugin
Logstash translate plugin problem parsing csv
Logstash ganglia input plugin - udp listener died
Logstash Plugin for data transfer from Cassandra to ElasticSearch
Install logstash plugin from private gem repository
Use SSL for logstash-output-stomp
Related Tags