create virtual event?

This support forum board is for support questions relating to Nagios Log Server, our solution for managing and monitoring critical log data.
Locked
_asp_
Posts: 91
Joined: Mon May 23, 2016 4:30 am

create virtual event?

Post by _asp_ »

Hi,

Is it possible to create own / virtual events in logstash?
I intent to do the following:

1. I receive following log line:
timestamp, value_1, value_2, value_3

2. now I want to create 3 events out of it:

Code: Select all

1. @timestamp = timestamp
    value = value_1
2. @timestamp = timestamp
    value = value_2
3. @timestamp = timestamp
    value = value_3
This would workaround the fact, that I can only show multiple lines in a histogram for the same field name. So it does not work to store the values in separate fields with different names.

Thanks, Andreas
Top
User avatar
hsmith
Agent Smith
Posts: 3539
Joined: Thu Jul 30, 2015 11:09 am
Location: 127.0.0.1
Contact:
Contact hsmith

Re: create virtual event?

Post by hsmith »

Perhaps take a look at split. I have not worked with this, but it might do exactly what you're looking for: https://www.elastic.co/guide/en/logstas ... split.html
Former Nagios Employee.
me.
Top
_asp_
Posts: 91
Joined: Mon May 23, 2016 4:30 am

Re: create virtual event?

Post by _asp_ »

thanks, split and clone are the filters which do the job
Top
User avatar
mcapra
Posts: 3739
Joined: Thu May 05, 2016 3:54 pm

Re: create virtual event?

Post by mcapra »

Is it alright if we lock this thread and mark the issue as resolved?
Former Nagios employee
https://www.mcapra.com/
Top
Locked

Return to “Nagios Log Server”