logging - How to aggregate same events in logstash into one new event -
lets 10 login failures in 60 seconds , don't want see 10 events 1 there 10 failed login attempts.
how (if possible) can aggregate number of same events in logstash 1 new event?
use metrics filter.
it allow flush every xx seconds (configurable) metric event can consists of various valuable metrics (e.g: percentiles of duration, rates, , count). can utilize filter , specify want event flushed every 60 seconds, count of number of failed login attempts. event flushed regardless if count higher or lower 10, can query elastic search, whether manually or kibana, metric events count higher 10.
events logging aggregate logstash
No comments:
Post a Comment