In this tutorial, I will show you how to sum up two or more fields in Logstash using the Ruby filter.
With the Ruby filter, you can write any Ruby code just like other programming languages. So you can perform complex operations that Logstash doesn't support.
Contents
- How to Sum Two Fields in Logstash
- How to Sum Two Num String Fields in Logstash
- How to Sum Two Fields in Logstash with Condition
- How to Sum Two Fields in Logstash if Both Exist
- Conclusion
How to Sum Two Fields in Logstash
To sum up two or more fields in Logstash, you can use the ruby
filter with the +
operator.
For example, I have the following Logstash event:
Using the above Ruby code, I can sum the two fields and store the result in a new field called total
.
How to Sum Two Num String Fields in Logstash
If you want to sum two num string fields in Logstash, you need to convert them to numbers first using the to_i
method inside the ruby
filter.
There are different types of num string field conversions:
to_i
converts a string to an integer (most common).to_f
converts a string to a float (most common).to_r
converts a string to a rational number.to_c
converts a string to a complex number.
Here is the result if we apply the to_i
method to convert the two fields to integers.
Without using the to_i
method, it will be a string concatenation instead of a sum.
How to Sum Two Fields in Logstash with Condition
You can also sum two fields in Logstash based on a condition using the if
statement inside the ruby
filter.
For example, you want to sum two fields only if they are both integers.
Then the total
field will only be added if both field1
and field2
are integers.
How to Sum Two Fields in Logstash if Both Exist
You can sum two fields in Logstash if both exist using the +
operator inside the ruby
filter.
So the total
field will only be added if both field1
and field2
exist.
Conclusion
You have learned how to sum up two or more fields in Logstash using the Ruby filter.
I also gathered different use cases when summing two fields in Logstash so that you can apply them to your use cases.
If anything should be added or changed, please leave a comment below.
Comments
Be the first to comment!