Measure the elapsed time between two events in fluentd
I'm looking for a way to measure elapsed time between events using fluentd. It would also be great to combine two or more events.
So far I have been using logstash. There are two plugins for my use in logstash:
- elapsed and merge.
I just can't figure out how to do this in fluentd. What am I missing here?
Example:
I have a text file containing the logs of a process that looks like this:
Fri May 8 05:00:00 GMT 2015: start subprocess 1 with param p
Fri May 8 05:10:42 GMT 2015: some other message
Fri May 8 05:11:44 GMT 2015: doing more stuff
Fri May 8 05:10:00 GMT 2015: end subprocess 1
My goal is to measure the time it takes for subprocess 1 to complete based on event timestamps. This is easy to do using the passed filter in logstash, but I don't know how to solve this in fluentd.
I want to:
2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0"}
.. or even better, I want to combine some of the event fields (like a parameter from a launch event):
2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0", "param": "p"}
+3
source to share
No one has answered this question yet
Check out similar questions: