Measure the elapsed time between two events in fluentd

I'm looking for a way to measure elapsed time between events using fluentd. It would also be great to combine two or more events.

So far I have been using logstash. There are two plugins for my use in logstash:

I just can't figure out how to do this in fluentd. What am I missing here?

Example:

I have a text file containing the logs of a process that looks like this:

Fri May  8 05:00:00 GMT 2015: start subprocess 1 with param p
Fri May  8 05:10:42 GMT 2015: some other message
Fri May  8 05:11:44 GMT 2015: doing more stuff
Fri May  8 05:10:00 GMT 2015: end subprocess 1

      

My goal is to measure the time it takes for subprocess 1 to complete based on event timestamps. This is easy to do using the passed filter in logstash, but I don't know how to solve this in fluentd.

I want to:

2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0"}

      

.. or even better, I want to combine some of the event fields (like a parameter from a launch event):

2015-05-08 05:10:00 parsed: {"message":"end subprocess 1","elapsed.time":"10.0", "param": "p"}

      

+3


source to share





All Articles