How to sum two field values from two different events together

clemthetest · January 5, 2021, 3:54pm

Hi everyone,

Let’s take two different events from a common stream. Both of the events have a field called “TotalSessionLength”. My purpose is quiet simple: I would like to sum the different values I have for each events, and put the result into a variable.

Ex:
Event 1 : TotalSessionLength = 15
Event 2 : TotalSessionLength = 12

MyVariable = 15 + 12

I thought I could do it simply by using a rule but it looks like the rule can’t be performed on several events simultaneously.

Does anyone know how to figure out my problem? Thank you in advance.

Regards,

Clem.

tmacgbay · January 5, 2021, 5:19pm

You can look at storing values in Mongodb…

https://docs.graylog.org/en/4.0/pages/pipelines/functions.html#lookup-set-value

clemthetest · January 6, 2021, 10:18am

Hi @tmacgbay ,
Thank you for your answer. I will check if it can work. Does it require any Graylog sidecar or extension?

Regards,

Clem.

tmacgbay · January 6, 2021, 1:25pm

These MongoDB functions happen after the message arrives in Graylog. You are required to have an enterprise license to use these particular functions (according to docs) If data is consistently under 5GB a day that shouldn’t be an issue as you can apply for a free license.

system · January 20, 2021, 1:25pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog comparison of two fields Graylog Central (peer support)	2	979	December 8, 2020
Logging events with lists in fields Graylog Central (peer support)	2	530	November 21, 2019
Graylog filtering logs issue Graylog Tech Challenges	3	972	July 9, 2021
Help needed with combination and filtering fields Graylog Central (peer support)	13	2510	September 28, 2017
Alert processing query Graylog Central (peer support)	4	682	August 1, 2018

How to sum two field values from two different events together

Related Topics