adds some amount of CPU usage!
ruby code for calculation :
ruby {
init => “require ‘time'”
code => “event[‘netflow’][‘duration’] = Time.parse(event[‘netflow’][‘last_switched’]) – Time.parse(event[‘netflow’][‘first_switched’])”
}
if [netflow][in_bytes] {
ruby {
code => “event[‘netflow’][‘in_bits’] = event[‘netflow’][‘in_bytes’] * 8″
}
}
if [netflow][duration] > 0 {
ruby {
code => ”
event[‘netflow’][‘pps’] = event[‘netflow’][‘in_pkts’] / event[‘netflow’][‘duration’] rescue 0
event[‘netflow’][‘bps’] = event[‘netflow’][‘in_bits’] / event[‘netflow’][‘duration’] rescue 0
”
}
} else {
mutate {
replace => [ “[netflow][bps]”, “%{[netflow][in_bits]}” ]
replace => [ “[netflow][pps]”, “%{[netflow][in_pkts]}” ]
}
}
mutate {
convert => [ “[netflow][pps]”, “integer” ]
convert => [ “[netflow][bps]”, “integer” ]
}