Calculating the events per second (EPS) | View post

chrisc 8 years ago

I am trying to figure out how many events are coming in per hour on a given a input module named win.

I have searched around and haven't found any definitive solution. Most of what I have seen implements the create_stat function. But from there, I am lost. Here is my current config for the input, output, and route. How would I implement this feature into what I currently have?

My end goal is to calculate EPS and write it out to log_info every hour with a message saying something like: EPS calulcated: 3,019


<Input win>

    module          im_tcp

        host            0.0.0.0

        port            524

        Exec            parse_syslog();

        Exec            log_info("Severity Windows Collector: " + $SyslogSeverity + ", Hostname: " + $Hostname);

</Input>
<Output winout>

        Module          om_file

        CreateDir    true

        File            '%WINLOG%'
        <Schedule>

                Every           60 sec

                Exec            if (file_size('%WINLOG%') >= 2G) \

                                { \

                                       file_cycle('%WINLOG%', 500); \

                                        winout->reopen(); \

                                }
        </Schedule>

</Output>
<Route 5>

    Path            win => winout, Grid

</Route>