my conf:

[root@ci-000c294400e8 conf.d]# cat sample_test.conf
input
{
file
{
codec => multiline
{
pattern => '^\s\s\s\s}'
negate => true
what => previous
max_lines => 20000
}

    path           => ["/ci/data/cirrus/report/*/status.json"]
    start_position => "beginning"
    sincedb_path   => "/ci/data/cirrus/sincedb_path/status.db"
    ignore_older   => 0
    type           => 'test'
}

}
#Filter plugin performs intermediary processing on an event using "Ruby code" as filter plugin
filter
{
if [type] == "test"
{
grok
{
match => ["message", "%{GREEDYDATA:msg}"]
}
if "_jsonparsefailure" in [tags]
{
drop{}
}
ruby
{
code => "
filename = event['path'].split('/')[5];
event['jobID'] = filename
"
}
mutate
{
gsub => ["message", "\n", ""]
gsub => ["message", "\s", ""]
}
json
{
source => "message"
target => "doc"
}
mutate
{
add_field =>{ "status" => "%{[doc][status]}" }
#remove_field => ["msg", "message","results"]
}
}
}
#output
output {
if [type] == "test"
{
stdout
{
codec => rubydebug
}
#elasticsearch

{

      #      hosts         => "localhost:9200"
      #      index         => "cirrus"
      #      document_type => "testinfo"
      #      document_id   => '{"jobID":"%{jobID}"}'

}

}

}

my json:
{
"status": "fail",
"time_start": 1494320678.8123009,
"agent_pid": 26286,
"cirrus_id": "ci-000c294400e8_administrator_1",
"time_queued": 1494320660.5887389,
"time_end": 1494320700.427644,
"message": "1 stage(s) failed",
"stages": {
"RoboGalaxy": {
"status": "fail",
"code": 2,
"time_start": 1494320683.109,
"signal": 0,
"time_end": 1494320695.464,
"message": "2 RG tests failed, only first failure shown -- fail: Setup failed:\nKeyError: u'sys_os', Test: UC1 GirishRun:ILOREST Testing; "
}
}
}

after running the conf file:

OUPTUT:

{
"@timestamp" => "2017-05-26T07:33:10.730Z",
"message" => "{"status":"fail","time_start":1494916910.0355501,"agent_pid":22528,"cirrus_id":"ci-000c294400e8_administrator_4","time_queued":1494916894.9371409,"time_end":1494916943.763562,"message":"1stage(s)failed","stages":{"copyspplogs":{"status":"pass","code":0,"time_start":1494916930.109,"signal":0,"time_end":1494916933.26,"message":""},"notify":{"status":"pass","code":0,"time_start":1494916940.508316,"signal":0,"time_end":1494916943.763181,"message":""},"RoboGalaxy":{"status":"fail","code":1,"time_start":1494916912.109,"signal":0,"time_end":1494916924.76,"message":"1RGtestfailed--fail:Setupfailed:\nKeyError:u'sys_os',Test:UC9RemoteScripted:ILORESTTesting;"}",
"@version" => "1",
"tags" => [
[0] "multiline",
[1] "_jsonparsefailure"
],
"path" => "/ci/data/cirrus/report/ci-000c294400e8_administrator_4/status.json",
"host" => "ci-000c294400e8",
"type" => "test",
"msg" => "{\n "status": "fail", \n "time_start": 1494916910.0355501, \n "agent_pid": 22528, \n "cirrus_id": "ci-000c294400e8_administrator_4", \n "time_queued": 1494916894.9371409, \n "time_end": 1494916943.763562, \n "message": "1 stage(s) failed", \n "stages": {\n "copy spp logs": {\n "status": "pass", \n "code": 0, \n "time_start": 1494916930.109, \n "signal": 0, \n "time_end": 1494916933.26, \n "message": ""\n }, \n "notify": {\n "status": "pass", \n "code": 0, \n "time_start": 1494916940.508316, \n "signal": 0, \n "time_end": 1494916943.763181, \n "message": ""\n }, \n "RoboGalaxy": {\n "status": "fail", \n "code": 1, \n "time_start": 1494916912.109, \n "signal": 0, \n "time_end": 1494916924.76, \n "message": "1 RG test failed -- fail: Setup failed:\nKeyError: u'sys_os', Test: UC9 RemoteScripted:ILOREST Testing; "\n }",
"jobID" => "ci-000c294400e8_administrator_4",
"status" => "%{[doc][status]}",
}

In the last line of the output i am getting status as a string instead of getting the value, we can see the message is
coming well, even i have set a target to doc, but still i am unable to get the result. can someone pls help me.

what is the correct way to write the add field syntax to fetch the status: fail

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.