How can I convert all the keys that have numbers from strings to int using ruby?
example:
"x": "hello",
"a": "1",
"b": "2",
"c": "3",
"d": "bye"
to:
"x": "hello",
"a": 1,
"b": 2,
"c": 3,
e.t.c
here's my ruby:
filter {
ruby {
code => "
event.get("message").each {|key, value|
if value =~ /\A\d+\Z/
event.set("value", value.to_i)
end
}
"
}
}
thanks
Surely that should be event.set(key, value.to_i).
thanks @Badger
However i get a
"tags": [
"_rubyexception"
],
my message looks like this
{
"MSG": "File successfully transmitted to drive",
"payloadTransferSpeedMBps": "146.388052",
"transferTime": "0.032947",
"readWriteTime": "0.027923",
"reconciliationTime": "0",
"driveTransferSpeedMBps": "146.402652",
"capacityInBytes": "500000000000",
"fileId": "757082",
"@version": "1",
"tapeVid": "V01006",
"checksumingTime": "0.004905",
"totalTime": "0.032877",
"vendor": "IBM",
"thread": "TapeWrite",
"path": "/var/log/cta/cta-taped.log",
"fSeq": "12835",
"fileSize": "4812800",
"headerVolume": "480",
"LBPMode": "LBP_Off",
"tapeDrive": "VDSTK11",
"mediaType": "LTO8",
"waitDataTime": "0.000011",
"waitReportingTime": "0.000108",
"dataVolume": "4812800",
"vo": "desy",
"mountId": "5643",
"mountType": "ArchiveForUser",
"TID": "15081",
"LVL": "INFO",
"PID": "14663",
"@timestamp": "2023-02-15T15:38:45.874Z",
"tags": [
"_rubyexception"
],
"logicalLibrary": "VLSTK10",
"type": "cta-taped"
}
so i want all the values to be integers...these are not the only fields..
my filter looks like this
filter {
ruby {
code => "
event.get('message').each {|key, value|
if value =~ /\A\d+\Z/
event.set(key, value.to_i)
end
}
"
}
}
filter {
mutate {
gsub => ["message", " msg='", " _nested='"]
}
kv {
source => "_nested"
remove_field => "_nested"
}
kv {remove_field => "message" }
}
what am i missing/doing wrong?
If the kv filter is creating the fields that you want to be integers then it has to be before the ruby filter that converts them.
If you are getting a _rubyexception tag then logstash will be logging an error message. What is that message?
hi @Badger
this is the error message
Ruby exception occurred: undefined method `each' for #<String:0x49b0e43> {:class=>"NoMethodError", :backtrace=>["(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash
-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.r
b:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `bl
ock in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/
compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
previously, the ruby code was after the kv filters but still got the same.
That is telling you that [message] is a string, not a hash, so you cannot use .each on it.
Thanks mate! Fixed it
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.