[ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x9a18b32>

rumala · April 6, 2021, 8:38am

Hello experts,

I'm still learning about ELK. last week i set up my ELK lab. And I got error in my Logstash. I'm using logstash 7.5.1. I would like to parse through all fields of my Logstash and convert field starting with the word "time" to float. This is my configuration

    filter {
    date {
      match => [ "timestamp", "ISO8601" ]
    }
    ruby {
      code => "if event['event_type'] == 'fileinfo'; event['fileinfo']['type']=event['fileinfo']['magic'].to_s.split(',')[0]; end;"
    }
  if [src_ip]  {
    if ![geoip.ip] {
      if [src_ip]  {
        geoip {
          source => "src_ip"
          target => "geoip"
          add_field => [ "[geoip][coordinates]", "%{[geoip][longitude]}" ]
          add_field => [ "[geoip][coordinates]", "%{[geoip][latitude]}"  ]
        }
        mutate {
          convert => [ "[geoip][coordinates]", "float" ]
        }
      }
    }
  }
}

Any help would be great, as I have been stuck with this for the entire week.
Thanks

Cad · April 6, 2021, 10:36am

Hi,

To access to a field value in ruby filter, you have to do event.get("field_name")
To edit a field value in ruby filter, you have to do event.set("field_name", value)

Gad

rumala · April 8, 2021, 9:57am

Hi, thank you, it works for me now

system · May 6, 2021, 9:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.