External Ruby Script to enrich multiple Fields

muraliv · May 29, 2020, 12:43pm

Hi All,

I am currently enriching 4 fields using translate filter. I would like to know if it's possible to create an external ruby script with the following code.

Here is a code for one such field.

         translate {
            field => "[destinationHostName]"
            destination => "[@metadata][key_exists]"
            dictionary_path => "/u/elasticStack/data/enrich.csv"
            fallback => "normal"
            refresh_interval => 1
         }
         if [@metadata][key_exists] != "normal" {
            dissect {
               mapping => {
                  "[@metadata][key_exists]" => "%{category}~%{comment}~%{priority}~%{type}~%{eventid}"
               }
            }
            mutate {
               strip => ["comment"]
            }
            mutate {
              add_field => { "event_description" => "Event %{category}: %{destinationHostName}  %{priority}. event id %{eventid}, Comment: %{comment}" }
            }
         }

Thanks
Murali

system · June 26, 2020, 12:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Running a Ruby external script to enrich event Logstash	3	1008	February 23, 2018
External Ruby, more than one value in a hash Logstash	4	479	January 20, 2021
New Plugin: logstash-filter-augment - Enhance your events from external data files Logstash	10	1436	March 6, 2017
Ruby Script Adds a New Field to LS Data Record? Logstash	5	562	May 1, 2020
Decode and Add derived/custom fields Logstash	2	266	July 13, 2020

External Ruby Script to enrich multiple Fields

Related topics