Hi im trying to use a ruby script outside the logstash conf, the ruby secction in the conf is outside the filter, hostgroup on grok is the field of interest, it can be variable, somethimes has one hostgroup, sometimes 3, sometimes X.
the log is this one:
02/04/20 17:03:13 ['V.Errazuriz', 'V.Errazuriz-Network', 'Auto Discovery']
this is the filter
filter {
if [application] == "2uptime" {
grok {
match => {"message" => "%{DATA:fecha} %{TIME:hora} \[%{DATA:hostgroup}\]" }
}
}
this is the path to the external script
ruby {
path => "/etc/logstash/conf.d/rubyparse.rb"
script_params => {
"source_field" => "hostgroup"
}
}
And this is my external script,
def register(params)
@source_field = params["source_field"]
end
def filter(event)
#add separated string in to an array
h = event.get("@source_field").split(",")
#delete the single quotes surrounding the strings
hgn = h.map{ |n| n.delete_prefix("'").delete_suffix("'") }
if hgn then
hgn.each_index { |i|
event.set("hgname_#{i+1}", hgn[i])
}
return [event]
end
but this rows me an error.
is map method usable in logstahs? inside his library
how the processed data comes back to the conf from the ruby script
I understand the how to pass the value to the external script,