Hi Logstash Jedi Masters,
I’m building my first Logstash service. I want my filter to be able to do a little processing based on the data flowing through LS.
My LS setup is pretty basic. Here’s my LS config file, simplified for this post:
input {
kafka {
...stuff here...
}
}
filter {
ruby {
# Send all events to an external Ruby script:
path => "/home/me/ruby_scripts/myScript.rb"
}
}
output {
elasticsearch{
...stuff here...
}
}
Pretty simple. The problem is, when “myScript.rb” is called, I need it to actually look inside the event object and do some basic processing on the data inside. Here’s the script:
#!/usr/bin/env ruby
def filter(event)
puts "myScript.rb :: I got an event! Data is: "+event.getData()
return [event]
end
Obviously this doesn’t work, because I don’t understand much about that Logstash event object. I’ve looked it up (here) and it looks like the object is just a wrapper for another embedded data object called a ConvertedMap:
public Event()
{
this.metadata = new ConvertedMap(10);
this.data = new ConvertedMap(10);
this.data.putInterned(VERSION, VERSION_ONE);
this.cancelled = false;
setTimestamp(Timestamp.now());
}
I’m assuming the ConvertedMap is defined here…? And this, in turn, is a child class of IdentityHashMap, defined here?
And here you can see my problem. I know that when data is pulled into Logstash, that data is passed to my Ruby script as an event object. But I never defined the interior of the event object. Is there some way of determining what it is? And how I can access the actual data LS is passing along to ElasticSearch? Are there any tutorials anyone could recommend?
Thanks!