How to add a ruby code inside of the logstash config file?

I try to send logs to windows event by using logstash. After added some ruby code;it is created below error.How can I send logs to windows event?

input {
file {
type => "json"
path => ["C:/Temp/logs/*.json"]
start_position => "beginning"
codec => "json"
discover_interval => 120
stat_interval => 60
sincedb_write_interval => 60
close_older => 60
}
}
filter {
mutate {
remove_field => [ "path" ]

}
ruby {
code => "
require 'win32/eventlog'
logger = Win32::EventLog.new
logger.report_event(:event_type => Win32::EventLog::INFO, :data => "a test event log entry")
"
}
}
}
output {
stdout {
codec => rubydebug
}

elasticsearch {
   hosts => ["http://loguser:xxxx@192.158.5.84:333"]
   index => "logstash-%{+YYYY.MM}"
}

}

Error:

[2018-03-20T09:51:28,629][ERROR][logstash.agent           ] Cannot create pipeline {:reason=>"Expected one of #, {, } at line 23, column 75 (byte 464) after filter {\nmutate {\n    remove_field => [ \"path\" ] \n\n}\n   ruby {\n     init => \" require 'win32/eventlog' \n\t \"\n     code => \"\n      logger = Win32::EventLog.new\n      logger.report_event(:event_type => Win32::EventLog::INFO, :data => \""}

You can't have double quotes in your Ruby code if you're using double quotes as the delimiter for the code block. Replace "a test event log entry" with 'a test event log entry'.

Actually, I am trying to send logs to windows events. is it possible by using code what I wrote down.

I don't know if the win32/eventlog gem will be available to you, but if it is I suppose it should work. But why ask me when you can try it out yourself?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.