I'm going to declare and call grok filter from inside a ruby filter like this:

ruby {
	code => "@grok = LogStash::Filters::Grok
			 @grok.new(event.get("message"), "\d+")

			 #call grok plugin for this pipleline
			"
}

What's the correct parameter for grok's initializing method, and how to build that? Because Logstash gives this error with 2 parameters:

Ruby exception occurred: wrong number of arguments (given 2, expected 1)

Also, how to add the created grok filter to the pipeline after initializing that? And make sure this grok filter, with this specific pattern, ONLY processes this event? (every event should have its specific grok)

The syslog filter shows how to call a grok filter from ruby.

Thanks, I was testing different aspects of this case, so it took time to post the reply here.
Any way, here's the summarized method from what @Badger mentioned in previous post; to initiate and use grok filter plugin (or any other filter generally):

init section:

1. initialize

@grok_filter = LogStash::Filters::Grok.new(
        "match" => { "message" =>  "PATTERN" },
        "tag_on_failure" => ["_grokparsefailure"]
#        .... and literally any other config option you'd pass into grok plugin in filter pipeline
  )

2. Register
   @grok_filter.register

code section:

3. Utilize
   @grok_filter.filter(event)

However, I faced a relevant new issue which will post in another topic. Thank you @Badger

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.