I'm going to declare and call grok filter from inside a ruby filter like this:
ruby {
code => "@grok = LogStash::Filters::Grok
@grok.new(event.get("message"), "\d+")
#call grok plugin for this pipleline
"
}
What's the correct parameter for grok's initializing method, and how to build that? Because Logstash gives this error with 2 parameters:
Ruby exception occurred: wrong number of arguments (given 2, expected 1)
Also, how to add the created grok filter to the pipeline after initializing that? And make sure this grok filter, with this specific pattern, ONLY processes this event? (every event should have its specific grok)
Thanks, I was testing different aspects of this case, so it took time to post the reply here.
Any way, here's the summarized method from what @Badger mentioned in previous post; to initiate and use grok filter plugin (or any other filter generally):
init section:
initialize
@grok_filter = LogStash::Filters::Grok.new(
"match" => { "message" => "PATTERN" },
"tag_on_failure" => ["_grokparsefailure"]
# .... and literally any other config option you'd pass into grok plugin in filter pipeline
)
Register @grok_filter.register
code section:
Utilize @grok_filter.filter(event)
However, I faced a relevant new issue which will post in another topic. Thank you @Badger
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.