Logstash 7.3. ruby undefined method split

jimmyvalmer19 · August 26, 2019, 1:31pm

Hi,
I don't know how to use the filebeat fields listed here:
https://www.elastic.co/guide/en/beats/filebeat/current/exported-fields-log.html
In logstash.

I need to extract the application name from "log.file.path" field

This is how I see "log.file.path" in Kibana

/home/elk/sample_logs/bdp/hive/hadoop-cmf-hive-HIVESERVER2-cv38x072-internal.sos.kb.cz.log.out

where "hive" is the application name i wan't work with.

This has worked in Logstash 6.8:
ruby {
code => "event.set('app_name',event.get('source').split('/')[-2])"
}

Now with logstash 7.3. it gives an ERROR:
/elastic/log/logstash/logstash-plain.log:[2019-08-26T13:08:52,098][ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `split' for nil:NilClas

Badger · August 26, 2019, 1:39pm

You are trying to split [source] but you are saying the path is in [log][file][path].

jimmyvalmer19 · August 26, 2019, 1:46pm

I'm seing log.file.path field in Kibana and it contains the data I need.

Before upgrading To Logstash 7.3. i used this
ruby {
code => "event.set('app_name',event.get('source').split('/')[-2])"
}

But now it's not working, so I need to figure out, how to get the data now.

Badger · August 26, 2019, 1:53pm

kibana and logstash have different ways of representing fields inside objects. If the log object contains a field called file then kibana will call it log.file, but in logstash that is referenced using [log][file].

jimmyvalmer19 · August 26, 2019, 2:00pm

thank's a lot for help!

system · September 23, 2019, 2:00pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.