I have a field called 'path' which contains alinux filesystem path, and I'm trying to use ruby split to get the last and 3rd fields. These will be stored in two new fields called 'log_filename' and 'deployment' like this:
ruby {
code => "event.set('log_filename', event.get('path').split('/').last)"
code => "event.set('deployment', event.get('path').split('/')[2])"
}
Without the second line, this was working fine. With this line in, logstash won't start correctly. What did I do wrong?
Cannot create pipeline {:reason=>"Something is wrong with your configuration.", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/config/mixin.rb:89:inconfig_init'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:128:in initialize'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/logstash-filter-ruby-3.1.5/lib/logstash/filters/ruby.rb:48:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/filter_delegator.rb:21:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:110:inplugin'", "(eval):428:in initialize'", "org/jruby/RubyKernel.java:1079:ineval'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:75:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline.rb:165:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:296:in create_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:95:inregister_pipeline'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:313:in execute'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:67:inrun'", "/usr/share/logstash/logstash-core/lib/logstash/runner.rb:204:in run'", "/usr/share/logstash/vendor/bundle/jruby/1.9/gems/clamp-0.6.5/lib/clamp/command.rb:132:inrun'", "/usr/share/logstash/lib/bootstrap/environment.rb:71:in (root)'"]}