Nested JSON data to Logstash

Elastic Stack Logstash
1

Hi
Can You point me out how to use data filter to making correct timestamp from file, below data (already prepared in JSON format)
timestamp should be taken from "collectionBeginTime" field.
Thanks for help

{
	"measFileHeader": {
		"fileFormotVersion": "1",
		"senderName": "Machine1",
		"senderType": "",
		"vendorName": "LB",
		"collectionBeginTime": "202112300935Z"
	},
	"measData": [
		{
			"nEId": {
				"nEUserName": "Proc1",
				"nEDistinguishedNome": ""
			},
			"measInfo": [
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT2.-.NNVALGBA": 0.0,
					"AUT2.-.NAUSGSYNFAI": 34.0,
					"AUT2.-.NNVALEPS": 0.0,
					"AUT2.-.NAUSCSYNFAI": 252.0,
					"AUT2.-.NQUIEPS": 159782.0,
					"AUT2.-.NAUHSBSSYNFAI": 0.0,
					"AUT2.-.NQUIGBA": 280.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUTHSUBS.-.SUBSTRIPL": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT.-.NAUTTRIPPRO": 3843.0,
					"AUT.-.NAUTPARREU": 0.0,
					"AUT.-.NAUREQQUINT": 440809.0,
					"AUT.-.NAUTPARSEN": 0.0,
					"AUT.-.NAUTPARMAP": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUCSUBS.-.NSUBSCNT": 0.0,
					"AUCSUBS.-.NUSUBSCNT": 0.0,
					"AUCSUBS.-.NGSUBSCNT": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"EVENTMAP.CANCLOC.NMAPTOT": 15935.0,
					"EVENTMAP.CANCLOC.NMAPFLT": 0.0,
					"EVENTMAP.CANCLOC.NMAPSUCC": 15934.0,
					"EVENTMAP.UPDALOC.NMAPTOT": 19137.0,
					"EVENTMAP.UPDALOC.NMAPSUCC": 19136.0				
				}
			]
		},
		{
			"nEId": {
				"nEUserName": "Proc2",
				"nEDistinguishedNome": ""
			},
			"measInfo": [
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT2.-.NNVALGBA": 0.0,
					"AUT2.-.NAUSGSYNFAI": 22.0,
					"AUT2.-.NNVALEPS": 0.0,
					"AUT2.-.NAUSCSYNFAI": 259.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUTHSUBS.-.SUBSTRIPL": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT.-.NAUTTRIPPRO": 3750.0,
					"AUT.-.NAUTPARREU": 0.0,
					"AUT.-.NAUREQQUINT": 441091.0,
					"AUT.-.NAUTPARSEN": 0.0


				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUCSUBS.-.NSUBSCNT": 0.0,
					"AUCSUBS.-.NUSUBSCNT": 0.0,
					"AUCSUBS.-.NGSUBSCNT": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"EVENTMAP.EVENTMAPCANCLOC.NMAPTOT": 15910.0,
					"EVENTMAP.CANCLOC.NMAPFLT": 0.0,
					"EVENTMAP.CANCLOC.NMAPSUCC": 15913.0,
					"EVENTMAP.UPDALOC.NMAPTOT": 19103.0				
				}
			]
		},
		{
			"nEId": {
				"nEUserName": "Proc3",
				"nEDistinguishedNome": ""
			},
			"measInfo": [
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT2.-.NNVALGBA": 0.0,
					"AUT2.-.NAUSGSYNFAI": 30.0,
					"AUT2.-.NNVALEPS": 0.0,
					"AUT2.-.NAUSCSYNFAI": 249.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUTHSUBS.-.SUBSTRIPL": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUT.-.NAUTTRIPPRO": 3728.0,
					"AUT.-.NAUTPARREU": 0.0,
					"AUT.-.NAUREQQUINT": 441032.0,
					"AUT.-.NAUTPARSEN": 0.0,
					"AUT.-.NAUTPARMAP": 0.0,
					"AUT.-.NAUTREQMAP": 0.0,
					"AUT.-.NFAUTPS": 440754.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"AUCSUBS.-.NSUBSCNT": 0.0,
					"AUCSUBS.-.NUSUBSCNT": 0.0,
					"AUCSUBS.-.NGSUBSCNT": 0.0
				},
				{
					"measStortTime": "202112300940Z",
					"gronularityPeriod": 300,
					"EVENTMAP.CANCLOC.NMAPTOT": 15727.0,
					"EVENTMAP.CANCLOC.NMAPFLT": 0.0,
					"EVENTMAP.CANCLOC.NMAPSUCC": 15729.0,
					"EVENTMAP.UPDALOC.NMAPTOT": 18818.0,
					"EVENTMAP.UPDALOC.NMAPSUCC": 18818.0,
					"EVENTMAP.UPDALOC.NMAPFLT": 0.0
				}
			]
		}
	],
	"measFileFooter": "202112300940Z"
}

my pipeline

input{
        file {
                codec => multiline { pattern => "^}" negate => true what => next max_lines => 20000 }
                        path => "/opt/data/input/test1.json"
                        sincedb_path => "/dev/null"
                        start_position => beginning
                        file_completed_action => "log"
                        file_completed_log_path => "/opt/data/logstash_files/fin_eir.log"
                        mode => read
        }
}


filter{
        mutate { gsub => ["message", "\n", ""] }
        json{ source => "message" }
date {
        match => ["collectionBeginTime", "yyyyMMddHHmmZ"]
        timezone => "Europe/Paris"
        target => "@timestamp"
            }

        mutate { remove_field => [ "measStortTime", "collectionBeginTime", "measFileFooter" ] }
        split{ field => "measData" }
 if "_jsonparsefailure" not in [tags] { mutate { remove_field => "message" }  }
}

output{
        stdout{ codec=>"rubydebug" }
}

and output

{
              "tags" => [
        [0] "multiline"
    ],
              "path" => "/opt/data/input/test1.json",
        "@timestamp" => 2022-11-14T21:29:36.077353Z,
              "host" => "0.0.0.0",
    "measFileHeader" => {
          "fileFormotVersion" => "1",
        "collectionBeginTime" => "202112300935Z",
                 "senderName" => "Machine1",
                 "vendorName" => "LB",
                 "senderType" => ""
    },
          "@version" => "1",
          "measData" => {
            "nEId" => {
                     "nEUserName" => "Proc1",
            "nEDistinguishedNome" => ""
        },
        "measInfo" => [
            [0] {
                   "gronularityPeriod" => 300,
                      "AUT2.-.NQUIGBA" => 280.0,
                  "AUT2.-.NAUSCSYNFAI" => 252.0,
                      "AUT2.-.NQUIEPS" => 159782.0,
                "AUT2.-.NAUHSBSSYNFAI" => 0.0,
                     "AUT2.-.NNVALGBA" => 0.0,
                  "AUT2.-.NAUSGSYNFAI" => 34.0,
                     "AUT2.-.NNVALEPS" => 0.0,
                       "measStortTime" => "202112300940Z"
            },
            [1] {
                   "gronularityPeriod" => 300,
                       "measStortTime" => "202112300940Z",
                "AUTHSUBS.-.SUBSTRIPL" => 0.0
            },
            [2] {
                "gronularityPeriod" => 300,
                "AUT.-.NAUREQQUINT" => 440809.0,
                 "AUT.-.NAUTPARSEN" => 0.0,
                "AUT.-.NAUTTRIPPRO" => 3843.0,
                    "measStortTime" => "202112300940Z",
                 "AUT.-.NAUTPARREU" => 0.0,
                 "AUT.-.NAUTPARMAP" => 0.0
            },
            [3] {
                "AUCSUBS.-.NUSUBSCNT" => 0.0,
                  "gronularityPeriod" => 300,
                "AUCSUBS.-.NGSUBSCNT" => 0.0,
                      "measStortTime" => "202112300940Z",
                 "AUCSUBS.-.NSUBSCNT" => 0.0
            },
            [4] {
                "EVENTMAP.CANCLOC.NMAPSUCC" => 15934.0,
                        "gronularityPeriod" => 300,
                 "EVENTMAP.UPDALOC.NMAPTOT" => 19137.0,
                 "EVENTMAP.CANCLOC.NMAPTOT" => 15935.0,
                "EVENTMAP.UPDALOC.NMAPSUCC" => 19136.0,
                            "measStortTime" => "202112300940Z",
                 "EVENTMAP.CANCLOC.NMAPFLT" => 0.0
            }
        ]
    }
}
{
              "tags" => [
        [0] "multiline"
    ],
              "path" => "/opt/data/input/test1.json",
        "@timestamp" => 2022-11-14T21:29:36.077353Z,
              "host" => "0.0.0.0",
    "measFileHeader" => {
          "fileFormotVersion" => "1",
        "collectionBeginTime" => "202112300935Z",
                 "senderName" => "Machine1",
                 "vendorName" => "LB",
                 "senderType" => ""
    },
          "@version" => "1",
          "measData" => {
            "nEId" => {
                     "nEUserName" => "Proc2",
            "nEDistinguishedNome" => ""
        },
        "measInfo" => [
            [0] {
                 "gronularityPeriod" => 300,
                "AUT2.-.NAUSCSYNFAI" => 259.0,
                   "AUT2.-.NNVALGBA" => 0.0,
                "AUT2.-.NAUSGSYNFAI" => 22.0,
                   "AUT2.-.NNVALEPS" => 0.0,
                     "measStortTime" => "202112300940Z"
            },
            [1] {
                   "gronularityPeriod" => 300,
                       "measStortTime" => "202112300940Z",
                "AUTHSUBS.-.SUBSTRIPL" => 0.0
            },
            [2] {
                "gronularityPeriod" => 300,
                "AUT.-.NAUREQQUINT" => 441091.0,
                 "AUT.-.NAUTPARSEN" => 0.0,
                "AUT.-.NAUTTRIPPRO" => 3750.0,
                    "measStortTime" => "202112300940Z",
                 "AUT.-.NAUTPARREU" => 0.0
            },
            [3] {
                "AUCSUBS.-.NUSUBSCNT" => 0.0,
                  "gronularityPeriod" => 300,
                "AUCSUBS.-.NGSUBSCNT" => 0.0,
                      "measStortTime" => "202112300940Z",
                 "AUCSUBS.-.NSUBSCNT" => 0.0
            },
            [4] {
                       "EVENTMAP.CANCLOC.NMAPSUCC" => 15913.0,
                               "gronularityPeriod" => 300,
                        "EVENTMAP.UPDALOC.NMAPTOT" => 19103.0,
                "EVENTMAP.EVENTMAPCANCLOC.NMAPTOT" => 15910.0,
                                   "measStortTime" => "202112300940Z",
                        "EVENTMAP.CANCLOC.NMAPFLT" => 0.0
            }
        ]
    }
}
{
              "tags" => [
        [0] "multiline"
    ],
              "path" => "/opt/data/input/test1.json",
        "@timestamp" => 2022-11-14T21:29:36.077353Z,
              "host" => "0.0.0.0",
    "measFileHeader" => {
          "fileFormotVersion" => "1",
        "collectionBeginTime" => "202112300935Z",
                 "senderName" => "Machine1",
                 "vendorName" => "LB",
                 "senderType" => ""
    },
          "@version" => "1",
          "measData" => {
            "nEId" => {
                     "nEUserName" => "Proc3",
            "nEDistinguishedNome" => ""
        },
        "measInfo" => [
            [0] {
                 "gronularityPeriod" => 300,
                "AUT2.-.NAUSCSYNFAI" => 249.0,
                   "AUT2.-.NNVALGBA" => 0.0,
                "AUT2.-.NAUSGSYNFAI" => 30.0,
                   "AUT2.-.NNVALEPS" => 0.0,
                     "measStortTime" => "202112300940Z"
            },
            [1] {
                   "gronularityPeriod" => 300,
                       "measStortTime" => "202112300940Z",
                "AUTHSUBS.-.SUBSTRIPL" => 0.0
            },
            [2] {
                "gronularityPeriod" => 300,
                    "AUT.-.NFAUTPS" => 440754.0,
                "AUT.-.NAUREQQUINT" => 441032.0,
                 "AUT.-.NAUTPARSEN" => 0.0,
                "AUT.-.NAUTTRIPPRO" => 3728.0,
                 "AUT.-.NAUTREQMAP" => 0.0,
                    "measStortTime" => "202112300940Z",
                 "AUT.-.NAUTPARREU" => 0.0,
                 "AUT.-.NAUTPARMAP" => 0.0
            },
            [3] {
                "AUCSUBS.-.NUSUBSCNT" => 0.0,
                  "gronularityPeriod" => 300,
                "AUCSUBS.-.NGSUBSCNT" => 0.0,
                      "measStortTime" => "202112300940Z",
                 "AUCSUBS.-.NSUBSCNT" => 0.0
            },
            [4] {
                "EVENTMAP.CANCLOC.NMAPSUCC" => 15729.0,
                        "gronularityPeriod" => 300,
                 "EVENTMAP.UPDALOC.NMAPTOT" => 18818.0,
                 "EVENTMAP.CANCLOC.NMAPTOT" => 15727.0,
                "EVENTMAP.UPDALOC.NMAPSUCC" => 18818.0,
                 "EVENTMAP.UPDALOC.NMAPFLT" => 0.0,
                            "measStortTime" => "202112300940Z",
                 "EVENTMAP.CANCLOC.NMAPFLT" => 0.0
            }
        ]
    }
}
2

I am also wondering how to flatten the structure for measinfo

3

ok I found the solution for date

  date {
        match => ["[measFileHeader][collectionBeginTime]", "yyyyMMddHHmmZ"]
        timezone => "Europe/Paris"
        target => "@timestamp"
            }

but how to work with nested measInfo?

4

[measInfo][0][measStortTime]
[measInfo][1][measStortTime]...

5

Hi thx @Rios Do You know how to flatten the structure for measinfo?

6

I've tried something like

vi pipeline_npdb.yml
                        sincedb_path => "/dev/null"
                        start_position => beginning
                        file_completed_action => "log"
                        file_completed_log_path => "/opt/data/logstash_files/fin_eir.log"
                        mode => read
        }
}


filter{
        mutate { gsub => ["message", "\n", ""] }
        json{ source => "message" }
        split{ field => "measFileHeader" }
        split{ field => "measData" }
        date {
        match => ["[measFileHeader][collectionBeginTime]", "yyyyMMddHHmmZ"]
        timezone => "Europe/Paris"
        target => "@timestamp"
            }
mutate { remove_field => [ "[measFileHeader][collectionBeginTime]", "[measData][measInfo][gronularityPeriod]", "[measData][measInfo][measStortTime]" ] }

        split {field => "measInfo" }

    ruby {
        code => '
            [ "measData", "measInfo" ].each { |field|
                event.get(field).each { |k, v|
                    event.set(k, v)
                }
                event.remove(field)
            }
        '
    }


 if "_jsonparsefailure" not in [tags] { mutate { remove_field => ["message", "measStortTime", "collectionBeginTime", "measFileFooter"] }  }
}

output{
        stdout{ codec=>"rubydebug" }
}

but it got errors

[WARN ] 2022-11-14 22:57:03.064 [[npdb]>worker0] split - Only String and Array types are splittable. field:measFileHeader is of type = Hash
[WARN ] 2022-11-14 22:57:03.067 [[npdb]>worker0] split - Only String and Array types are splittable. field:measInfo is of type = NilClass
[WARN ] 2022-11-14 22:57:03.067 [[npdb]>worker0] split - Only String and Array types are splittable. field:measInfo is of type = NilClass
[WARN ] 2022-11-14 22:57:03.067 [[npdb]>worker0] split - Only String and Array types are splittable. field:measInfo is of type = NilClass
[ERROR] 2022-11-14 22:57:03.068 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):5:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
[ERROR] 2022-11-14 22:57:03.069 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):5:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
[ERROR] 2022-11-14 22:57:03.070 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):5:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
{
              "nEId" => {
                 "nEUserName" => "Proc1",
        "nEDistinguishedNome" => ""
    },
              "path" => "/opt/data/input/test1.json",
        "@timestamp" => 2021-12-30T09:35:00Z,
          "measInfo" => [
        [0] {
               "gronularityPeriod" => 300,
                  "AUT2.-.NQUIGBA" => 280.0,
              "AUT2.-.NAUSCSYNFAI" => 252.0,
                  "AUT2.-.NQUIEPS" => 159782.0,
            "AUT2.-.NAUHSBSSYNFAI" => 0.0,
                 "AUT2.-.NNVALGBA" => 0.0,
              "AUT2.-.NAUSGSYNFAI" => 34.0,
                 "AUT2.-.NNVALEPS" => 0.0,
                   "measStortTime" => "202112300940Z"
        },
        [1] {
               "gronularityPeriod" => 300,
                   "measStortTime" => "202112300940Z",
            "AUTHSUBS.-.SUBSTRIPL" => 0.0
        },
        [2] {
            "gronularityPeriod" => 300,
            "AUT.-.NAUREQQUINT" => 440809.0,
             "AUT.-.NAUTPARSEN" => 0.0,
            "AUT.-.NAUTTRIPPRO" => 3843.0,
                "measStortTime" => "202112300940Z",
             "AUT.-.NAUTPARREU" => 0.0,
             "AUT.-.NAUTPARMAP" => 0.0
        },
        [3] {
            "AUCSUBS.-.NUSUBSCNT" => 0.0,
              "gronularityPeriod" => 300,
            "AUCSUBS.-.NGSUBSCNT" => 0.0,
                  "measStortTime" => "202112300940Z",
             "AUCSUBS.-.NSUBSCNT" => 0.0
        },
        [4] {
            "EVENTMAP.CANCLOC.NMAPSUCC" => 15934.0,
                    "gronularityPeriod" => 300,
             "EVENTMAP.UPDALOC.NMAPTOT" => 19137.0,
             "EVENTMAP.CANCLOC.NMAPTOT" => 15935.0,
            "EVENTMAP.UPDALOC.NMAPSUCC" => 19136.0,
                        "measStortTime" => "202112300940Z",
             "EVENTMAP.CANCLOC.NMAPFLT" => 0.0
        }
    ],
              "tags" => [
        [0] "multiline",
        [1] "_split_type_failure",
        [2] "_rubyexception"
    ],
7

Try this

8

@Badger Can You share Yours approach for nested "measFileHeader","measInfo", "nEId" field. How can I fix it?
this it the last version of my pipeline

input{
        file {
                codec => multiline { pattern => "^}" negate => true what => next max_lines => 20000 }
                        path => "/opt/data/input/test1.json"
                        sincedb_path => "/dev/null"
                        start_position => beginning
                        file_completed_action => "log"
                        file_completed_log_path => "/opt/data/logstash_files/fin_eir.log"
                        mode => read
        }
}


filter{
        mutate { gsub => ["message", "\n", ""] }
        json{ source => "message" }
        split{ field => "measData" }
        date {
        match => ["[measFileHeader][collectionBeginTime]", "yyyyMMddHHmmZ"]
        timezone => "Europe/Paris"
        target => "@timestamp"
            }
mutate { remove_field => [ "[measFileHeader][collectionBeginTime]", "[measData][measInfo][gronularityPeriod]", "[measData][measInfo][0][measStortTime]" ] }

    ruby {
        code => '
            event.get("[measData][nEId]").each { |k, v|
                event.set(k,v)
            }
            event.remove("[measData][nEId]")
        '
    }
ruby {
        code => '
            event.get("[measData][measInfo]").each { |k, v|
                event.set(k,v)
            }
            event.remove("[measData][measInfo]")
        '
    }

output

[ERROR] 2022-11-14 23:46:30.077 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
[ERROR] 2022-11-14 23:46:30.078 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
[ERROR] 2022-11-14 23:46:30.079 [[npdb]>worker0] ruby - Ruby exception occurred: no implicit conversion of Hash into String {:class=>"TypeError", :backtrace=>["(ruby filter code):4:in `block in filter_method'", "org/jruby/RubyArray.java:1821:in `each'", "(ruby filter code):3:in `block in filter_method'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:96:in `inline_script'", "/usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-filter-ruby-3.1.8/lib/logstash/filters/ruby.rb:89:in `filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:159:in `do_filter'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:178:in `block in multi_filter'", "org/jruby/RubyArray.java:1821:in `each'", "/usr/share/logstash/logstash-core/lib/logstash/filters/base.rb:175:in `multi_filter'", "org/logstash/config/ir/compiler/AbstractFilterDelegatorExt.java:134:in `multi_filter'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:300:in `block in start_workers'"]}
{
                   "path" => "/opt/data/input/test1.json",
    "nEDistinguishedNome" => "",
             "@timestamp" => 2021-12-30T09:35:00Z,
             "nEUserName" => "Proc1",
                   "tags" => [
        [0] "multiline",
        [1] "_rubyexception"
    ],
               "measData" => {
        "measInfo" => [
            [0] {
                   "gronularityPeriod" => 300,
                      "AUT2.-.NQUIGBA" => 280.0,
                  "AUT2.-.NAUSCSYNFAI" => 252.0,
                      "AUT2.-.NQUIEPS" => 159782.0,
                "AUT2.-.NAUHSBSSYNFAI" => 0.0,
                     "AUT2.-.NNVALGBA" => 0.0,
                  "AUT2.-.NAUSGSYNFAI" => 34.0,
                     "AUT2.-.NNVALEPS" => 0.0
            },
            [1] {
                   "gronularityPeriod" => 300,
                       "measStortTime" => "202112300940Z",
                "AUTHSUBS.-.SUBSTRIPL" => 0.0
            },
            [2] {
                "gronularityPeriod" => 300,
                "AUT.-.NAUREQQUINT" => 440809.0,
                 "AUT.-.NAUTPARSEN" => 0.0,
                "AUT.-.NAUTTRIPPRO" => 3843.0,
                    "measStortTime" => "202112300940Z",
                 "AUT.-.NAUTPARREU" => 0.0,
                 "AUT.-.NAUTPARMAP" => 0.0
            },
            [3] {
                "AUCSUBS.-.NUSUBSCNT" => 0.0,
                  "gronularityPeriod" => 300,
                "AUCSUBS.-.NGSUBSCNT" => 0.0,
                      "measStortTime" => "202112300940Z",
                 "AUCSUBS.-.NSUBSCNT" => 0.0
            },
            [4] {
                "EVENTMAP.CANCLOC.NMAPSUCC" => 15934.0,
                        "gronularityPeriod" => 300,
                 "EVENTMAP.UPDALOC.NMAPTOT" => 19137.0,
                 "EVENTMAP.CANCLOC.NMAPTOT" => 15935.0,
                "EVENTMAP.UPDALOC.NMAPSUCC" => 19136.0,
                            "measStortTime" => "202112300940Z",
                 "EVENTMAP.CANCLOC.NMAPFLT" => 0.0
            }
        ]
    },
                   "host" => "0.0.0.0",
         "measFileHeader" => {
        "fileFormotVersion" => "1",
               "vendorName" => "LB",
               "senderName" => "Machine1",
               "senderType" => ""
    },
               "@version" => "1"
}

this is root cause
ruby - Ruby exception occurred: no implicit conversion of Hash into String

9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.