Hello all,
i need some help, i can't get this working. I need to create a new file base on the sum of other three fields.
field1, field2, field3 are defined as float fields
ruby { code => "event['new_field'] =''" }
mutate {
convert => ["new_field", "float"]
}
ruby { code => "event['new_field'] = event['field1'] + event['field2'] + event['field3']" }
what am i doing wrong?
For a start you don't need the first ruby and the mutate filter. Creating an empty field and trying to convert it to float is unnecessary, as it gets overwritten immediately after that anyway. Furthermore you are using the wrong syntax to access the event fields (unless you are using a very old version of Logstash). Have a look at the Event API: https://www.elastic.co/guide/en/logstash/current/event-api.html
input {
generator {
lines => [
'{"field1": 1, "field2": 2, "field3": 3}'
]
count => 1
codec => "json"
}
}
filter {
ruby { code => 'event.set("new_field", event.get("field1") + event.get("field2") + event.get("field3"))' }
}
output {
stdout { codec => "rubydebug" }
}
OUTPUT
{
"field3" => 3,
"@version" => "1",
"host" => "MacBook-Pro.domain",
"new_field" => 6,
"@timestamp" => 2020-08-27T13:28:09.613Z,
"sequence" => 0,
"field2" => 2,
"field1" => 1
}
Thank you so much, works perfectly.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.