Thank for giving such a detailed answer.
I was trying to execute the recommendations that you made but I have problem with one that I quoted, I get the this error in the logstash console:
[2019-09-27T09:18:55,622][ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `match' for nil:NilClass
/home/elastic-stack/logstash-7.3.2/vendor/bundle/jruby/2.5.0/gems/awesome_print-1.7.0/lib/awesome_print/formatters/base_formatter.rb:31: warning: constant ::Fixnum is deprecated
{
"ip_address" => "10.10.20.30",
"subcription-id" => 2147483650,
"session-id-num" => "35",
"tags" => [
[0] "_rubyexception"
],
"Statistic" => "memory-statistic",
"event-time" => "2019-09-12 13:13:30.290000+00:00",
"type" => "sandbox-out",
"@version" => "1",
"host" => "127.0.0.1",
"@timestamp" => 2019-09-27T07:18:54.868Z
I tried to look at the documentation for event API, where I found the event.set() and event.get()
and I can understand that with this command we are trying to filter out the xml only from the entire log.
Any help resolving this error would be appreciated.