Hi all
I use ruby web call inside a logstash filter in order to enrich log data. I call a URL with the content of an existing field and I would like to put the response into a new field. The code works and I can find the field with propper content, but the resulting field is not mapped according to Kibana. And yes, I did the reload. But the field is also not shown in Kibana - settings - index pattern -fields.
The field I'm talking about is called greycode_verdict.
Here the relevant part of my logstash filter:
ruby {
init => "
require 'net/http'
"
code => "
sha256hash = event.get('[sha256]')
uri = URI.parse('http://greycode:42042/' + sha256hash)
response = Net::HTTP.get_response(uri)
if response.code == '200'
result = response.body
event.set('[greycode_verdict]', result)
else
event.set('[greycode_verdict]', 'ERROR reaching greycode web service')
end
"
}
I tried to add the field in front of the ruby part with
add_field => {"greycode_verdict" => "no verdict yet"}
but I guess I'm misinterpreting the problem...
Thanks for your help