Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x1f8ee438

Jaikumar_Ganesan · April 17, 2020, 1:18pm

I'm using logstash 7.5.1. I would like to parse through all fields of my logstash and convert field starting with the word "time" to float. Please find below my configuration:

filter {
  # Parse Search Logs
  grok {
    match => [ "message", "%{USERNAME:trans_id} %{USERNAME:trans_name} %{USERNAME:sub_trans_name} %{BASE16FLOAT:time_elapsed} %{USERNAME:trans_status} %{GREEDYDATA:payload}" ]
  }

  # Extract the time based on the time of the query and
  # not the time the item got logged
  #date {
  #  match => [ "timestamp", "yyyy-MM-dd HH:mm:ss.SSSSSS" ]
  #}

  # Drop the captured timestamp field since it has been moved to the
  # time of the event and drop user1 which are unwanted fields
  #mutate {
  #  remove_field => [ "timestamp" ]
  #}

  mutate {
    add_field => { "%{sub_trans_name}_trans_status" => "%{trans_status}" }
    add_field => { "%{sub_trans_name}_payload" => "%{payload}" }
    add_field => { "time_elapsed_%{sub_trans_name}" => "%{time_elapsed}" }
    remove_field => [ "sub_trans_name", "trans_status", "payload" ]
  }

  ruby {
    code => "
      event.to_hash.keys.each { |k|
        if k.start_with?('time') and event[k].is_a?(String)
          event[k] = event[k].to_float
        end
     }
   "
  }

}

I get Ruby exception occurred: undefined method `' for #<LogStash::Event:0x1f8ee438 when i try to parse logs:
Sample Log: 980f884e7a2f11 search pre-process 0.622 1 {question: hello}

Any help would be great, as I have been stuck with this for the entire day.

Badger · April 17, 2020, 2:13pm

The ability to refer to an event as a hash was removed years ago. You need to use the event API.

Jaikumar_Ganesan · April 17, 2020, 2:39pm

Thanks a lot @Badger I'm a bit new to ruby could you please help me out as to how to loop through fields or how to change the data type of fields starting with the word time?

Badger · April 17, 2020, 2:50pm

Change that to

event.set(k, event.get(k).to_f)

Jaikumar_Ganesan · April 17, 2020, 4:04pm

@Badger

  ruby {
    code => "
      event.to_hash.keys.each { |k|
        if k.start_with?('time') and event[k].is_a?(String)
          event.set(k, event.get(k).to_f)
        end
    }
  "
}

This is my code, it still throws ruby exception - Ruby exception occurred: undefined method `'

Badger · April 17, 2020, 5:06pm

You still have a reference to event[k]. I would rewrite that as

  event.to_hash.each { |k, v|
    if k.start_with?('time') and v.is_a?(String)
      event.set(k, v.to_f)
    end
}

Jaikumar_Ganesan · April 18, 2020, 2:25am

@Badger Oops sorry dint notice that, thanks a lot to have noticed it. Works now

system · May 16, 2020, 2:25am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x9a18b32> Logstash	3	889	May 6, 2021
Logstash 5 beta 1: Ruby exception occurred: undefined method `[]' Logstash	2	2364	July 6, 2017
Ruby exception occurred: undefined method `[]' for #<LogStash Logstash	4	1046	December 19, 2020
Logstash 5.0 :Ruby exception occurred Logstash	3	1491	July 6, 2017
_rubyexception when accessing 'event' array in ruby code Logstash	3	1679	July 6, 2017

Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x1f8ee438

Related Topics