I having a data like
status,id
0,A
2,B
3,C
A,D
B,E
6,N
Based on status value need to add one more field and insert good,bad in new field if status is even number then new field value is good else status is alphabet and odd number than new field value is bad
Used this code in filter(using logstash 5.0)
ruby {
code => "if event.get('status') % 2 ==0 event.set('STATUS', "Good") else event.set('STATUS', "Bad")"
}
But not able to fulfill can u guys please help on this is this possible
And can you please provide me the ruby filter reference doc link for further use.
The status field is obviously a string field so you can't just use % on it. You have to convert it to an integer first, but that conversion will of course fail if the field doesn't contain an integer so you'd have to deal with that. If the number is always a single digit then things get very easy:
Thanks for your swift reply but i will have more than one digit some times so done like
grok{
match => { "status" => "%{INT:num}"}
}
mutate{
convert => {"num" => "integer" }
}
ruby {
code => 'event.get("num") % 2 == 0 ? event.set("STATUS", "Good") : event.set("STATUS", "Bad")'
}
#failure when it is alphabet then can make as bad
if "_grokparsefailure" in [tags]{
mutate{
add_field => { "STATUS" => "Bad" }
}
About ruby filter i didn't see much in elastic documentation can you share me the link where can i find it.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.