[ruby] filter configuration is invalid

Hello
I tried to create a ruby's filter to permit logging messaage only when I have mounted a partition. This is the conf file:
filter {
ruby {
code => 'if File.readlines("/proc/mounts").any?{ |line| line.split(' ')[0] != "/dev/drbd0" }
logger.info("drbd is not mounted. I drop every event")
event.cancel
end'
}
}
output {
if "wm" in [tags] {
file {
codec => line { format => "%{message}" }
path => "/drbd/web-logs/wm.log"
}
}
if "wm_pf" in [tags] {
file {
codec => line { format => "%{message}" }
path => "/drbd/promo-logs/wm_pf.log"
}
}
}

This is the log:
[2019-09-18T11:06:50,489][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}
[2019-09-18T11:06:55,367][INFO ][logstash.runner ] Logstash shut down.
[2019-09-18T11:07:18,494][INFO ][logstash.runner ] Starting Logstash {"logstash.version"=>"7.3.0"}
[2019-09-18T11:07:20,100][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message=>"Expected one of #, => at line 14, column 2 (byte 279) after filter {\n\truby {\n\t\tcode => 'if File.readlines("\/proc\/mounts").any?{ |line| line.split(' ')[0] != "\/dev\/drbd0" }\n\t\t\t\tlogger.info("drbd is not mounted. I drop every event")\n\t\t\t\tevent.cancel\n\t\t\tend'\n\t", :backtrace=>["/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:41:in compile_imperative'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:49:incompile_graph'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:11:in block in compile_sources'", "org/jruby/RubyArray.java:2577:inmap'", "/usr/share/logstash/logstash-core/lib/logstash/compiler.rb:10:in compile_sources'", "org/logstash/execution/AbstractPipelineExt.java:151:ininitialize'", "org/logstash/execution/JavaBasePipelineExt.java:47:in initialize'", "/usr/share/logstash/logstash-core/lib/logstash/java_pipeline.rb:24:ininitialize'", "/usr/share/logstash/logstash-core/lib/logstash/pipeline_action/create.rb:36:in execute'", "/usr/share/logstash/logstash-core/lib/logstash/agent.rb:325:inblock in converge_state'"]}
[2019-09-18T11:07:20,434][INFO ][logstash.agent ] Successfully started Logstash API endpoint {:port=>9600}

If I test from command line:
bin/logstash --path.settings="/etc/logstash/" -e "filter { ruby { code => ' if File.readlines("/proc/mounts").any?{ |line| line.split(' ')[0] != "/dev/drbd0" } event.cancel end' } }" -t
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.headius.backport9.modules.Modules (file:/usr/share/logstash/logstash-core/lib/jars/jruby-complete-9.2.7.0.jar) to field java.io.FileDescriptor.fd
WARNING: Please consider reporting this to the maintainers of com.headius.backport9.modules.Modules
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
Thread.exclusive is deprecated, use Thread::Mutex
Sending Logstash logs to /var/log/logstash which is now configured via log4j2.properties
[2019-09-18T11:10:12,516][WARN ][logstash.config.source.multilocal] Ignoring the 'pipelines.yml' file because modules or command line options are specified
[2019-09-18T11:10:13,106][FATAL][logstash.runner ] The given configuration is invalid. Reason: Expected one of #, => at line 3, column 126 (byte 201) after filter { ruby { code => ' if File.readlines(/proc/mounts).any?{ |line| line.split(' ')[0] != /dev/drbd0 } event.cancel end'
[2019-09-18T11:10:13,122][ERROR][org.logstash.Logstash ] java.lang.IllegalStateException: Logstash stopped processing because of an error: (SystemExit) exit

Please, can I help me?

Thank you

You should use double quotes or escape the single quotes here.

The error message is telling you it does not know what to do with the quoted string that follows the code option

')[0] != "/dev/drbd0" } ... end'

Resolved. This is the final configuration:
filter {
ruby {
code => '
if File.readlines("/proc/mounts").any?{ |line| line.split(" ")[0] == "/dev/drbd0" }
logger.info("drbd is mounted.");
else
logger.info("drbd is not mounted. I drop every event");
event.cancel;
end
'
}
}
output {
if "wm" in [tags] {
#elasticsearch {
# hosts => ["http://0.0.0.0:9200"]
# index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
# document_type => "%{[@metadata][type]}"
#}
file {
codec => line {
format => "%{message}"
}
path => "/drbd/web-logs/wm.log"
}
}
if "wm_pf" in [tags] {
#elasticsearch {
# hosts => ["http://0.0.0.0:9200"]
# index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
# document_type => "%{[@metadata][type]}"
#}
file {
codec => line {
format => "%{message}"
}
path => "/drbd/promo-logs/wm_pf.log"
}
}
}

Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.