Ruby filter in Logstash, how to pass parameters to external Ruby script

(Heckler Global Operation) #1

Hi everyone,
I'm preparing a Logstash configuration which use Grok to extract fields from incoming messages and Ruby to process those fields.

Below is a simple version of my configuration, I want to extract the Timestamp and Server values from the incoming messages, then pass those parameters to a Ruby script (named ruby_process.rb) via "script_params"

grok {
match => [ "message", "%{TIMESTAMP_ISO8601:timestamp}, %{WORD:server} %{WORD:state}" ]

ruby {
path => "E:\logstash-6.1.2\config\scripts\ruby_process.rb"
script_params => {

"server" => "event.get('server')"

"timestamp" => "event.get('timestamp')"

In ruby_process.rb, I read the Server and Timestamp params into Ruby variables

def register(params)
@server = params["server"]
@epoc = params["timestamp"]

But it just doesn't work, the value of @server is the literal string "event.get('server')", not the value itself. I have looked around the Google but found no example for this usecase

(Magnus B├Ąck) #2

However, what you're trying to do doesn't make sense. The script parameters are passed to the ruby filter's register function (as you've noticed) but that code is run when the pipeline starts up. At that point there is no event context so you can't possibly pass field values from an event.

If you really want to access field values in your ruby filter you can just access them via the event object straight in your code.

(Heckler Global Operation) #3

Thank you, I forgot that I can access the fields in the Filter method in Ruby script :slight_smile:

(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.