Ruby filter used for reading modified time of file

CDR · July 21, 2017, 3:04pm

Hello community,

I am currently trying to use the ruby filter to get the modified time of the file I am reading. I want to store the modified time in mtime. This is my first time using ruby so I am sort of lost. Here is my code:

if [type] == "test" {
	ruby {
		code => 'event.set("modified_time", File.mtime("path"))'
	}
}

It gives me an error of:

Ruby exception occurred: No such file or directory - path

In elasticsearch the 'path' is:

C:/ELK-Stack_windows/user_files/data/multiline/file.prn

Unsure as to why it is giving me this error since the file exists in that location.

Thanks!

paz · July 24, 2017, 10:38am

The error is because you cannot directly reference event values (much like you can't assign a value and you have to use a .set method, as you already do). This should work

if [type] == "test" {
	ruby {
		code => 'event.set("modified_time", File.mtime(event.get("path")))'
	}
}

system · August 21, 2017, 10:38am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Get current time using ruby filter in logstash Logstash	9	7854	July 18, 2017
[ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x9a18b32> Logstash	3	890	May 6, 2021
Index CSV Timestamp Logstash	7	341	March 3, 2023
Getting date stamp from file properties Logstash	10	4611	July 6, 2017
Read a date of a file to add this property in Logstash to send a ElasticSearch Logstash	3	243	July 26, 2023

Ruby filter used for reading modified time of file

Related topics