Solved - Ruby exceptions - updating filter to new api


(Atomic Werks) #1

Hi. I'm very new to the ELK stack and trying to get my logstash config updated from 4.x to 5.x and I'm having a problem with my ruby filter.

I have already in the config:
>ruby {
code => "if event['event_type'] == 'fileinfo'; event['fileinfo']['type']=event['fileinfo']['magic'].to_s.split(',')[0]; end;"
}

I'm would like to update to the new api as I'm getting exceptions.

I have tried updating it ,but I have not used Ruby before and I am stuck. Could someone kindly help me.

Here is what I have currently:

ruby {
code => "if event.get('event_type') == "fileinfo"; event.set('[fileinfo][type]', event.get('[fileinfo][magic].to_s.split(',')[0]')); end;"
}

I am getting exception:

[ERROR][logstash.filters.ruby ] Ruby exception occurred : wrong number of arguments calling get (2 for 1)

Thank you in advance.


(Atomic Werks) #2

Found the answer. Here is what I ended up with. If there is a better way, please do tell.
Thanks.

ruby {
code => "
if event.get('[event_type]') == 'fileinfo'
event.set('[fileinfo][type]', event.get('[fileinfo][magic]').to_s.split(',')[0])
end
"
}


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.