Hi. I'm very new to the ELK stack and trying to get my logstash config updated from 4.x to 5.x and I'm having a problem with my ruby filter.
I have already in the config:
>ruby {
code => "if event['event_type'] == 'fileinfo'; event['fileinfo']['type']=event['fileinfo']['magic'].to_s.split(',')[0]; end;"
}
I'm would like to update to the new api as I'm getting exceptions.
I have tried updating it ,but I have not used Ruby before and I am stuck. Could someone kindly help me.
Here is what I have currently:
ruby {
code => "if event.get('event_type') == "fileinfo"; event.set('[fileinfo][type]', event.get('[fileinfo][magic].to_s.split(',')[0]')); end;"
}
I am getting exception:
[ERROR][logstash.filters.ruby ] Ruby exception occurred : wrong number of arguments calling
get(2 for 1)
Thank you in advance.