Solved - Ruby exceptions - updating filter to new api

AtomicWerks · April 23, 2017, 10:48am

Hi. I'm very new to the ELK stack and trying to get my logstash config updated from 4.x to 5.x and I'm having a problem with my ruby filter.

I have already in the config:
>ruby {
code => "if event['event_type'] == 'fileinfo'; event['fileinfo']['type']=event['fileinfo']['magic'].to_s.split(',')[0]; end;"
}

I'm would like to update to the new api as I'm getting exceptions.

I have tried updating it ,but I have not used Ruby before and I am stuck. Could someone kindly help me.

Here is what I have currently:

ruby {
code => "if event.get('event_type') == "fileinfo"; event.set('[fileinfo][type]', event.get('[fileinfo][magic].to_s.split(',')[0]')); end;"
}

I am getting exception:

[ERROR][logstash.filters.ruby ] Ruby exception occurred : wrong number of arguments calling get (2 for 1)

Thank you in advance.

AtomicWerks · April 23, 2017, 4:56pm

Found the answer. Here is what I ended up with. If there is a better way, please do tell.
Thanks.

ruby {
code => "
if event.get('[event_type]') == 'fileinfo'
event.set('[fileinfo][type]', event.get('[fileinfo][magic]').to_s.split(',')[0])
end
"
}

system · May 21, 2017, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
_rubyexception when accessing 'event' array in ruby code Logstash	3	1679	July 6, 2017
[ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method `[]' for #<LogStash::Event:0x9a18b32> Logstash	3	890	May 6, 2021
Ruby exception occurred: -1 Logstash	10	1119	December 13, 2017
Logstash 5.0 :Ruby exception occurred Logstash	3	1491	July 6, 2017
Logstash 5 beta 1: Ruby exception occurred: undefined method `[]' Logstash	2	2364	July 6, 2017

Solved - Ruby exceptions - updating filter to new api

Related topics