Hey All,
I have a log format which looks like this.
I need to extract all the key value based pairs. My current configuration looks like:
filter{
if [message] =~ /^#/ {
drop {}
} else if [message] =~ /^\s*$/ {
drop {}
} else if [message] =~ /^[A-Za-z ]+:/ {
mutate { strip => [ "message" ] }
ruby {
init => '
@@data = {}
'
code => '
msg = event.get("message")
matches = msg.scan(/^([A-Za-z]+):(.*)/)
m = matches[0]
@@data[m[0]] = m[1]
'
}
drop{}
} else if [message] =~ /^[ 0-9]+/ {
mutate { strip => [ "message" ] }
grok { match => { "message" => '^[0-9]{1,}[.][ +](?<key>[^:]+):\s*%{GREEDYDATA:value}' } }
ruby {
code => '
@@data[key] = value
'
}
drop{}
} else if [message] =~ /^Speed/ {
ruby{
code => '
event.set("data", @@data)
'
}
} else {
drop{}
}
}
This results in a ruby exception [2019-05-22T12:11:00,169][ERROR][logstash.filters.ruby ] Ruby exception occurred: undefined method
' for nil:NilClass
`.
Any ideas or better solutions?