Unable to create new document/event in logstash Ruby filter using yield

Elastic Stack Logstash
1

I am trying to calculate elapsed time between the first and last line of a file using a Ruby filter and push the field in a new event using the below Ruby filter

ruby {
		init => "@save_the_path = 'none'"
		code => "
			if event.get('path') == @save_the_path
				@save_the_lasttimestamp = event.get('@timestamp')
			else
				if @save_the_firsttimestamp
					generated = LogStash::Event.new(
						{'reqtime' => @save_the_lasttimestamp - @save_the_firsttimestamp,
						 'path' => @save_the_path
						})
					new_event_block.call(generated)
					yeild generated
				end
				@save_the_firsttimestamp = event.get('@timestamp')
				@save_the_path = event.get('path')
			end
			"
	}

I am expecting above ruby filter to create a new event as soon as logstash receives a new file. But it is not working as expected. Am I doing it in the right way?

P.S.: I was able to do this in Aggregate filter but would like to do this in Ruby as I need to do few other operations in Ruby

Any help is highly appreciated. Thanks in advance

2

Your code says yeild, not yield. But that shoudn't even be necessary, as new_event_block.call(generated) should send the new event already: https://www.elastic.co/guide/en/logstash/current/plugins-filters-ruby.html#_inline_ruby_code (I've done that myself in the past without yield)

3

@Jenni

I removed the yield and yeah it worked perfectly fine :grinning:

Thanks a ton!

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.