Unexpected tCONSTANT in Ruby Script

Kris_Felscher · November 8, 2023, 1:42pm

We have a ton (200+) of applications that are all logging to the same index. Because of this, we are seeing a few field type collisions that cause messages to get bounced (to the tune of approximately 26 million bounced events per day).

I put together a quick ruby script in our main processing pipeline to handle these fields:

ruby {
    code => '
        fields = ["container", "destination", "host", "process", "source", "url", "user"]

        fields.each { |f|
            if event.include? f && event.get(f).is_a? String
                event.set(f + "_val", event.get(f))
                event.remove(f)
            end
        }
    '
}

However, I'm getting the error:

(ruby filter code):6: syntax error, unexpected tCONSTANT\n...f && event.get(f).is_a? String\r\n

I'm sure this is something simple, but the black-box that is developing and debugging logstash pipelines has made it difficult for me, as I have a limited grasp of Ruby.

Can someone help out?

Badger · November 8, 2023, 4:22pm

Try

        if event.include? f and event.get(f).is_a? String
            event.set(f + "_val", event.remove(f))
        end

Kris_Felscher · November 8, 2023, 5:42pm

That worked! You are my hero

system · December 6, 2023, 5:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Ruby SyntaxError - unexpected tCONSTANT Logstash	2	1313	March 16, 2019
If conditions in Ruby code in Logstash Logstash	3	7432	July 6, 2017
Ruby string test Logstash	4	1549	July 6, 2017
Ruby Filter Syntax Logstash	5	1334	August 14, 2019
[SOLVED] [logstash 2.3] ruby error using event.get Logstash	3	1412	January 16, 2018

Unexpected tCONSTANT in Ruby Script

Related topics