Using Ruby to count the number of fields in a message, then apply CSV depending on the count?

sdberts · April 22, 2019, 4:26pm

I have logs coming from dozens of servers, and two different appliance versions, both of which are in comma-separated format.

In one version, there are 73 fields; in the other, there are 93 fields. I need to be able to count the number of fields in each message, then apply the CSV filter+column names depending on the count. My thinking would be to split the message by commas, then counting the fields.

How would this be accomplished using Ruby? Something like this:

filter {
ruby {
#Pseudo code
code => "if count of event.['message'].split(",") == 73: apply these column names;
else if count of event.['message'].split(",") == 93: apply these column names"
}
}

Badger · April 22, 2019, 4:48pm

You can count the fields using ruby

ruby { code => 'event.set("[@metadata][fields]", 1 + event.get("message").count(","))' }
if [@metadata][fields] == 73 {
     csv { ... }
} else {
     csv { ... }
}

system · May 20, 2019, 4:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Count the number of rows(lines) in a CSV file Logstash	1	741	July 16, 2020
How to add count value to each csv value in logstash Logstash	1	233	April 27, 2021
Can I attach a messages byte-count as a metadata field? Logstash	7	2003	July 6, 2017
Count length of field / number of characters in a field and add the result into a new field Logstash	9	9605	January 1, 2019
Ruby code to generate fields dynamically based on csv Logstash	3	281	July 15, 2022

Using Ruby to count the number of fields in a message, then apply CSV depending on the count?

Related Topics