Reputation: 600
logstash config loop through fields
ruby/logstash noob here using ELK stack.
I got a bunch of fields
[Message][Detail][Readout][Value1]
[Message][Detail][Readout][Value2]
[Message][Detail][Readout][Value3]
which I want to loop through using ruby in the logstash config.
Then I want to perform a simple operation on each, for example change them from hex to decimal e.g.
event.set('[currField]', event.get('[currField]').to_s.hex);
but I cant find the correct syntax using google.. any help appreciated.
I know the names of the fields, so worst case I'll have to hard code them, but I'd like to avoid that if possible.
EDIT: i have not tested my config yet, so i dont know if "Readout" will be a hash map; im using grok filter to add the values in the config
"(?<[Message][Detail][Readout][Value1]>(?<=0x.{8})([A-F0-9]{2}))",
"(?<[Message][Detail][Readout][Value2]>(?<=0x.{8})([A-F0-9]{2}))"
etc
Pseudo:
event.get('[Message][Detail][Readout]') each { |k, v|
event[k] = newValue;
}
Upvotes: 3
Views: 2995
Answers (1)
Reputation: 4072
You would use .each to iterate over the [Message][Detail][Readout] hash. Your pseudo-code would set the values at the top-level. To overwrite them use
ruby {
code => '
readout = event.get("[Message][Detail][Readout]")
if readout
readout.each { |k, v|
event.set("[Message][Detail][Readout][#{k}]", v.to_s.hex)
}
end
'
}
Upvotes: 2
Related Questions
- logstash converting ruby code to logstash filters
- How to access / address nested fields on Logstash
- Logstash extracting and customizing field with grok and ruby
- Ruby script in Logstash
- Simple ruby filter in Logstash
- Use ruby variable in logstash filter condition
- Loop through nested json in logstash with ruby
- execute ruby as pipeline input for logstash
- Using Logstash Ruby filter to parse csv file
- Logstash: Handling a Configuration File for a Filter