Logstash红宝石过滤器和事件字段
[英]Logstash ruby filter and event fields
问题描述
I am trying to capture IP address field from incoming logstash event and pass it on to a shell script to compare against a static black list. 
我正在尝试从传入的logstash事件中捕获IP地址字段,并将其传递给Shell脚本以与静态黑名单进行比较。 The issue is, I am able to print the IP addr using puts but not able to capture to pass it on to system() call in ruby filter. 问题是,我能够使用puts打印IP地址,但无法捕获以将其传递给ruby过滤器中的system()调用。 Here is my sample config. 这是我的示例配置。
I am using logstash 2.0 我正在使用Logstash 2.0
Sample input = {"name":"xyz", "source_ip":"8.8.8.8"}
input {
stdin {
codec => json
}
}
filter {
ruby {
code => "
# puts event['source_ip'] # This always works
ip = event['source_ip']
system('echo ${ip}') # This echoes ${ip} instead of value !
"
}
}
I also tried ' echo #${ip} ' but it just prints 0 . 我也尝试过' echo #${ip} ',但是它只显示0 。
1 个解决方案
解决方案1
0 2016-03-04 10:06:45
Instead of system('echo ${ip}') use below syntax to run shell commands: 使用以下语法而不是system('echo ${ip}')来运行Shell命令:
puts `echo #{ip}`
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.