stackoom
  简体   繁体   中英

How to add a ruby code inside of the logstash config file?

 原文  2018-03-21 10:35:50       ruby/ elasticsearch/ logstash/ elastic-stack

Question

I try to send logs to windows event by using logstash. After added some ruby code;it is created below error.How can I send logs to windoes event? 


input {
  file {
    type => "json"
    path => ["C:/Temp/logs/*.json"]
    start_position => "beginning"
    codec => "json"
    discover_interval => 120
    stat_interval => 60
    sincedb_write_interval => 60
    close_older => 60
  }
}
filter {
mutate {
    remove_field => [ "path" ] 

}
   ruby {
      code => "
           require 'win32/eventlog'
logger = Win32::EventLog.new
logger.report_event(:event_type => Win32::EventLog::INFO, :data => "a test event log entry")
        "
        }
   }
}
output {
    stdout {
        codec => rubydebug
    }



    elasticsearch {
       hosts => ["http://loguser:xxxx@192.158.5.84:333"]
       index => "logstash-%{+YYYY.MM}"
    }
}

Error: 


[2018-03-20T09:51:28,629][ERROR][logstash.agent           ] Cannot create pipeline {:reason=>"Expected one of #, {, } at line 23, column 75 (byte 464) after filter {\nmutate {\n    remove_field => [ \"path\" ] \n\n}\n   ruby {\n     init => \" require 'win32/eventlog' \n\t \"\n     code => \"\n      logger = Win32::EventLog.new\n      logger.report_event(:event_type => Win32::EventLog::INFO, :data => \""}

1 answers

solution1
 2 ACCPTED  2018-03-21 11:06:48

As you can tell from the syntax highlighting in your question, there is an issue with the double quotes you are using. Pay close attention to the black letters in the code block: 

"
require 'win32/eventlog'
logger = Win32::EventLog.new
logger.report_event(:event_type => Win32::EventLog::INFO, :data => "a test event log entry")
"

You are wrapping the code block in double quotes, but are also using them to define the string in the event: "a test event log entry" . The first quote for the string ends the code block, and LogStash reports a syntax error, because it expected you to close the instruction with a } .

You can also see this in the error message, where it reports the value as the data attribute as a single double quote: :data => \\" .

Try wrapping the string in single quotes: 'a test event log entry' to fix this issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add dynamic code/ruby code inside .conf file logstash - use ruby code inside of a filter How to set field in Logstash as “not_analyzed” using Logstash config file How to add file extension inside of url with ruby Function in ruby code Logstash Logstash - Calculate duration with ruby code Ruby code in logstash failing with _rubyexception Config file, logstash ruby filter event.get(“message”).match() Error Ruby on Rails: Can you put Ruby code in a YAML config file? How to write complex code inside the XLS file on ruby on rails
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM