How to add new field under logstash filter with ruby?

Asked Oct 24 '16 at 07:52

Active Oct 24 '16 at 08:25

Viewed 1,186 times

I need help on how to add new field via ruby under a filter, and finally output it to a file. Can anyone advise me ? Thank You.

input {
  file {
    type => "syslog"

    path => "/opt/logstash/log/dns.log"
    start_position => beginning
    sincedb_path => "/dev/null"             
  }

}

filter {
    ruby {
    code => "
        if event['type'] == 'syslog' 
            event['newfield'] = 'NewInfoCreated'
        end 
        "
    }
}

output {
       file {
           path => "/opt/logstash/testing.txt"
          codec => line { format => "custom format: %{message}"}
       }
}

The input of dns.log will be like following:

<blink>
{"ts":"2016-10 24T02:01:28.334052Z","uid":"CILq5k2MLCUYeBZJgd","id.orig_h":"10.17.103.224","id. orig_p":53362,"id.resp_h":"172.18.24.115"} 
</blink>

edited Oct 24 '16 at 08:25

asked Oct 24 '16 at 07:52

user647527

What happens when you run that code? Also, why not use mutate->add_field? – Alain Collins Oct 24 '16 at 15:33
@Alain Collins, I would like to overwrite some value under a field under ruby. Why ruby? It`s because i calling redis server and return me a value. Thank You – user647527 Oct 25 '16 at 02:10

How to add new field under logstash filter with ruby?

0 Answers0