Logstash系列： ruby拦截器的使用

最新推荐文章于 2022-12-21 10:35:25 发布

NIO4444

最新推荐文章于 2022-12-21 10:35:25 发布

阅读量1.4k

点赞数 1

分类专栏： Logstash

本文链接：https://blog.csdn.net/VIP099/article/details/106196057

版权

Logstash 专栏收录该内容

29 篇文章 1 订阅

订阅专栏

直接执行ruby：code

filter {
ruby {

id => "id_ruby_filepath"
code => "if event.get('log')['file'] then event.set('filepath',event.get('log')['file']['path'] ) end"
}
}

数组

filter {
ruby {

id => "id_ruby_filepath"
code => " Array[''].each{ |item| if event.get('name') and event.get('name').include?term then event.set('name','Tom' ) end } "
}
}

外部脚本：path

filter {
      ruby {
# Cancel 90% of events
path => "/etc/logstash/drop_percentage.rb"
script_params => { "percentage" => 0.9 }
      }
    }

脚本demo

# the value of `params` is the value of the hash passed to `script_params`
# in the logstash configuration
def register(params)
	@drop_percentage = params["percentage"]
end

# the filter method receives an event and must return a list of events.
# Dropping an event means not including it in the return array,
# while creating new ones only requires you to add a new instance of
# LogStash::Event to the returned array
def filter(event)
	if rand >= @drop_percentage
		return [event]
	else
		return [] # return empty array to cancel event
	end
end

# the value of `params` is the value of the hash passed to `script_params`
# in the logstash configuration
def register(params)
@drop_percentage = params["percentage"]
end

def filter(event)

event_test = LogStash::Event.new

begin
event_test.set("name",event.get("name"))

return [event_test]

rescue

event_test.set("name",event.get("name"))

return [event_test]

end
end