2
我有以下logstash配置:在logstash過濾條件使用Ruby變量
input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
filter {
ruby {
code => "
@@exists_pattern = ['foo', 'bar'].any?{ |pattern| event.get('message').include?(pattern) }
event.add('keep_line', @@exists_pattern)
"
}
if not [keep_line] { drop { } }
grok {
match => {
"message" => '%{IP:serverip} \[%{HTTPDATE:my_timestamp}\]'
}
}
date {
match => [ "my_timestamp", "dd/MMM/YYYY:HH:mm:ss Z"]
target => "@timestamp"
}
}
但是,當我嘗試使用這個配置文件運行logstash我得到這個錯誤:
[ERROR][logstash.agent] Cannot create pipeline {:reason=>"Expected one of #, (at line 30, column 10 (byte 923) after filter {\n # grok...
我怎麼能如何在if指令中使用在ruby代碼塊(事件['keep_line'])中設置的變量?