2
我有以下logstash配置:在logstash过滤条件使用Ruby变量
input { stdin { } }
output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}
filter {
ruby {
code => "
@@exists_pattern = ['foo', 'bar'].any?{ |pattern| event.get('message').include?(pattern) }
event.add('keep_line', @@exists_pattern)
"
}
if not [keep_line] { drop { } }
grok {
match => {
"message" => '%{IP:serverip} \[%{HTTPDATE:my_timestamp}\]'
}
}
date {
match => [ "my_timestamp", "dd/MMM/YYYY:HH:mm:ss Z"]
target => "@timestamp"
}
}
但是,当我尝试使用这个配置文件运行logstash我得到这个错误:
[ERROR][logstash.agent] Cannot create pipeline {:reason=>"Expected one of #, (at line 30, column 10 (byte 923) after filter {\n # grok...
我怎么能如何在if指令中使用在ruby代码块(事件['keep_line'])中设置的变量?