ruby/logstash noob here using ELK stack.
I got a bunch of fields
[Message][Detail][Readout][Value1]
[Message][Detail][Readout][Value2]
[Message][Detail][Readout][Value3]
which I want to loop through using ruby in the logstash config.
Then I want to perform a simple operation on each, for example change them from hex to decimal e.g.
event.set('[currField]', event.get('[currField]').to_s.hex);
but I cant find the correct syntax using google.. any help appreciated.
I know the names of the fields, so worst case I'll have to hard code them, but I'd like to avoid that if possible.
EDIT: i have not tested my config yet, so i dont know if "Readout" will be a hash map; im using grok filter to add the values in the config
"(?<[Message][Detail][Readout][Value1]>(?<=0x.{8})([A-F0-9]{2}))",
"(?<[Message][Detail][Readout][Value2]>(?<=0x.{8})([A-F0-9]{2}))"
etc
Pseudo:
event.get('[Message][Detail][Readout]') each { |k, v|
event[k] = newValue;
}
You would use .each to iterate over the [Message][Detail][Readout] hash. Your pseudo-code would set the values at the top-level. To overwrite them use
ruby {
code => '
readout = event.get("[Message][Detail][Readout]")
if readout
readout.each { |k, v|
event.set("[Message][Detail][Readout][#{k}]", v.to_s.hex)
}
end
'
}