logstash eve

ELK/logstash

logstash eve_odd

파아랑새 2020. 6. 17. 22:05

json file ==============================================================

{"num": 11}
{"num": 12}
{"num": 13}
{"num": 14}
{"num": 15}
{"num": 16}

ruby file ==============================================================

def register( params )
    #empty
end

def filter( event )
    remainder = event.get("remainder")
    if remainder == 0
        event.set("num_result", "even_number")
        return [ event ]
    else
        event.set("num_result", "odd_number" )
        return [ event ]
    end
end

logstash conf ==============================================================

input {

    file {
        path           => "/home/kimjh/Desktop/ruby_proj/stu_01.dir/1050.json"
        codec          => "json"
        start_position => "beginning"
        sincedb_path   => "/dev/null"
    }
}

filter {

    ruby {
        code => 'remainder = event.get("num")%2;
                 event.set("remainder", remainder)'
    }

    ruby {
        path => "/home/kimjh/Desktop/ruby_proj/stu_01.dir/1050.rb"
    }

    mutate {
        remove_field => ["@timestamp", "@version", "host", "path", "remainder"]
    }
}

output {

    stdout {
        codec => rubydebug
    }
}

결과 ==============================================================