can somebody help me, how can is fix this, this code below is used in logstash configmap?
input {
gelf {
host => "0.0.0.0"
port => 12201
rb => |
def self.coerce_timestamp(timestamp)
timestamp.is_a?(BigDecimal) ? LogStash::Timestamp.at(timestamp.to_i, timestamp.frac * 1000000)
: LogStash::Timestamp.at(timestamp)
end
}
http {
ssl => false
host => "0.0.0.0"
port => 8080
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 5010
}
udp {
host => "0.0.0.0"
port => 5000
}
}
filter {
if [parentId] =~ "0" {
mutate {
replace => {
"parentId" => "0"
}
}
}
if [parentId] =~ /^0/ {
mutate {
replace => {
"parentId" => "0"
}
}
}
if [parentId] == 0 {
mutate {
replace => {
"parentId" => "0"
}
}
}
}
output {
elasticsearch {
hosts => "elastic-elasticsearch.elk.svc.cluster.local:9200"
user => "elastic"
password => "Avitech"
# manage_template => false
index => "logstash-%{+YYYY.MM.dd}"
}
stdout{}
}
error message:
[2024-04-30T14:02:37,082][ERROR][logstash.agent ] Failed to execute action {:action=>LogStash::PipelineAction::Create/pipeline_id:main, :exception=>"LogStash::ConfigurationError", :message ││ =>"Expected one of [ \\t\\r\\n], \"#\", [A-Za-z0-9_-], '\"', \"'\", [A-Za-z_], \"-\", [0-9], \"[\", \"{\" at line 5, column 11 (byte 68) after input {\n gelf {\n host => \"0.0.0.0\"\n port => ││ 12201\n rb => ", :backtrace=>["/opt/bitnami/logstash/logstash-core/lib/logstash/compiler.rb:32:in `compile_imperative'", "org/logstash/execution/AbstractPipelineExt.java:189:in `initialize'", "o ││ rg/logstash/execution/JavaBasePipelineExt.java:72:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/logstash/java_pipeline.rb:48:in `initialize'", "/opt/bitnami/logstash/logstash-core/lib/l ││ ogstash/pipeline_action/create.rb:52:in `execute'", "/opt/bitnami/logstash/logstash-core/lib/logstash/agent.rb:388:in `block in converge_state'"]} ││ [2024-04-30T14:02:37,263][INFO ][logstash.runner ] Logstash shut down. ││ [2024-04-30T14:02:37,286][FATAL][org.logstash.Logstash ] Logstash stopped processing because of an error: (SystemExit) exit
logstash is getting me this error, i have no idea, whats is wrong, logstash is running in kubernetes as a pod
I tried everything,and i have no idea, where could be problem :(
Any ideas??
I think the problem is the rb section in the gelf input plugin. It does not support ruby code directly.
I suggest kindly moving ruby code outside of the logstash and reference the file from logstash itself.
An example would be:
# custom.rb
def coerce_timestamp(timestamp)
timestamp.is_a?(BigDecimal) ? LogStash::Timestamp.at(timestamp.to_i, timestamp.frac * 1000000) : LogStash::Timestamp.at(timestamp)
end
gelf {
host => "0.0.0.0"
port => 12201
rb => "/path/to/custom.rb"
rb_func => "coerce_timestamp"
}