Naveen Rohatgi
2015-05-20 21:40:40 UTC
Hello,
I have a requirement to dynamically load the grok rules from a .yml file when an environment variable indicates a change in the rules file. I am planning to run log stash with a single filter thread, so the new filter may not be thread safe. I have tried but I keep getting the following error message when I call grok.register. I am currently testing with a single grok pattern in the 3 line yml file.
The error reported is:
can't modify frozen string
org/jruby/RubyString.java:2763:in `sub!'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok-pure.rb:124:in `compile'
org/jruby/RubyKernel.java:1521:in `loop'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok-pure.rb:91:in `compile'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok/pure/pile.rb:51:in `compile'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:277:in `register'
org/jruby/RubyArray.java:1613:in `each'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:275:in `register'
org/jruby/RubyHash.java:1339:in `each'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:266:in `register'
/home/seceon/logstash-1.4.0/logstash/filters/translate.rb:127:in `register'
org/jruby/RubyArray.java:1613:in `each'
The .yml file contents are
{
"Bad protocol version identification %{DATA:version} from %{IP:src_ip}": {
"classification": "suspect"
}
}
My code snippet is
....
@grok_filter = LogStash::Filters::Grok.new(
"pattern" => dictionary.keys
)
....
However, if I put the same string in the code, it works as following:
@grok_filter = LogStash::Filters::Grok.new(
"pattern" => "Bad protocol version identification %{DATA:version} from %{IP:src_ip}"
)
I understand I am trying to modify something immutable, but how to avoid it. Please help me. I am new to ruby & log stash.
Thanks,
Naveen
I have a requirement to dynamically load the grok rules from a .yml file when an environment variable indicates a change in the rules file. I am planning to run log stash with a single filter thread, so the new filter may not be thread safe. I have tried but I keep getting the following error message when I call grok.register. I am currently testing with a single grok pattern in the 3 line yml file.
The error reported is:
can't modify frozen string
org/jruby/RubyString.java:2763:in `sub!'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok-pure.rb:124:in `compile'
org/jruby/RubyKernel.java:1521:in `loop'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok-pure.rb:91:in `compile'
/home/seceon/logstash-1.4.0/vendor/bundle/jruby/1.9/gems/jls-grok-0.10.12/lib/grok/pure/pile.rb:51:in `compile'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:277:in `register'
org/jruby/RubyArray.java:1613:in `each'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:275:in `register'
org/jruby/RubyHash.java:1339:in `each'
/home/seceon/logstash-1.4.0/lib/logstash/filters/grok.rb:266:in `register'
/home/seceon/logstash-1.4.0/logstash/filters/translate.rb:127:in `register'
org/jruby/RubyArray.java:1613:in `each'
The .yml file contents are
{
"Bad protocol version identification %{DATA:version} from %{IP:src_ip}": {
"classification": "suspect"
}
}
My code snippet is
....
@grok_filter = LogStash::Filters::Grok.new(
"pattern" => dictionary.keys
)
....
However, if I put the same string in the code, it works as following:
@grok_filter = LogStash::Filters::Grok.new(
"pattern" => "Bad protocol version identification %{DATA:version} from %{IP:src_ip}"
)
I understand I am trying to modify something immutable, but how to avoid it. Please help me. I am new to ruby & log stash.
Thanks,
Naveen
--
Remember: if a new user has a bad time, it's a bug in logstash.
---
You received this message because you are subscribed to the Google Groups "logstash-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to logstash-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Remember: if a new user has a bad time, it's a bug in logstash.
---
You received this message because you are subscribed to the Google Groups "logstash-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to logstash-users+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.