Exception in filter permanently stop logstash (for at least one input)
Description
Gliffy Diagrams
Activity
Show:
Henrik Feldt January 14, 2014 at 3:50 PM
Btw, here's the filter:
I might be wrong that it's the EventLog's SeverityValue, it might be a different field
It seems that when you have a filter with a mutate that in turn has a doubly nested rename target, e.g. mutate { rename => [ "ProcessName", "[eventlog][process_name]" ] }, then you get exceptions if the incoming json_lines-encoded message contains that property/field and its value is a Number (in JSON) instead of a string.
Below is a listing of the stack-trace and relevant code.
It seems that we can reliably reproduce the crash below if we let the mutate stanza work on a string with double backslashes:
Stacktrace
[no further events]
event.rb
fieldreference.rb