anschel 0.7.3 → 0.7.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/anschel/filter/index.rb +1 -1
- data/lib/anschel/filter/scan.rb +10 -30
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4243a8ea1706a7d89742f3fc2619813abaebc93a
|
4
|
+
data.tar.gz: dd9a1019095647303b35f700b5d18fb452ed03a1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cb875d015a3c158a7e460d6e8e2f80e3401f2c5ee2ddf92cd9fff04f5b06a9c81feb1b6b187391d16edc361ec88fe898b1a34e7222a529994765324cd477da64
|
7
|
+
data.tar.gz: d01dc8314c0f622510c8f4698a9694dfe0136869b846bc212fc23f938c665f25569665f99ad03e2d6e137c097bbc4c7672866c255e1aa51b4c2f0a0ee38e50c3
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.7.
|
1
|
+
0.7.4
|
data/lib/anschel/filter/index.rb
CHANGED
data/lib/anschel/filter/scan.rb
CHANGED
@@ -33,42 +33,22 @@ module Anschel
|
|
33
33
|
|
34
34
|
|
35
35
|
lambda do |event|
|
36
|
-
unless event.has_key? field
|
36
|
+
unless event.has_key?(field) && event[field]
|
37
37
|
stats.inc 'filter-scan-skipped'
|
38
38
|
return event
|
39
39
|
end
|
40
40
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
# contents still intact. If you have a
|
50
|
-
# better solution, please contact me!
|
51
|
-
end
|
52
|
-
error = false
|
53
|
-
rescue StandardError
|
41
|
+
results = event[field].scan(match).flatten.uniq.map do |s|
|
42
|
+
s.reverse.reverse # N.B. There seems to be some issue with the "scan"
|
43
|
+
# function in JRuby wherein the matches are
|
44
|
+
# shared across threads or somehow mangled.
|
45
|
+
# The reverse.reverse here ensures that we
|
46
|
+
# create a new object with the original
|
47
|
+
# contents still intact. If you have a
|
48
|
+
# better solution, please contact me!
|
54
49
|
end
|
55
50
|
|
56
|
-
if
|
57
|
-
log.error \
|
58
|
-
event: 'scan-filter-error',
|
59
|
-
reason: 'could not scan event',
|
60
|
-
field: field,
|
61
|
-
pattern: pattern,
|
62
|
-
target: target,
|
63
|
-
raw_event: event
|
64
|
-
stats.inc 'filter-scan-error'
|
65
|
-
if error_tag
|
66
|
-
event[:tags] ||= []
|
67
|
-
event[:tags] << error_tag
|
68
|
-
end
|
69
|
-
event
|
70
|
-
|
71
|
-
elsif results.empty?
|
51
|
+
if results.empty?
|
72
52
|
stats.inc 'filter-scan-nomatch'
|
73
53
|
event
|
74
54
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: anschel
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Sean Clemmer
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-11-18 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|