anschel 0.7.3 → 0.7.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 33258b6272ac12c4e79d883b7873e7761f146a17
-  data.tar.gz: 2a59719c8edb8ed8ec68f9557e8bef9e2a72ac67
+  metadata.gz: 4243a8ea1706a7d89742f3fc2619813abaebc93a
+  data.tar.gz: dd9a1019095647303b35f700b5d18fb452ed03a1
 SHA512:
-  metadata.gz: 93f7b00498705412f448b5de0061f2d9b4cccb3b93c5d219a9215c3470bfa9b82cc000b991344fd8ff303d73d581c57ee36ce02b5db4032a0dfa96e17474d2d0
-  data.tar.gz: b479aeb6a569169ed0811e7f7f6143a451c692d72f1e0a023c3478bcad9350234f21612ffa005710fe85015bd2f213965bc51f09bf0237012f729ee242db4297
+  metadata.gz: cb875d015a3c158a7e460d6e8e2f80e3401f2c5ee2ddf92cd9fff04f5b06a9c81feb1b6b187391d16edc361ec88fe898b1a34e7222a529994765324cd477da64
+  data.tar.gz: d01dc8314c0f622510c8f4698a9694dfe0136869b846bc212fc23f938c665f25569665f99ad03e2d6e137c097bbc4c7672866c255e1aa51b4c2f0a0ee38e50c3

data/VERSION

@@ -1 +1 @@
-0.7.3
+0.7.4

data/lib/anschel/filter/index.rb

@@ -72,7 +72,7 @@ module Anschel
           prefix: prefix,
           suffix: suffix,
           format: format,
-          raw_event: event.inspect
+          raw_event: event
 
         if error_tag
           event[:tags] ||= []

data/lib/anschel/filter/scan.rb

@@ -33,42 +33,22 @@ module Anschel
 
 
       lambda do |event|
-        unless event.has_key? field
+        unless event.has_key?(field) && event[field]
           stats.inc 'filter-scan-skipped'
           return event
         end
 
-        error = true
-        begin
-          results = event[field].scan(match).flatten.uniq.map do |s|
-            s.reverse.reverse # N.B. There seems to be some issue with the "scan"
-                              #      function in JRuby wherein the matches are
-                              #      shared across threads or somehow mangled.
-                              #      The reverse.reverse here ensures that we
-                              #      create a new object with the original
-                              #      contents still intact. If you have a
-                              #      better solution, please contact me!
-          end
-          error   = false
-        rescue StandardError
+        results = event[field].scan(match).flatten.uniq.map do |s|
+          s.reverse.reverse # N.B. There seems to be some issue with the "scan"
+                            #      function in JRuby wherein the matches are
+                            #      shared across threads or somehow mangled.
+                            #      The reverse.reverse here ensures that we
+                            #      create a new object with the original
+                            #      contents still intact. If you have a
+                            #      better solution, please contact me!
         end
 
-        if error
-          log.error \
-            event: 'scan-filter-error',
-            reason: 'could not scan event',
-            field: field,
-            pattern: pattern,
-            target: target,
-            raw_event: event
-          stats.inc 'filter-scan-error'
-          if error_tag
-            event[:tags] ||= []
-            event[:tags] << error_tag
-          end
-          event
-
-        elsif results.empty?
+        if results.empty?
           stats.inc 'filter-scan-nomatch'
           event
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: anschel
 version: !ruby/object:Gem::Version
-  version: 0.7.3
+  version: 0.7.4
 platform: ruby
 authors:
 - Sean Clemmer
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-10-21 00:00:00.000000000 Z
+date: 2015-11-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement