logstash-filter-weblookup 0.1.0 → 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/filters/weblookup.rb +28 -12
  3. data/logstash-filter-weblookup.gemspec +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a1c310e4e0feb0bf4c56096f6e5bad6a720df01f4ebd66f868b5ddc97d0052c6
4
- data.tar.gz: 37b23ae97012cf03a00b9c07226da8ee51d363b546ad21978e3a4b795b68d597
3
+ metadata.gz: 2c96b1c02dc9936abcbed2834158d6df2d37b65423b92e0ddc0fb676b77c4b00
4
+ data.tar.gz: 49283b96b0ab8c0f00638c965897e01c0a6f29d8a413b7275bbe650c804849fb
5
5
  SHA512:
6
- metadata.gz: 8151672a15f02a90c590de31ded5968896e68b1e5aaf6809beae5e8f803629c749c5949dacd5c8c5a77fbceca847d40c74d7c4a5c6fd86c2e776b9085694dbbd
7
- data.tar.gz: b48a47c202874450f09d6d1e5390cf4ac123917ecf48283b4271e87b0eb31d19c1fd767b14cf9ef09299cd7a88ddc4bdf5e01305ddbdbe741ef4ff3787c0b4ca
6
+ metadata.gz: fba0a7b28e64f24b4cc9733a161a7a368579edc0f0de2317992ee530811c196d11bef2f8fc2a328745f7c9b7cb531748d27f4632486171659f3fecfb0c0f5f26
7
+ data.tar.gz: 50517ea043a5b254db9e74ffed413d2cdaf0f6b4c3bb3ee1ce3890288b69be7fc1bc9591b50fec9649f49b18d96b99fe6d3df73673194060bcba44f4ce51179f
data/lib/logstash/filters/weblookup.rb CHANGED
@@ -42,7 +42,11 @@ class LogStash::Filters::Webookup < LogStash::Filters::Base
42
42
  config :use_redis, :validate => :boolean, :required => false, :default => false
43
43
  config :redis_path, :validate => :string, :required => false
44
44
  config :redis_expiry, :validate => :number, :required => false, :default => 604800
45
+
46
+ # Optional simplify the message by moving a field to be the new root of the message
45
47
  config :normalize, :validate => :boolean, :required => false, :default => false
48
+ config :newroot, :validate => :string, :required => false
49
+ config :roottostrip, :validate => :string, :required => false
46
50
 
47
51
  HTTP_OPTIONS = {
48
52
  keep_alive_timeout: 300
@@ -68,6 +72,7 @@ def register
68
72
  @logger.error("Configuration error, there must be an equal amount of destinations and fields, defaulting to using the field as a root for the new values. e.g. if the lookup is done on the value of [\"ClientIP\"] the destination will be [\"ClientIP\"][\"Key\"]")
69
73
  destinations=fields
70
74
  end
75
+ # add case destination is empty to put the result in under the same field
71
76
  end
72
77
 
73
78
  # http connectionpool
@@ -79,7 +84,7 @@ def register
79
84
  # find the key where the value is <item>, otherwise just use the value
80
85
  @params = @uri.query_values(Hash)
81
86
  @params.each do |key, value|
82
- if value="\<item\>"
87
+ if value == "\<item\>"
83
88
  @ip=key
84
89
  @params.delete(key)
85
90
  logger.info("the ip key in the uri is #{@ip}")
@@ -107,6 +112,9 @@ def filter(event)
107
112
  event.set("["+destinations[index]+"]", json)
108
113
  end
109
114
  end
115
+ if @normalize
116
+ replant(event, @newroot)
117
+ end
110
118
  # filter_matched should go in the last line of our successful code
111
119
  filter_matched(event)
112
120
  end # def filter
@@ -152,29 +160,37 @@ def find(item)
152
160
  return res
153
161
  end
154
162
 
163
+ # for legacy
155
164
  def normalize(event)
156
- event.set("net", JSON.parse(net))
157
- event.get("[records][properties]").each {|k, v| event.set(k, v) }
158
- event.remove("[records]")
159
- event.remove("[message]")
160
- return event
165
+ event.set("net", JSON.parse(net))
166
+ event.get("[records][properties]").each {|k, v| event.set(k, v) }
167
+ event.remove("[records]")
168
+ event.remove("[message]")
169
+ return event
170
+ end
171
+
172
+ def replant(event, newroot)
173
+ @logger.debug("event: #{event.get(newroot)}")
174
+ event.get(newroot).each {|k, v| event.set(k, v) }
175
+ event.remove(@roottostrip)
176
+ return event
161
177
  end
162
178
 
163
179
  # From https://github.com/angel9484/logstash-filter-lookup
164
- def json_loader(data)
180
+ def json_loader(data)
165
181
  get_map.merge!(JSON.parse(File.read(data)))
166
- end
182
+ end
167
183
 
168
- def csv_loader(data)
184
+ def csv_loader(data)
169
185
  data = CSV.read(data).inject(Hash.new) do |acc, v|
170
186
  acc[v[0]] = v[1]
171
187
  acc
172
188
  end
173
189
  get_map.merge!(data)
174
- end
190
+ end
175
191
 
176
- def yml_loader(data)
192
+ def yml_loader(data)
177
193
  get_map.merge!(YAML.load_file(data))
178
- end
194
+ end
179
195
 
180
196
  end # class LogStash::Filters::Lookup
data/logstash-filter-weblookup.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-filter-weblookup'
3
- s.version = '0.1.0'
3
+ s.version = '0.1.1'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'This logstash filter plugin takes one or more fields and enriches with a lookup value from a list, redis cache or webservice'
6
6
  s.description = <<-EOF
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-weblookup
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jan Geertsma
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2019-05-13 00:00:00.000000000 Z
11
+ date: 2019-10-31 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement