Sha256: 40c0696c95b6cd2fcd456dd1f6219198e4834410da8c87531bc31c10216d27f8
Contents?: true
Size: 983 Bytes
Versions: 9
Compression:
Stored size: 983 Bytes
Contents
# {
# "scan": {
# "field": "",
# "pattern": "",
# "target": ""
# }
# }
module Anschel
class Filter
def scan conf, log
field = conf.delete :field
pattern = Regexp.new conf.delete(:pattern)
target = conf.delete :target
raise 'Missing required "field" for "scan" filter' if field.nil?
raise 'Missing required "pattern" for "scan" filter' if pattern.nil?
raise 'Missing required "target" for "convert" filter' if target.nil?
field = field.to_sym
target = target.to_sym
log.debug event: 'compiled-filter', filter: 'scan', \
field: field, pattern: pattern, target: target
lambda do |event|
return event unless event.has_key? field
results = event[field].scan(pattern).flatten.uniq
if results.empty?
event
else
event[target] ||= []
event[target] += results
filtered event, conf
end
end
end
end
end
Version data entries
9 entries across 9 versions & 1 rubygems