Sha256: 6d88331d521c8fc2faf83093610a3eaa3bfb1c1a9e83f26fddcd5c0b0199c229
Contents?: true
Size: 1.72 KB
Versions: 1
Compression:
Stored size: 1.72 KB
Contents
# {
# "scan": {
# "field": "",
# "pattern": "",
# "target": ""
# }
# }
module Anschel
class Filter
def scan conf, stats, log
field = conf.delete :field
pattern = Regexp.new conf.delete(:pattern)
target = conf.delete :target
raise 'Missing required "field" for "scan" filter' if field.nil?
raise 'Missing required "pattern" for "scan" filter' if pattern.nil?
raise 'Missing required "target" for "convert" filter' if target.nil?
field = field.to_sym
target = target.to_sym
stats.create 'filter-scan'
stats.get 'filter-scan'
stats.create 'filter-scan-skipped'
stats.get 'filter-scan-skipped'
stats.create 'filter-scan-nomatch'
stats.get 'filter-scan-nomatch'
stats.create 'filter-scan-error'
stats.get 'filter-scan-error'
log.trace event: 'filter-compiled', kind: 'scan', \
field: field, pattern: pattern, target: target
lambda do |event|
unless event.has_key? field
stats.inc 'filter-scan-skipped'
return event
end
begin
results = event[field].scan(pattern).flatten.uniq
rescue StandardError
log.trace \
event: 'scan-filter-error',
reason: 'could not scan event',
field: field,
pattern: pattern,
target: target,
raw_event: event
stats.inc 'filter-scan-error'
return event
end
if results.empty?
stats.inc 'filter-scan-nomatch'
event
else
event[target] ||= []
event[target] += results
stats.inc 'filter-scan'
filtered event, conf
end
end
end
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| anschel-0.7.0 | lib/anschel/filter/scan.rb |