lib/logstash/codecs/cloudtrail.rb in logstash-codec-cloudtrail-3.0.4 vs lib/logstash/codecs/cloudtrail.rb in logstash-codec-cloudtrail-3.0.5
- old
+ new
@@ -26,10 +26,22 @@
disableApiTermination = event['requestParameters'].delete('disableApiTermination')
event['requestParameters']['disableApiTermination']= {"value" => disableApiTermination}
end
end
+ substitute_invalid_ip_address(event)
+
yield LogStash::Event.new(event)
end
end # def decode
+
+ # Workaround for https://github.com/logstash-plugins/logstash-codec-cloudtrail/issues/20
+ # API calls from support will fill the sourceIpAddress with a hostname string instead of an ip
+ # address.
+ def substitute_invalid_ip_address(event)
+ source_ip_address = event["sourceIpAddress"]
+ if source_ip_address && source_ip_address !~ Resolv::IPv4::Regex && source_ip_address !~ Resolv::IPv6::Regex
+ event["sourceHost"] = event.delete("sourceIpAddress")
+ end
+ end
end # class LogStash::Codecs::CloudTrail