Class: LogStash::Filters::Scan

Inherits:

Base

Object
Base
LogStash::Filters::Scan

show all

Defined in:: lib/logstash/filters/scan.rb

Overview

Scan arbitrary text for regex matches.

Use this filter to scan a field for regex matches and save those matches to a target field. Note that the regular expression you provide must be a regular Ruby Regexp without Grok patterns.

Instance Method Summary collapse

#filter(event) ⇒ Object
#initialize(params) ⇒ Scan constructor

A new instance of Scan.
#register ⇒ Object

Constructor Details

#initialize(params) ⇒ `Scan`

Returns a new instance of Scan.



29
30
31

# File 'lib/logstash/filters/scan.rb', line 29

def initialize params
  super params
end

Instance Method Details

#filter(event) ⇒ `Object`

# File 'lib/logstash/filters/scan.rb', line 40

def filter event
  return unless filter?(event)

  results = []
  @patterns.each do |field, regex|
    event_field = event[field].to_s
    event_field = event_field.join if event_field.is_a? Array
    results    += event_field.to_s.scan(regex)
  end

  results = results.flatten.uniq
  unless results.empty?
    event[@target] ||= []
    event[@target]  += results
    filter_matched(event)
  end
end

#register ⇒ `Object`

# File 'lib/logstash/filters/scan.rb', line 33

def register
  @patterns = Hash.new { |h,k| h[k] = [] }
  @match.each do |field, pattern|
    @patterns[field] = Regexp.new(pattern)
  end
end