class LogStash::Filters::ApiHammerRequest

Public Instance Methods

filter(event) click to toggle source
# File lib/logstash/filters/api_hammer_request.rb, line 16
def filter(event)
  # discard the request status line for humans - always followed by json which we'll parse
  col = /[\e\[\dm]*/.source
  #               begin  direction     status        method      path             time      end
  human_request = [/\A/, /[<>]/, /\s/, /\d+/, / : /, /\w+/, / /, /[^\e]+/, / @ /, /[^\e]+/, /\z/].map(&:source).join(col)
  event.cancel if event[@source] =~ /#{human_request}/

  begin
    parsed_message = JSON.parse(event[@source])
    if @consume
      # replace the source with a brief human-readable message
      bound = parsed_message['bound']
      dir = role == 'inbound' ? '<' : role == 'outbound' ? '>' : '*'
      status = parsed_message['response'] && parsed_message['response']['status']
      request_method = parsed_message['request'] && parsed_message['request']['method']
      request_uri = parsed_message['request'] && parsed_message['request']['uri']
      now_s = Time.now.strftime('%Y-%m-%d %H:%M:%S %Z')
      event[@source] = "#{dir} #{status} : #{request_method} #{request_uri} @ #{now_s}"
    end
  rescue JSON::ParserError
    nil
  end

  if parsed_message
    if parsed_message.is_a?(Hash)
      event.to_hash.update(parsed_message)
      if parsed_message['processing'].is_a?(Hash) && parsed_message['processing']['began_at'].is_a?(Integer)
        event['@timestamp'] = Time.at(parsed_message['processing']['began_at']).utc
      end
    else
      event['parsed_message'] = parsed_message
    end
  end
end
register() click to toggle source
# File lib/logstash/filters/api_hammer_request.rb, line 12
def register
end