github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 22:57:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

- Anonymize search results by replacing known hostname patterns.

Browse source
This commit is contained in:
Jordan Sissel 2010-11-14 11:31:55 +00:00
parent d3843d19ef
commit 5d6977d05f
1 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
web/lib/elasticsearch.rb
View file

@ -2,6 +2,7 @@
require "em-http-request" require "em-http-request"
require "logstash/namespace" require "logstash/namespace"
require "logstash/logging" require "logstash/logging"
require "logstash/event"
module LogStash::Web; end module LogStash::Web; end
class LogStash::Web::ElasticSearch class LogStash::Web::ElasticSearch
@ -43,6 +44,25 @@ class LogStash::Web::ElasticSearch
#headers req.response_header #headers req.response_header
data = JSON.parse(req.response) data = JSON.parse(req.response)
data["duration"] = Time.now - start_time data["duration"] = Time.now - start_time
# TODO(sissel): Plugin-ify this (Search filters!)
require "digest/md5"
data["hits"]["hits"].each do |hit|
event = LogStash::Event.new(hit["_source"])
event.to_hash.each do |key, value|
next unless value.is_a?(String)
value.gsub!(/[^ ]+\.loggly\.net/) { |match| "loggly-" + Digest::MD5.hexdigest(match)[0..6] + ".example.com"}
end
event.fields.each do |key, value|
value = [value] if value.is_a?(String)
next unless value.is_a?(Array)
value.each do |v|
v.gsub!(/[^ ]+\.loggly\.net/) { |match| Digest::MD5.hexdigest(match)[0..6] + ".example.com" }
end # value.each
end # hit._source.@fields.each
end # data.hits.hits.each
@logger.info(["Got search results", @logger.info(["Got search results",
{ :query => params[:q], :duration => data["duration"]}]) { :query => params[:q], :duration => data["duration"]}])
@logger.info(data) @logger.info(data)