Merging funct filter in fingerprint filter

lib/logstash/filters/fingerprint.rb

@@ -20,7 +20,7 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
   config :key, :validate => :string
 
   # Fingerprint method
-  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "UUID"], :required => true, :default => 'SHA1'
+  config :method, :validate => ['SHA1', 'SHA256', 'SHA384', 'SHA512', 'MD5', "MURMUR3", "IPV4_NETWORK", "UUID", "PUNCT"], :required => true, :default => 'SHA1'
 
   # When set to true, we concatenate the values of all fields into 1 string like the old checksum filter.
   config :concatenate_sources, :validate => :boolean, :default => false
@@ -37,6 +37,8 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
         class << self; alias_method :anonymize, :anonymize_murmur3; end
       when "UUID"
         require "securerandom"
+      when "PUNCT"
+        # nothing required
       else
         require 'openssl'
         @logger.error("Key value is empty. Please fill in an encryption key") if @key.nil?
@@ -47,29 +49,36 @@ class LogStash::Filters::Fingerprint < LogStash::Filters::Base
   public
   def filter(event)
     return unless filter?(event)
-    if @method == "UUID"
+    case @method
-      event[@target] = SecureRandom.uuid
+      when "UUID"
-    else
+        event[@target] = SecureRandom.uuid
-      if @concatenate_sources 
+      when "PUNCT"
-        to_string = ''
+        @source.sort.each do |field|
-        @source.sort.each do |k|
-          @logger.debug("Adding key to string")
-          to_string << "|#{k}|#{event[k]}"
-        end
-        to_string << "|"
-        @logger.debug("String built", :to_checksum => to_string)
-        event[@target] = anonymize(to_string)
-      else 
-        @source.each do |field|
           next unless event.include?(field)
-          if event[field].is_a?(Array)
+          event[@target] = event[field].tr('A-Za-z0-9 \t','')
-            event[@target] = event[field].collect { |v| anonymize(v) }
+        end
-          else
+      else
-            event[@target] = anonymize(event[field])
+        if @concatenate_sources 
+          to_string = ''
+          @source.sort.each do |k|
+            @logger.debug("Adding key to string")
+            to_string << "|#{k}|#{event[k]}"
           end
-        end # @source.each
+          to_string << "|"
-      end # concatenate_sources
+          @logger.debug("String built", :to_checksum => to_string)
-    end # @method
+          event[@target] = anonymize(to_string)
+        else 
+          @source.each do |field|
+            next unless event.include?(field)
+            if event[field].is_a?(Array)
+              event[@target] = event[field].collect { |v| anonymize(v) }
+            else
+              event[@target] = anonymize(event[field])
+            end
+          end # @source.each
+        end # concatenate_sources
+
+    end # casse @method
   end # def filter
 
   private

spec/filters/fingerprint.rb

@@ -147,4 +147,19 @@ describe LogStash::Filters::Fingerprint do
     end
   end
 
+  describe "PUNCT method" do
+    config <<-CONFIG
+      filter {
+        fingerprint {
+          source => 'field1'
+          method => 'PUNCT'
+        }
+      }
+    CONFIG
+
+    sample("field1" =>  "PHP Warning:  json_encode() [<a href='function.json-encode'>function.json-encode</a>]: Invalid UTF-8 sequence in argument in /var/www/htdocs/test.php on line 233") do
+      insist { subject["fingerprint"] } == ":_()[<='.-'>.-</>]:-////."
+    end
+  end
+
 end