I'm building out logstash and would like to build functionality to anonymize fields as specified in the message itself.
Given the message below, the field fta is an array of fields to anonymize. I would like to just use %{fta} and pass it through to the anonymize filter, but that doesn't seem to work.
Sorry, I don't get what's wrong with the current output. Each array element has been hashed which is how the filter works. Do you want the array as a whole to be hashed and stored as a single string, or what's the desired results?
Sorry for the confusion. The desired result would be to let the FTA array dictate which other fields the anonymizer plugin would anonymize. Like below.
The use case is that the logging team is not aware of what fields should be anonymized, but the developers for each system are. The can easily send in an array of fields to anonymize which logstash can then act on.
That's what I was starting to think. Thanks for confirming. It's a shame I couldn't just do ["%{fta}"].
Do you have a link to a tutorial, or the objects available in a ruby filter? I've tried searching but wasn't able to find a good starting point anywhere on the internals of logstash at that point.
No, I don't have any good documentation pointers except the source code. But basically you read and write fields via event['fieldname'], enumerate fields by treating event as a hash, and the rest is normal Ruby.
Is there a way to call another filter from within the ruby filter? Specifically, I would like to leverage the work done in the anonymizer filter in the above. I'm relatively new to ruby, so I'm not even sure how to ask the question. perhaps something like:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.