Hello,
I would like to concatenate 5 fields which can exist or not and i would like to do it in my ruby file filter because we already have others working filters in it.
my fields looks like this, they can have a value or no value at all
iis.uri.1.keyword: one
iis.uri.2.keyword: two
iis.uri.3.keyword: three
iis.uri.4.keyword:
iis.uri.5.keyword:
and my ruby script looks like this :
def filter(event)
if event.get("[fields][log_type]").include?("iis")
uri = ""
if not event.get("[iis][uri][1][keyword]").nil?
uri = uri + event.get("[iis][uri][1]")
end
if not event.get("[iis][uri][2][keyword]").nil?
uri = uri + "/" + event.get("[iis][uri][2]")
end
if not event.get("[iis][uri][3][keyword]").nil?
uri = uri + "/" + event.get("[iis][uri][3]")
end
if not event.get("[iis][uri][4][keyword]").nil?
uri = uri + "/" + event.get("[iis][uri][4]")
end
if not event.get("[iis][uri][4][keyword]").nil?
uri = uri + "/" + event.get("[iis][uri][5]")
end
event.set("iis.uriFull", uri)
else
# return [event]
end
return [event]
end
Even if my iis.uri.number have values, it only returns iis.uriFull = ""
I tested during 6 hours others schemes to filter, other condition methods, but no result at all, can anyone help me please ?
Have a great day,
Luigi.