I created a log stash filter plugin which runs the regex match against a field, and if it matches, create a new field 'flag' and sets the value as 'Y'
Currently I am using the regex inside the ruby file of my filter but ideally I have to read the regex from some file , as this regex is gonna be a huge string.
This is how my filter code looks like now
def filter(event)
`if @message`
`products = event.get("products")`
`if ( products =~ /apple(?:ipad|laptop|watch)?|nike(?:jersey|shoes)?/ )`
`event.set("flag", 'Y')`
` end `
` end`
` filter_matched(event)`
` end `
end
Kindly guide me on how to proceed on this further.