Ruby syntax error

Jan_Kabelka · October 15, 2020, 12:56pm

Hi, I did not find anything what would work therefore please let me ask... I need to create new field with length of DNS domain. Also I would like to have another field with entropy value for that DNS domain.

What field I have:
dns.domain.name (e.g: "dns.domain.name" : "translate.google.com")

What fields I would like to have:
dns.domain.name_length (e.g: "dns.domain.name_length" : "20")
dns.domain.name_entropy (e.g: "dns.domain.name_entropy" : "3.48")

What I wrote for "length" part (and does not work) is:
ruby {

code => "event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)"

}

How to create new field "dns.domain.name_entropy" I do not know at all.

Thanks anybody for help! Jan

mastersmit · October 15, 2020, 1:57pm

I dont see this is a valid ruby script

event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)

you can try this in order to debug if you are getting correct value for each attribute:

ruby {

code => "
puts [dns]
puts [dns][domain]
puts [dns][domain][name]
event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)"

}

Jan_Kabelka · November 2, 2020, 10:39am

Hi, thanks. It works like below:

if [dns][question][subdomain] {
ruby {

    code => 'event.set("[dns][question_subdomain_length]", event.get("[dns][question][subdomain]").length);'

}

Jan_Kabelka · November 2, 2020, 10:40am

Any idea for entropy calculation? Thanks!

Topic		Replies	Views
Use Ruby to get field string length Logstash	3	1797	August 13, 2020
Add field with the length of value of other field Logstash	2	1149	October 18, 2018
Count length of field / number of characters in a field and add the result into a new field Logstash	9	9968	January 1, 2019
Add message_length field Logstash	3	343	June 8, 2021
Adding field for string length Logstash	3	4120	July 6, 2017

Ruby syntax error

Related topics