Ruby syntax error

Hi, I did not find anything what would work therefore please let me ask... I need to create new field with length of DNS domain. Also I would like to have another field with entropy value for that DNS domain.

What field I have:
dns.domain.name (e.g: "dns.domain.name" : "translate.google.com")

What fields I would like to have:
dns.domain.name_length (e.g: "dns.domain.name_length" : "20")
dns.domain.name_entropy (e.g: "dns.domain.name_entropy" : "3.48")

What I wrote for "length" part (and does not work) is:
ruby {

code => "event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)"

}

How to create new field "dns.domain.name_entropy" I do not know at all.

Thanks anybody for help! Jan

I dont see this is a valid ruby script

event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)

you can try this in order to debug if you are getting correct value for each attribute:

ruby {

code => "
puts [dns]
puts [dns][domain]
puts [dns][domain][name]
event.set('[dns][domain][name_length]', event.get('[dns][domain][name]').length)"

}

Hi, thanks. It works like below:

if [dns][question][subdomain] {
ruby {

    code => 'event.set("[dns][question_subdomain_length]", event.get("[dns][question][subdomain]").length);'

}

Any idea for entropy calculation? Thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.