Rye Biesemeyer yaauie
yaauie
/ downcase-field-names.logstash-filter-ruby.rb
Created
October 14, 2020 16:00
A script for a Logstash Ruby Filter to transform field names to all lowercase
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # downcase-field-names.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to transform field names to all lowercase | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy | |
| # of this software and associated documentation files (the "Software"), to deal |
yaauie
/ stringify-timestamp.logstash-filter-ruby.rb
Created
September 10, 2020 16:03
stringify a timestamp field
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # stringify-timestamp.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to stringify logstash timestamps using | |
| # ISO-8601. | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
yaauie
/ ecs-complaint-host-geoip.conf
Created
July 22, 2020 15:50
Example remapping the fields output by GeoIP filter for a host ip to ECS's host geo fields, as identified in the ECS compatibility mode issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/163#issuecomment-592177677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| geoip { | |
| source => "[host][ip]" | |
| target => "[@metadata][host_geoip]" | |
| } | |
| if [@metadata][host_geoip] { | |
| mutate { | |
| copy => { | |
| "[@metadata][host_geoip][city_name]" => "[host][geo][city_name]" | |
| "[@metadata][host_geoip][country_name]" => "[host][geo][country_name]" |
yaauie
/ tag-when-fields-over-threshold.logstash-filter-ruby.rb
Last active
June 1, 2020 18:40
Logstash: tag when field count over threshold
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # tag-when-fields-over-threshold.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to tag an event when it has "too many" | |
| # fields, with a configurable threshold. | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
yaauie
/ replace-subset.logstash-filter-ruby.rb
Created
May 11, 2020 17:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # replace-subset.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to replace an event's contents with a | |
| # subset that exists as an object in a field. | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
yaauie
/ delete-emtpy-nodes.logstash-filter-ruby.rb
Last active
July 19, 2021 09:46
A script for a Logstash Ruby Filter to delete empty nodes from an event; by default, crawls the entire event recursively, but it can be configured to limit the scope.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # delete-emtpy-nodes.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to delete empty nodes from an event; by | |
| # default, crawls the entire event recursively, but it can be configured to | |
| # limit the scope. | |
| ############################################################################### | |
| # | |
| # Copyright 2018 Ry Biesemeyer | |
| # |
yaauie
/ back_pressure_provider.rb
Created
April 29, 2019 21:15
proof-of-concept generic back-pressure provider, enables blocking back-pressure to be controlled outside the code that is performing the actions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The BackPressureProvider allows back-pressure to be applied to non-blocking APIs when those APIs also | |
| # provide hooks for identifying when they _should_ block. | |
| class BackPressureProvider | |
| def initialize(desc, logger) | |
| @desc = desc | |
| @logger = logger | |
| @mutex = Mutex.new | |
| @cond = ConditionVariable.new | |
| @back_pressure_engaged = false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # | |
| # Utility that allows you to cd into a local checkout of a Logstash Plugin's | |
| # source code, whether or not you have previously cloned the repository. | |
| # | |
| # Usage: | |
| # cdlp <type> <qualifier> | |
| # | |
| # Example: | |
| # cdlp output elasticsearch |
yaauie
/ processor-hostname.logstash-filter-ruby.rb
Last active
May 28, 2019 22:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| ruby { | |
| path => "${PWD}/processor-hostname.logstash-filter-ruby.rb" | |
| script_params => { | |
| "target" => "@processed-by" | |
| } | |
| } | |
| } |
yaauie
/ pipeline.conf
Last active
May 6, 2019 13:47
A script for a Logstash Ruby Filter to transpose an array of two-element objects representing key/value tuples into a single hash/map
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| # to convert an array of key/value objects into a single unordered | |
| # key/value map, use the included `transpose` script: | |
| ruby { | |
| path => "${PWD}/transpose.logstash-filter-ruby.rb" | |
| script_params => { | |
| source => "[proplist]" | |
| } | |
| } |