Merge pull request #46 from fabiogermann/master

Compatibility with Logstash 7.2
bitsofinfo · Jul 10, 2019 · 62177cc · 62177cc
2 parents 93b5927 + 54b7ad8
commit 62177cc
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/2110_filter_section_k_parse_matchedRules.conf b/2110_filter_section_k_parse_matchedRules.conf
@@ -14,6 +14,7 @@ filter {
       # hack.. @see https://logstash.jira.com/browse/LOGSTASH-1331
       mutate {
         gsub => [ "rawSectionK", "\n", "~" ]
+        gsub => [ "rawSectionK", "(~+)", "~" ]
         split => [ "rawSectionK" , "~" ]
       }
 
@@ -24,7 +25,7 @@ filter {
       ruby {
         code => "
             secRuleIds = Array.new()
-            matchedRules_array = event.get('matchedRules').to_hash
+            matchedRules_array = event.get('matchedRules')
             matchedRules_array.each do |entry|
               if entry.match(/^SecRule /) and entry.match(/,id:/)
                 secRuleIds.push(/,id:(?<ruleId>\d+)/.match(entry)[:ruleId])