Class: FluentParseAuditLogFilter

Inherits:

Fluent::Filter

• Object
• Fluent::Filter
• FluentParseAuditLogFilter

Defined in:

lib/fluent/plugin/filter_parse_audit_log.rb

Instance Method Summary

• #filter(tag, time, record) ⇒ Object

Instance Method Details

#filter(tag, time, record) ⇒ Object

# File 'lib/fluent/plugin/filter_parse_audit_log.rb', line 11

def filter(tag, time, record)
  line = record[@key]
  return record unless line
  new_record = AuditLogParser.parse_line(line, flatten: @flatten)
  @keep_keys.each do |k|
    new_record[k] = record[k] if record.has_key?(k)
  end if @keep_keys

  new_record
rescue => e
  log.warn "failed to parse a audit log: #{line}", error_class: e.class, error: e.message
  log.warn_backtrace
  record
end