You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 14, 2022. It is now read-only.
code => 'logger.debug("Drop API/event as it should be ignored: ", "isIgnoreAPI" => event.get("[isIgnoreAPI]"), "ignoreLookupCacheKey" => event.get("[@metadata][ignoreLookupCacheKey]") );'
105
-
}
106
-
drop {}
107
-
}
108
-
# If the PolicyName or API-Path has been looked up right now add it to the cache
109
-
if([@metadata][updateIsIgnoreCache]=="true") {
110
-
ruby {
111
-
code => 'logger.debug("Adding ignore status to cache: ", "isIgnoreAPI" => event.get("[isIgnoreAPI]"), "ignoreLookupCacheKey" => event.get("[@metadata][ignoreLookupCacheKey]") );'
75
+
if([@metadata][ignoreApiLookupEnabled]) {
76
+
# Create a cache key for the event, either on API-Path or Policy-Name
code => 'logger.debug("Drop API/event as it should be ignored: ", "isIgnoreAPI" => event.get("[isIgnoreAPI]"), "ignoreLookupCacheKey" => event.get("[@metadata][ignoreLookupCacheKey]") );'
108
+
}
109
+
drop {}
110
+
}
111
+
# If the PolicyName or API-Path has been looked up right now add it to the cache
112
+
if([@metadata][updateIsIgnoreCache]=="true") {
113
+
ruby {
114
+
code => 'logger.info("Adding ignore status to cache: ", "ignoreLookupCacheKey" => event.get("[@metadata][ignoreLookupCacheKey]"), "isIgnoreAPI" => event.get("[isIgnoreAPI]") );'
115
+
}
116
+
memcached {
117
+
hosts => "${MEMCACHED}"
118
+
namespace => "ignoredAPIs"
119
+
ttl => "${LOOKUP_CACHE_TTL:600}"
120
+
set => { "[isIgnoreAPI]" => "%{[@metadata][ignoreLookupCacheKey]}" }
121
+
}
118
122
}
123
+
mutate { remove_field => "[isIgnoreAPI]" }
119
124
}
120
-
mutate { remove_field => "[isIgnoreAPI]" }
121
125
122
126
# Check, if event is a Scheduled-Policy - Most of the properties are NULL
123
127
if([correlationId]!="000000000000000000000000" and ![circuitPath] and ![transactionElement] and ![transactionSummary][path] and ![transactionSummary][protocol] and ![transactionSummary][protocolSrc]) {
@@ -348,7 +352,7 @@ filter {
348
352
}
349
353
}
350
354
# Try to translate the applicationId (e.g. 180b1f32-d72f-40f4-949a-fc3f3f7dec2c) into a meaningful application-name
351
-
if ([http]) { # Translation only supported for HTTP-Requests
355
+
if ([http] and [@metadata][applicationLookupEnabled]) { # Translation only supported for HTTP-Requests
352
356
grok {
353
357
match => { "[http][authSubjectId]" => "^.{8}-.{4}-.{4}-.{4}-.{12}$" }
0 commit comments