Add support for fields and protocol lookups in port_name.

[a-bali]

Improve functionality of the port_name plugin by:

• allowing source to be provided as a field (not only as a tag)
• output will be provided as a field if input was a field as well
• additional tag/field can be provided to specify the protocol (tcp/udp)

Documentation and tests are updated accordingly.

Required for all PRs:

• Signed CLA.
• Associated README.md updated.
• Has appropriate unit tests.

[reimda]

Hi @a-bali, thanks for the PR.

I wrote port_name to fill a specific need of the sflow input plugin so I'm curious how you are reusing it. I'm not opposed to changing it but I want to have a better idea of the problem you're trying to solve. Could you describe how you use port_name? Where did your data with ports as fields come from?

Have you considered using the converter processor to change the field to tag or tag to field?

[a-bali]

I wrote port_name to fill a specific need of the sflow input plugin so I'm curious how you are reusing it. I'm not opposed to changing it but I want to have a better idea of the problem you're trying to solve. Could you describe how you use port_name? Where did your data with ports as fields come from?

Thank you for writing this plugin. I'm processing firewall logs with the tail input plugin and a grok pattern that parses the various fields in the log. I am using the port_name plugin (and others) to enrich/transform this data for reporting and visualization.

Have you considered using the converter processor to change the field to tag or tag to field?

I guess that is an option, but it would require additional steps and I saw that other processor plugins (e.g. reverse_dns) also support using fields/tags in the input/output. Also the PR contains functionality to use a dedicated field to specify the protocol (tcp/udp) which I have in the firewall log.

[ssoroka]

This looks good, but there's a couple small changes, as well we should probably support uint64