Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 

README.md

Forcepoint Converter filter plugin for Embulk

pickup_column_number 0 means the raw field.

I expect the following schema in input (or parser) plugins.

   schema:
      - {field_name: raw}
      - {field_name: DateAndTime}
      - {field_name: AccountID}
      - {field_name: UserID}
      - {field_name: ClientIP}
      - {field_name: RequestCount}
      - {field_name: RequestSize}
      - {field_name: ResponseSize}
      - {field_name: Disposition}
      - {field_name: Categories}
      - {field_name: Protocol}
      - {field_name: Port}
      - {field_name: DestinationIP}
      - {field_name: URI}
      - {field_name: AnalyticID}
      - {field_name: ReasonCode}
      - {field_name: ContentStripping}
      - {field_name: ReasonString}
      - {field_name: FileType}
      - {field_name: PolicyName}
      - {field_name: ContentType}
      - {field_name: RemoteHost}
      - {field_name: Method}
      - {field_name: ProxyTime}
      - {field_name: OriginTime}
      - {field_name: ResponseTime}

Example

In this example, DateAndTime copied as @timestamp and convert from unix epoch to iso8601 string. ClientIP copied as client_ip and convert from integer to string. etc...

In config.yml

filters:
  - type: forcepoint_converter
    options: unix_epoch
    converter_name: timestamp
    pickup_column_number: 1
    add_column_name: "@timestamp"
    
  - type: forcepoint_converter
    pickup_column_number: 15
    add_column_name: ReasonCodeString
    converter_name: reason
    
  - type: forcepoint_converter
    pickup_column_number: 12
    add_column_name: dst_ip
    converter_name: ipaddress
    
  - type: forcepoint_converter
    pickup_column_number: 4
    add_column_name: client_ip
    converter_name: ipaddress
    
  - type: forcepoint_converter
    pickup_column_number: 14
    add_column_name: AnalyticString
    converter_name: analytic
    
  - type: forcepoint_converter
    pickup_column_number: 8
    add_column_name: DispositionString
    converter_name: disposition

Install

$ embulk gem install embulk-parser-forcepoint
$ embulk gem install embulk-filter-forcepoint_converter

preview

$ embulk preview ./config.yml

run

$ embulk run ./config.yml

About

No description, website, or topics provided.

Resources

License

Packages

No packages published

Languages

You can’t perform that action at this time.