Stops processing when blank results are returned

logstash-plugins / logstash-filter-jdbc_streaming

A Logstash filter that can enrich events with data from a database

Apache License 2.0

12 stars 23 forks source link

Stops processing when blank results are returned #14

Closed novaksam closed 6 years ago

novaksam commented 6 years ago

I'm using this filter to enhance reporting for suricata alerts, and I've recently discovered that when a blank result is returned, it appears to stop processing that particular event. Not sure if this is intended behavior, but if so, it could be beneficial to have a boolean that would allow the output variables to be set to, say, blank_result_returned when this happens.

guyboertje commented 6 years ago

This case is exactly what the default_hash is designed to cover.

Docs and tests - setup + assertion

The default hash should have the same keys as the fields you would get filled in on a successful query.

novaksam commented 6 years ago

Goodness, that's embarrassing that I didn't see that.

Closing issue, thanks!