Cherry-pick with conflict resolution

karenzone · karenzone · commit 7ac58ca74da5 · 2019-07-24T21:57:11.000Z
Fixes #754
diff --git a/docs/plugins/filters/alter.asciidoc b/docs/plugins/filters/alter.asciidoc
@@ -61,12 +61,16 @@ Field names can be dynamic and include parts of the event using the `%{field}`.
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple fields at once:
     filter {
       alter {
@@ -76,6 +80,7 @@ Example:
         }
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add field `foo_hello` if it is present, with the
@@ -94,18 +99,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         add_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple tags at once:
     filter {
       alter {
         add_tag => [ "foo_%{somefield}", "taggedy_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add a tag `foo_hello` (and the second example would of course add a `taggedy_tag` tag).
@@ -120,13 +130,15 @@ Sets the value of field_name to the first nonnull expression among its arguments
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         coalesce => [
              "field_name", "value1", "value2", "value3", ...
         ]
       }
     }
+-----
 
 [[plugins-filters-alter-condrewrite]]
 ===== `condrewrite` 
@@ -139,6 +151,7 @@ if the actual content is equal to the expected one.
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         condrewrite => [ 
@@ -148,6 +161,7 @@ Example:
            ]
       }
     }
+-----
 
 [[plugins-filters-alter-condrewriteother]]
 ===== `condrewriteother` 
@@ -160,6 +174,7 @@ if the content of another field is equal to the expected one.
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         condrewriteother => [ 
@@ -169,6 +184,7 @@ Example:
         ]
       }
     }
+-----
 
 [[plugins-filters-alter-periodic_flush]]
 ===== `periodic_flush` 
@@ -188,19 +204,25 @@ Optional.
 If this filter is successful, remove arbitrary fields from this event.
 Fields names can be dynamic and include parts of the event using the %{field}
 Example:
+
 [source,ruby]
+-----
     filter {
       alter {
         remove_field => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple fields at once:
     filter {
       alter {
         remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the field with name `foo_hello` if it is present. The second
@@ -218,18 +240,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       alter {
         remove_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple tags at once:
     filter {
       alter {
         remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the tag `foo_hello` if it is present. The second example
diff --git a/docs/plugins/filters/anonymize.asciidoc b/docs/plugins/filters/anonymize.asciidoc
@@ -25,7 +25,7 @@ anonymize {
 
 
 
-Available configuration options:
+==== Available configuration options
 
 [cols="<,<,<,<m",options="header",]
 |=======================================================================
@@ -57,12 +57,16 @@ Field names can be dynamic and include parts of the event using the `%{field}`.
 
 Example:
 [source,ruby]
+-----
     filter {
       anonymize {
         add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple fields at once:
     filter {
       anonymize {
@@ -72,6 +76,7 @@ Example:
         }
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add field `foo_hello` if it is present, with the
@@ -90,18 +95,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       anonymize {
         add_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple tags at once:
     filter {
       anonymize {
         add_tag => [ "foo_%{somefield}", "taggedy_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add a tag `foo_hello` (and the second example would of course add a `taggedy_tag` tag).
@@ -152,20 +162,26 @@ Optional.
 
 If this filter is successful, remove arbitrary fields from this event.
 Fields names can be dynamic and include parts of the event using the %{field}
+
 Example:
 [source,ruby]
+-----
     filter {
       anonymize {
         remove_field => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple fields at once:
     filter {
       anonymize {
         remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the field with name `foo_hello` if it is present. The second
@@ -183,18 +199,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       anonymize {
         remove_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple tags at once:
     filter {
       anonymize {
         remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the tag `foo_hello` if it is present. The second example
diff --git a/docs/plugins/filters/cidr.asciidoc b/docs/plugins/filters/cidr.asciidoc
@@ -58,12 +58,16 @@ Field names can be dynamic and include parts of the event using the `%{field}`.
 
 Example:
 [source,ruby]
+-----
     filter {
       cidr {
         add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple fields at once:
     filter {
       cidr {
@@ -73,6 +77,7 @@ Example:
         }
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add field `foo_hello` if it is present, with the
@@ -91,18 +96,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       cidr {
         add_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also add multiple tags at once:
     filter {
       cidr {
         add_tag => [ "foo_%{somefield}", "taggedy_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would add a tag `foo_hello` (and the second example would of course add a `taggedy_tag` tag).
@@ -115,13 +125,15 @@ would add a tag `foo_hello` (and the second example would of course add a `tagge
 
 The IP address(es) to check with. Example:
 [source,ruby]
+-----
     filter {
       cidr {
         add_tag => [ "testnet" ]
         address => [ "%{src_ip}", "%{dst_ip}" ]
         network => [ "192.0.2.0/24" ]
       }
     }
+-----
 
 [[plugins-filters-cidr-network]]
 ===== `network` 
@@ -156,20 +168,26 @@ Optional.
 
 If this filter is successful, remove arbitrary fields from this event.
 Fields names can be dynamic and include parts of the event using the %{field}
+
 Example:
 [source,ruby]
+-----
     filter {
       cidr {
         remove_field => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple fields at once:
     filter {
       cidr {
         remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the field with name `foo_hello` if it is present. The second
@@ -187,18 +205,23 @@ syntax.
 
 Example:
 [source,ruby]
+-----
     filter {
       cidr {
         remove_tag => [ "foo_%{somefield}" ]
       }
     }
+-----
+
 [source,ruby]
+-----
     # You can also remove multiple tags at once:
     filter {
       cidr {
         remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]
       }
     }
+-----
 
 If the event has field `"somefield" == "hello"` this filter, on success,
 would remove the tag `foo_hello` if it is present. The second example
diff --git a/docs/plugins/filters/clone.asciidoc b/docs/plugins/filters/clone.asciidoc

Original file line number	Diff line number	Diff line change
@@ -61,12 +61,16 @@ Field names can be dynamic and include parts of the event using the `%{field}`.
`61`	`61`
`62`	`62`	`Example:`
`63`	`63`	`[source,ruby]`
	`64`	`+-----`
`64`	`65`	`filter {`
`65`	`66`	`alter {`
`66`	`67`	`add_field => { "foo_%{somefield}" => "Hello world, from %{host}" }`
`67`	`68`	`}`
`68`	`69`	`}`
	`70`	`+-----`
	`71`	`+`
`69`	`72`	`[source,ruby]`
	`73`	`+-----`
`70`	`74`	`# You can also add multiple fields at once:`
`71`	`75`	`filter {`
`72`	`76`	`alter {`
`@@ -76,6 +80,7 @@ Example:`
`76`	`80`	`}`
`77`	`81`	`}`
`78`	`82`	`}`
	`83`	`+-----`
`79`	`84`
`80`	`85`	If the event has field `"somefield" == "hello"` this filter, on success,
`81`	`86`	would add field `foo_hello` if it is present, with the
`@@ -94,18 +99,23 @@ syntax.`
`94`	`99`
`95`	`100`	`Example:`
`96`	`101`	`[source,ruby]`
	`102`	`+-----`
`97`	`103`	`filter {`
`98`	`104`	`alter {`
`99`	`105`	`add_tag => [ "foo_%{somefield}" ]`
`100`	`106`	`}`
`101`	`107`	`}`
	`108`	`+-----`
	`109`	`+`
`102`	`110`	`[source,ruby]`
	`111`	`+-----`
`103`	`112`	`# You can also add multiple tags at once:`
`104`	`113`	`filter {`
`105`	`114`	`alter {`
`106`	`115`	`add_tag => [ "foo_%{somefield}", "taggedy_tag"]`
`107`	`116`	`}`
`108`	`117`	`}`
	`118`	`+-----`
`109`	`119`
`110`	`120`	If the event has field `"somefield" == "hello"` this filter, on success,
`111`	`121`	would add a tag `foo_hello` (and the second example would of course add a `taggedy_tag` tag).
`@@ -120,13 +130,15 @@ Sets the value of field_name to the first nonnull expression among its arguments`
`120`	`130`
`121`	`131`	`Example:`
`122`	`132`	`[source,ruby]`
	`133`	`+-----`
`123`	`134`	`filter {`
`124`	`135`	`alter {`
`125`	`136`	`coalesce => [`
`126`	`137`	`"field_name", "value1", "value2", "value3", ...`
`127`	`138`	`]`
`128`	`139`	`}`
`129`	`140`	`}`
	`141`	`+-----`
`130`	`142`
`131`	`143`	`[[plugins-filters-alter-condrewrite]]`
`132`	`144`	===== `condrewrite`
`@@ -139,6 +151,7 @@ if the actual content is equal to the expected one.`
`139`	`151`
`140`	`152`	`Example:`
`141`	`153`	`[source,ruby]`
	`154`	`+-----`
`142`	`155`	`filter {`
`143`	`156`	`alter {`
`144`	`157`	`condrewrite => [`
`@@ -148,6 +161,7 @@ Example:`
`148`	`161`	`]`
`149`	`162`	`}`
`150`	`163`	`}`
	`164`	`+-----`
`151`	`165`
`152`	`166`	`[[plugins-filters-alter-condrewriteother]]`
`153`	`167`	===== `condrewriteother`
`@@ -160,6 +174,7 @@ if the content of another field is equal to the expected one.`
`160`	`174`
`161`	`175`	`Example:`
`162`	`176`	`[source,ruby]`
	`177`	`+-----`
`163`	`178`	`filter {`
`164`	`179`	`alter {`
`165`	`180`	`condrewriteother => [`
`@@ -169,6 +184,7 @@ Example:`
`169`	`184`	`]`
`170`	`185`	`}`
`171`	`186`	`}`
	`187`	`+-----`
`172`	`188`
`173`	`189`	`[[plugins-filters-alter-periodic_flush]]`
`174`	`190`	===== `periodic_flush`
`@@ -188,19 +204,25 @@ Optional.`
`188`	`204`	`If this filter is successful, remove arbitrary fields from this event.`
`189`	`205`	`Fields names can be dynamic and include parts of the event using the %{field}`
`190`	`206`	`Example:`
	`207`	`+`
`191`	`208`	`[source,ruby]`
	`209`	`+-----`
`192`	`210`	`filter {`
`193`	`211`	`alter {`
`194`	`212`	`remove_field => [ "foo_%{somefield}" ]`
`195`	`213`	`}`
`196`	`214`	`}`
	`215`	`+-----`
	`216`	`+`
`197`	`217`	`[source,ruby]`
	`218`	`+-----`
`198`	`219`	`# You can also remove multiple fields at once:`
`199`	`220`	`filter {`
`200`	`221`	`alter {`
`201`	`222`	`remove_field => [ "foo_%{somefield}", "my_extraneous_field" ]`
`202`	`223`	`}`
`203`	`224`	`}`
	`225`	`+-----`
`204`	`226`
`205`	`227`	If the event has field `"somefield" == "hello"` this filter, on success,
`206`	`228`	would remove the field with name `foo_hello` if it is present. The second
`@@ -218,18 +240,23 @@ syntax.`
`218`	`240`
`219`	`241`	`Example:`
`220`	`242`	`[source,ruby]`
	`243`	`+-----`
`221`	`244`	`filter {`
`222`	`245`	`alter {`
`223`	`246`	`remove_tag => [ "foo_%{somefield}" ]`
`224`	`247`	`}`
`225`	`248`	`}`
	`249`	`+-----`
	`250`	`+`
`226`	`251`	`[source,ruby]`
	`252`	`+-----`
`227`	`253`	`# You can also remove multiple tags at once:`
`228`	`254`	`filter {`
`229`	`255`	`alter {`
`230`	`256`	`remove_tag => [ "foo_%{somefield}", "sad_unwanted_tag"]`
`231`	`257`	`}`
`232`	`258`	`}`
	`259`	`+-----`
`233`	`260`
`234`	`261`	If the event has field `"somefield" == "hello"` this filter, on success,
`235`	`262`	would remove the tag `foo_hello` if it is present. The second example