Merge pull request #39 from mkubenka/fix/logstash-5.x

Fix Logstash 5.x

Author: bitsofinfo

2081_filter_section_h_convert_to_key-value.conf

@@ -21,18 +21,20 @@ filter {
       ruby {
         code => "
             auditLogTrailer = event.get('auditLogTrailer').to_hash
-            auditLogTrailerMessages = event.get('auditLogTrailerMessages').to_hash
+            auditLogTrailerMessages = event.get('auditLogTrailerMessages')
             auditLogTrailer.each { |k, v|
               if !v.nil? and v.is_a? String
                 auditLogTrailer[k] = v.strip
               end
             }
             auditLogTrailer.delete('Message')
             auditLogTrailer['messages'] = auditLogTrailerMessages
+
+            event.set('auditLogTrailer', auditLogTrailer)
           "
       }
 
-      drop {
+      mutate {
         remove_field => ['auditLogTrailerMessages']
       }
     }

2089_filter_section_h_example_severities.conf

@@ -11,7 +11,7 @@ filter {
     ruby {
       code => "
           modsecSeverities = Set.new
-          trailerMsgs = event.get('auditLogTrailerMessages').to_hash
+          trailerMsgs = event.get('auditLogTrailer[messages]')
           trailerMsgs.each {|m|
             if m.key?('severity')
               modsecSeverities.add(m['severity'])