# Original Author: Justin Henderson
#         SANS Instructor and author of SANS SEC555: SIEM and Tactical Analytics
# Updated by: Doug Burks
# Last Update: 5/13/2017

filter {
  if [type] == "bro_http" {
    if [uri] {
      ruby {
        code => "event.set('uri_length', event.get('uri').length)"
      }
    }
    if [virtual_host] {
      ruby {
        code => "event.set('virtual_host_length', event.get('virtual_host').length)"
      }
    }
    if [useragent] {
      ruby {
        code => "event.set('useragent_length', event.get('useragent').length)"
      }
    }
	mutate {
	  ##add_tag => [ "conf_file_8007"]
	}
  }
}