Update example, and missed field -> source change

Author: coolacid

example.conf

@@ -1,17 +1,40 @@
 input {
+
+    # This works
     generator {
-	message => "google.com"
+	message => "www.google.com"
 	count => 1
+	type => "test1"
     }
 
+    # This will fail
     generator {
-	message => "google.co.uk"
+	message => "google.co.ukf"
 	count => 1
+	type => "test1"
     }
+
+    # Shows using the source option
+    generator {
+	message => "The domain is www.google.com"
+	count => 1
+	type => "test2"
+    }
+
 }
 
 filter {
-    tld {}
+    if [type] == "test1" {
+	tld {}
+    } 
+    if [type] == "test2" {
+	grok {
+	    match => [ "message", "The domain is %{HOST:domain}" ]
+	}
+	tld {
+	    source => "domain"
+	}
+    }
 }
 
 output {

lib/logstash/filters/tld.rb

@@ -35,7 +35,7 @@ def register
   public
   def filter(event)
 
-    if @field and PublicSuffix.valid?(event[@source])
+    if @source and PublicSuffix.valid?(event[@source])
       domain = PublicSuffix.parse(event[@source])
       # Replace the event message with our message as configured in the
       # config file.