anschel 0.7.18 → 0.7.19
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/anschel/filter/index.rb +5 -3
- data/lib/anschel/filter/parse.rb +6 -3
- data/lib/anschel/filter/stamp.rb +10 -6
- data/lib/anschel/main.rb +5 -3
- data/lib/anschel/output/elasticsearch.rb +5 -3
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ddf0cea71192d05ec7225481c96643dec47d612d
|
|
4
|
+
data.tar.gz: 5a790e64b5f520fda2d6ae958499a96ed666dca5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: ba4beb5058920f80378895e602b1d6da7dd2c0cce5a6074c07036e9d1f0e04811486aa0dab6bbada943ad44820567d0c82d5b9109dfba0d9a1a5eb9df614951d
|
|
7
|
+
data.tar.gz: 3e9933c004bc2a53718017be27de0fa35e568591af362527f988c1e513f8e2226841407ec0132209a66f4dbef546a9c647b6c0b55813c2aaaf5e966cefa1bc4c
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.7.
|
|
1
|
+
0.7.19
|
data/lib/anschel/filter/index.rb
CHANGED
|
@@ -66,7 +66,7 @@ module Anschel
|
|
|
66
66
|
event[stamp] = timestamp.iso8601(3) unless stamped
|
|
67
67
|
event[:@index] = idx_prefix + timestamp.strftime(suffix)
|
|
68
68
|
|
|
69
|
-
|
|
69
|
+
log_event = {
|
|
70
70
|
event: 'filter-index-warning',
|
|
71
71
|
reason: 'could not parse event',
|
|
72
72
|
remediation: 'added bogus index',
|
|
@@ -74,8 +74,10 @@ module Anschel
|
|
|
74
74
|
stamp: stamp,
|
|
75
75
|
prefix: prefix,
|
|
76
76
|
suffix: suffix,
|
|
77
|
-
format: format
|
|
78
|
-
|
|
77
|
+
format: format
|
|
78
|
+
}
|
|
79
|
+
log_event[:raw_event] = event if log.debug?
|
|
80
|
+
log.warn log_event
|
|
79
81
|
|
|
80
82
|
if error_tag
|
|
81
83
|
event[:tags] ||= []
|
data/lib/anschel/filter/parse.rb
CHANGED
|
@@ -48,12 +48,15 @@ module Anschel
|
|
|
48
48
|
end
|
|
49
49
|
|
|
50
50
|
if mdata.nil?
|
|
51
|
-
|
|
51
|
+
log_event = {
|
|
52
52
|
event: 'parse-filter-error',
|
|
53
53
|
reason: 'regexp did not match',
|
|
54
54
|
field: field,
|
|
55
|
-
pattern: pattern
|
|
56
|
-
|
|
55
|
+
pattern: pattern
|
|
56
|
+
}
|
|
57
|
+
log_event[:raw_event] = event if log.debug?
|
|
58
|
+
log.warn log_event
|
|
59
|
+
|
|
57
60
|
stats.inc 'filter-parse-error'
|
|
58
61
|
if error_tag
|
|
59
62
|
event[:tags] ||= []
|
data/lib/anschel/filter/stamp.rb
CHANGED
|
@@ -53,14 +53,16 @@ module Anschel
|
|
|
53
53
|
end
|
|
54
54
|
|
|
55
55
|
if event[target]
|
|
56
|
-
|
|
56
|
+
log_event = {
|
|
57
57
|
event: 'stamp-filter-warning',
|
|
58
58
|
reason: 'event already has target field',
|
|
59
59
|
utc?: utc,
|
|
60
60
|
field: field,
|
|
61
61
|
pattern: pattern,
|
|
62
|
-
target: target
|
|
63
|
-
|
|
62
|
+
target: target
|
|
63
|
+
}
|
|
64
|
+
log_event[:raw_event] = event if log.debug?
|
|
65
|
+
log.warn log_event
|
|
64
66
|
event[target] = \
|
|
65
67
|
DateTime.parse(event[target]).to_time.utc.iso8601(precision)
|
|
66
68
|
return event
|
|
@@ -80,15 +82,17 @@ module Anschel
|
|
|
80
82
|
|
|
81
83
|
return filtered(event, conf) if matched
|
|
82
84
|
|
|
83
|
-
|
|
85
|
+
log_event = {
|
|
84
86
|
event: 'stamp-filter-warning',
|
|
85
87
|
reason: 'could not parse event',
|
|
86
88
|
remediation: 'using current time for stamp',
|
|
87
89
|
utc?: utc,
|
|
88
90
|
field: field,
|
|
89
91
|
pattern: pattern,
|
|
90
|
-
target: target
|
|
91
|
-
|
|
92
|
+
target: target
|
|
93
|
+
}
|
|
94
|
+
log_event[:raw_event] = event if log.debug?
|
|
95
|
+
log.warn log_event
|
|
92
96
|
|
|
93
97
|
if error_tag
|
|
94
98
|
event[:tags] ||= []
|
data/lib/anschel/main.rb
CHANGED
|
@@ -83,11 +83,13 @@ module Anschel
|
|
|
83
83
|
begin
|
|
84
84
|
event = JrJackson::Json.load raw, symbolize_keys: true
|
|
85
85
|
rescue JrJackson::ParseError
|
|
86
|
-
|
|
86
|
+
log_event = {
|
|
87
87
|
event: 'main-input-error',
|
|
88
88
|
reason: 'could not parse event',
|
|
89
|
-
remediation: 'skipping'
|
|
90
|
-
|
|
89
|
+
remediation: 'skipping'
|
|
90
|
+
}
|
|
91
|
+
log_event[:raw_event] = event if log.debug?
|
|
92
|
+
log.error log_event
|
|
91
93
|
next
|
|
92
94
|
end
|
|
93
95
|
|
|
@@ -44,11 +44,13 @@ module Anschel
|
|
|
44
44
|
routing = e.delete(:@routing)
|
|
45
45
|
|
|
46
46
|
if index.nil?
|
|
47
|
-
|
|
47
|
+
log_event = {
|
|
48
48
|
event: 'elasticsearch-output-error',
|
|
49
49
|
reason: 'event was not indexed',
|
|
50
|
-
remediation: "sending to default index '#{default_index}'"
|
|
51
|
-
|
|
50
|
+
remediation: "sending to default index '#{default_index}'"
|
|
51
|
+
}
|
|
52
|
+
log_event[:raw_event] = event if log.debug?
|
|
53
|
+
log.error log_event
|
|
52
54
|
index = default_index
|
|
53
55
|
end
|
|
54
56
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: anschel
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.19
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Sean Clemmer
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-03-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|