fluent-plugin-druid-log 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3bebda6723f2f18402df54780a40529456ea78ffd85c9a0dad684690f6d1bc42
|
|
4
|
+
data.tar.gz: a067e088f8855296bcdec092150bd06640ecf545afd4067f39a5c45d9159eedc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6669c565461a6a06563690ce545b3a0393e20d822aec2b9fc952a60c1606e821670458ffac7491bf3f5798e5cf6fdfaf522e09e8dfa2f42394e99f8bb8d2b7d3
|
|
7
|
+
data.tar.gz: d5bba254fb7280c494dcbc9be89ec98656a7e90e86faca661eec765d6a1993f4cc3a0dacdd2b4227b1eb454ddcafb4fe8f7e0132872b7ba7a81352880ccc611b
|
data/README.md
CHANGED
|
@@ -6,7 +6,13 @@
|
|
|
6
6
|
|
|
7
7
|
### format-druid-audit-log-1 (filter)
|
|
8
8
|
|
|
9
|
-
Filter plugin to reformat Druid audit log
|
|
9
|
+
Filter plugin to reformat Druid audit log.
|
|
10
|
+
|
|
11
|
+
Restructure by query_type :
|
|
12
|
+
- when query_type is sql, query content will be in sql_query key
|
|
13
|
+
- when query_type is scan, query content will be in scan_query key
|
|
14
|
+
- when query_type is groupBy, query content will be in groupby_query key
|
|
15
|
+
- ...
|
|
10
16
|
|
|
11
17
|
Example:
|
|
12
18
|
|
|
@@ -35,6 +41,45 @@ Example:
|
|
|
35
41
|
</match>
|
|
36
42
|
```
|
|
37
43
|
|
|
44
|
+
|
|
45
|
+
### format-druid-audit-log-2 (filter)
|
|
46
|
+
|
|
47
|
+
Filter plugin to reformat Druid audit log.
|
|
48
|
+
|
|
49
|
+
The query content is under the query key.
|
|
50
|
+
|
|
51
|
+
Some key are serialized to string to avoid type change problems :
|
|
52
|
+
- matchValue under filter is serialized to string
|
|
53
|
+
- granularity is serialized to string
|
|
54
|
+
|
|
55
|
+
Example:
|
|
56
|
+
|
|
57
|
+
``` text
|
|
58
|
+
<source>
|
|
59
|
+
@type tail
|
|
60
|
+
path /.../log/audit.log
|
|
61
|
+
pos_file /.../audit_log.pos
|
|
62
|
+
read_from_head true
|
|
63
|
+
tag druid_audit_log
|
|
64
|
+
|
|
65
|
+
<parse>
|
|
66
|
+
@type regexp
|
|
67
|
+
expression /^(?<timestamp>[^\t]+)\t(?<remote_addr>[^\t]*)\t{1,2}(?<query_result>[^\t]+)\t(?<query>.*)$/
|
|
68
|
+
time_key timestamp
|
|
69
|
+
keep_time_key true
|
|
70
|
+
</parse>
|
|
71
|
+
</source>
|
|
72
|
+
|
|
73
|
+
<filter druid_audit_log>
|
|
74
|
+
@type format_druid_audit_log_2
|
|
75
|
+
</filter>
|
|
76
|
+
|
|
77
|
+
<match druid_audit_log>
|
|
78
|
+
@type stdout
|
|
79
|
+
</match>
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
|
|
38
83
|
## Installation
|
|
39
84
|
|
|
40
85
|
### RubyGems
|
|
@@ -38,7 +38,9 @@ module Fluent
|
|
|
38
38
|
|
|
39
39
|
def format_record(record)
|
|
40
40
|
[query_key, query_result_key].each do |key|
|
|
41
|
-
|
|
41
|
+
if record[key].is_a? String
|
|
42
|
+
record[key] = record[key].size.positive? ? JSON.parse(record[key]) : {}
|
|
43
|
+
end
|
|
42
44
|
end
|
|
43
45
|
|
|
44
46
|
query_type = guess_query_type(record)
|
|
@@ -21,7 +21,7 @@ module Fluent
|
|
|
21
21
|
def configure(conf)
|
|
22
22
|
super
|
|
23
23
|
|
|
24
|
-
return unless query_key.nil?
|
|
24
|
+
return unless query_key.nil? && query_result.nil?
|
|
25
25
|
|
|
26
26
|
raise Fluent::ConfigError, 'query_key should be specified'
|
|
27
27
|
end
|
|
@@ -39,7 +39,7 @@ module Fluent
|
|
|
39
39
|
def format_record(record)
|
|
40
40
|
[query_key, query_result_key].each do |key|
|
|
41
41
|
if record[key].is_a? String
|
|
42
|
-
record[key] = record[key].size
|
|
42
|
+
record[key] = record[key].size.positive? ? JSON.parse(record[key]) : {}
|
|
43
43
|
end
|
|
44
44
|
end
|
|
45
45
|
|
|
@@ -61,8 +61,10 @@ module Fluent
|
|
|
61
61
|
end
|
|
62
62
|
|
|
63
63
|
def fix_record_query_granularity(record)
|
|
64
|
-
|
|
65
|
-
|
|
64
|
+
%w[granularity matchValue].each do |key_name|
|
|
65
|
+
update_all_key_value(record, key_name) do |value|
|
|
66
|
+
value&.to_s
|
|
67
|
+
end
|
|
66
68
|
end
|
|
67
69
|
end
|
|
68
70
|
|
|
@@ -73,9 +75,7 @@ module Fluent
|
|
|
73
75
|
next
|
|
74
76
|
end
|
|
75
77
|
|
|
76
|
-
if rvalue.is_a?(Hash)
|
|
77
|
-
update_all_key_value(rvalue, key, &block)
|
|
78
|
-
end
|
|
78
|
+
update_all_key_value(rvalue, key, &block) if rvalue.is_a?(Hash)
|
|
79
79
|
end
|
|
80
80
|
end
|
|
81
81
|
end
|