fluent-plugin-esslowquery 1.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +7 -0
  2. data/.gitignore +18 -0
  3. data/Gemfile +3 -0
  4. data/README.md +51 -0
  5. data/Rakefile +2 -0
  6. data/fluent-plugin-esslowquery.gemspec +16 -0
  7. data/lib/fluent/plugin/parser_es_slow_query.rb +60 -0
  8. metadata +71 -0
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: 2d4433da6072fd01f6207e65b6e071efd797b9d8
4
+ data.tar.gz: 33aa3e328fb5a598f9020d06228d41f1ae7ff024
5
+ SHA512:
6
+ metadata.gz: eb0ee2d40e16a2a588d2a53c083136da510630d0d11c4f756b28541f10ff6b65fb2024a5d68c69a315764ffd4a6694075be5389effa0ce122eaecbc523ac9dc1
7
+ data.tar.gz: 637e812843e305ca5e452cf43995d9e7d22af98fde4f98e514874283d526a27591aa6c2f40ea9a760b7780c3122ee0cc637c6b19fb4745a895f1b5895b8f1843
data/.gitignore ADDED
@@ -0,0 +1,18 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ coverage
6
+ InstalledFiles
7
+ lib/bundler/man
8
+ pkg
9
+ rdoc
10
+ spec/reports
11
+ test/tmp
12
+ test/version_tmp
13
+ tmp
14
+
15
+ # YARD artifacts
16
+ .yardoc
17
+ _yardoc
18
+ doc/
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source "https://rubygems.org"
2
+
3
+ gemspec
data/README.md ADDED
@@ -0,0 +1,51 @@
1
+ #fluent-plugin-esslowquery
2
+
3
+ Fluent parser plugin for Elasticsearch slow query log file.
4
+
5
+ ##Installation
6
+
7
+ ```shell
8
+ $ gem install fluent-plugin-esslowquery
9
+ ```
10
+
11
+ ##How to use
12
+
13
+ Edit `/etc/td-agent/td-agent.conf` file.
14
+
15
+ ```conf
16
+ <source>
17
+ type tail
18
+ path /var/log/elasticsearch/elasticsearch-{cluster-name}_index_search_slowlog.log
19
+ tag elasticsearch.{cluster-name}.search_slowlog_query
20
+ pos_file /var/run/td-agent/elasticsearch-search-slow.pos
21
+ format es_slow_query
22
+ </source>
23
+
24
+ <source>
25
+ type tail
26
+ path /var/log/elasticsearch/elasticsearch-{cluster-name}_index_indexing_slowlog.log
27
+ tag elasticsearch.{cluster-name}.indexing_slowlog_query
28
+ pos_file /var/run/td-agent/elasticsearch-indexing-slow.pos
29
+ format es_slow_query
30
+ </source>
31
+ ```
32
+
33
+ ##Expected record format
34
+
35
+ ```json
36
+ {
37
+ "extra_source": "{\"from\":0,\"size\":0}",
38
+ "index": "comments",
39
+ "node": "{cluster-name}-{node-id}",
40
+ "search_type": "COUNT",
41
+ "severity": "TRACE",
42
+ "shard": 4,
43
+ "source": "index.search.slowlog.query",
44
+ "source_body": "{\"query\":{\"filtered\":{\"query\":{\"match_all\":{}},\"filter\":{\"term\":{\"tags\":\"elasticsearch\"}}}}}",
45
+ "stats": "",
46
+ "took": "282.7ms",
47
+ "took_millis": 282,
48
+ "total_shards": 1,
49
+ "types": "document"
50
+ }
51
+ ```
data/Rakefile ADDED
@@ -0,0 +1,2 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
data/fluent-plugin-esslowquery.gemspec ADDED
@@ -0,0 +1,16 @@
1
+ Gem::Specification.new do |gem|
2
+ gem.authors = ["Boguslaw Mista"]
3
+ gem.email = ["bodziomista@gmail.com"]
4
+ gem.description = "Fluent parser plugin for Elasticsearch slow query log file."
5
+ gem.summary = "Fluent parser plugin for Elasticsearch slow query log file."
6
+ gem.homepage = "https://github.com/iaintshine/fluent-plugin-esslowquery"
7
+ gem.license = "MIT"
8
+
9
+ gem.files = `git ls-files`.split($\)
10
+ gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
11
+ gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
12
+ gem.name = "fluent-plugin-esslowquery"
13
+ gem.require_paths = ["lib"]
14
+ gem.version = "1.0.0"
15
+ gem.add_dependency "fluentd", [">= 0.12.0", "< 2"]
16
+ end
data/lib/fluent/plugin/parser_es_slow_query.rb ADDED
@@ -0,0 +1,60 @@
1
+ module Fluent
2
+ class ElasticsearchSlowLogParser < Parser
3
+ REGEXP = /^\[(?<time>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\]\[(?<severity>[a-zA-Z]+)\]\[(?<source>\S+)\] \[(?<node>\S+)\] \[(?<index>\w+)\]\[(?<shard>\d+)\] took\[(?<took>.+)\], took_millis\[(?<took_millis>\d+)\], types\[(?<types>.+)\], stats\[(?<stats>.*)\], search_type\[(?<search_type>.*)\], total_shards\[(?<total_shards>\d+)\], source\[(?<source_body>.*)\], extra_source\[(?<extra_source>.*)\]/
4
+ TIME_FORMAT = "%Y-%m-%d %H:%M:%S,%N"
5
+
6
+ Plugin.register_parser("es_slow_query", self)
7
+
8
+ def initialize
9
+ super
10
+ @time_parser = TextParser::TimeParser.new(TIME_FORMAT)
11
+ @mutex = Mutex.new
12
+ end
13
+
14
+ def patterns
15
+ {'format' => REGEXP, 'time_format' => TIME_FORMAT}
16
+ end
17
+
18
+ def parse(text)
19
+ m = REGEXP.match(text)
20
+ unless m
21
+ if block_given?
22
+ yield nil, nil
23
+ return
24
+ else
25
+ return nil, nil
26
+ end
27
+ end
28
+
29
+ shard = m['shard'].to_i
30
+ took_millis = m['took_millis'].to_i
31
+ total_shards = m['total_shards'].to_i
32
+
33
+ time = m['time']
34
+ time = @mutex.synchronize { @time_parser.parse(time) }
35
+
36
+ record = {
37
+ 'severity' => m['severity'],
38
+ 'source' => m['source'],
39
+ 'node' => m['node'],
40
+ 'index' => m['index'],
41
+ 'shard' => shard,
42
+ 'took' => m['took'],
43
+ 'took_millis' => took_millis,
44
+ 'types' => m['types'],
45
+ 'stats' => m['stats'],
46
+ 'search_type' => m['search_type'],
47
+ 'total_shards' => total_shards,
48
+ 'source_body' => m['source_body'],
49
+ 'extra_source' => m['extra_source']
50
+ }
51
+ record["time"] = m['time'] if @keep_time_key
52
+
53
+ if block_given?
54
+ yield time, record
55
+ else
56
+ return time, record
57
+ end
58
+ end
59
+ end
60
+ end
metadata ADDED
@@ -0,0 +1,71 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fluent-plugin-esslowquery
3
+ version: !ruby/object:Gem::Version
4
+ version: 1.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Boguslaw Mista
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2015-09-09 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: 0.12.0
20
+ - - "<"
21
+ - !ruby/object:Gem::Version
22
+ version: '2'
23
+ type: :runtime
24
+ prerelease: false
25
+ version_requirements: !ruby/object:Gem::Requirement
26
+ requirements:
27
+ - - ">="
28
+ - !ruby/object:Gem::Version
29
+ version: 0.12.0
30
+ - - "<"
31
+ - !ruby/object:Gem::Version
32
+ version: '2'
33
+ description: Fluent parser plugin for Elasticsearch slow query log file.
34
+ email:
35
+ - bodziomista@gmail.com
36
+ executables: []
37
+ extensions: []
38
+ extra_rdoc_files: []
39
+ files:
40
+ - ".gitignore"
41
+ - Gemfile
42
+ - README.md
43
+ - Rakefile
44
+ - fluent-plugin-esslowquery.gemspec
45
+ - lib/fluent/plugin/parser_es_slow_query.rb
46
+ homepage: https://github.com/iaintshine/fluent-plugin-esslowquery
47
+ licenses:
48
+ - MIT
49
+ metadata: {}
50
+ post_install_message:
51
+ rdoc_options: []
52
+ require_paths:
53
+ - lib
54
+ required_ruby_version: !ruby/object:Gem::Requirement
55
+ requirements:
56
+ - - ">="
57
+ - !ruby/object:Gem::Version
58
+ version: '0'
59
+ required_rubygems_version: !ruby/object:Gem::Requirement
60
+ requirements:
61
+ - - ">="
62
+ - !ruby/object:Gem::Version
63
+ version: '0'
64
+ requirements: []
65
+ rubyforge_project:
66
+ rubygems_version: 2.4.3
67
+ signing_key:
68
+ specification_version: 4
69
+ summary: Fluent parser plugin for Elasticsearch slow query log file.
70
+ test_files: []
71
+ has_rdoc: