fluent-plugin-grok-parser 1.0.0 → 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (7) hide show
  1. checksums.yaml +5 -5
  2. data/Rakefile +36 -0
  3. data/fluent-plugin-grok-parser.gemspec +1 -1
  4. data/lib/fluent/plugin/grok.rb +1 -1
  5. data/patterns/aws +3 -3
  6. data/test/test_grok_parser.rb +5 -0
  7. metadata +3 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA1:
3
- metadata.gz: 80ab11f887489e91eff7e4f3a07b0cdce24fe7ad
4
- data.tar.gz: 2bd1128bd64dc2ae91b8bd37d23e306b624c3572
2
+ SHA256:
3
+ metadata.gz: abba93dea7171b49379a1c09b97e93775a71c60f07975d8be225467ef9a02f3e
4
+ data.tar.gz: 53cabdd496599b84fda4a5facebbd93b59be9a5426dfa3142f6b94344411431d
5
5
  SHA512:
6
- metadata.gz: 373475b75f2655b6d698bba92d5c09d6a0410c9909310a56d1f74300cb8086f3116688be51d794702c0c8d056b3cbd40b394f6201c1b26e6384e8061103c02ba
7
- data.tar.gz: f2ba20c1de74a02fa178d26f627188f359c6c012c80920d8f83b341455333e6d12041e63500916400bb3663d889a9953ee6f84673bdd1591aab05c9ee316068d
6
+ metadata.gz: 0fed7231df5bddfe56b57eaa53155afb29e400d16994e3454d80a1f7dde75ff0528fd778137a65d557d71529b1de75f501206f3dfd5220cb5b2b2e86fd44d8ad
7
+ data.tar.gz: 37e00405e9c28e9d4bac1fe02ea609e297ea98554d98802f8deff575d5c8104953149dbbc129b00953fb5e162390904af2cf707df76f073bae3e608594fe2052
data/Rakefile CHANGED
@@ -20,6 +20,42 @@ task 'patterns:import' do
20
20
  cp(pattern, "patterns/", verbose: true)
21
21
  end
22
22
  end
23
+
24
+ # copied from "./lib/fluent/plugin/grok"
25
+ pattern_re =
26
+ /%\{ # match '%{' not prefixed with '\'
27
+ (?<name> # match the pattern name
28
+ (?<pattern>[A-z0-9]+)
29
+ (?::(?<subname>[@\[\]A-z0-9_:.-]+?)
30
+ (?::(?<type>(?:string|bool|integer|float|int|
31
+ time(?::.+)?|
32
+ array(?::.)?)))?)?
33
+ )
34
+ \}/x
35
+
36
+ Dir.glob("patterns/*") do |pattern_file|
37
+ new_lines = ""
38
+ File.readlines(pattern_file).each do |line|
39
+ case
40
+ when line.strip.empty?
41
+ new_lines << line
42
+ when line.start_with?("#")
43
+ new_lines << line
44
+ else
45
+ name, pattern = line.split(/\s+/, 2)
46
+ new_pattern = pattern.gsub(pattern_re) do |m|
47
+ matched = $~
48
+ if matched[:type] == "int"
49
+ "%{#{matched[:pattern]}:#{matched[:subname]}:integer}"
50
+ else
51
+ m
52
+ end
53
+ end
54
+ new_lines << "#{name} #{new_pattern}"
55
+ end
56
+ end
57
+ File.write(pattern_file, new_lines)
58
+ end
23
59
  end
24
60
 
25
61
  task :default => [:test, :build]
data/fluent-plugin-grok-parser.gemspec CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |spec|
6
6
  spec.name = "fluent-plugin-grok-parser"
7
- spec.version = "1.0.0"
7
+ spec.version = "1.0.1"
8
8
  spec.authors = ["kiyoto"]
9
9
  spec.email = ["kiyoto@treasure-data.com"]
10
10
  spec.summary = %q{Fluentd plugin to support Logstash-inspired Grok format for parsing logs}
data/lib/fluent/plugin/grok.rb CHANGED
@@ -82,7 +82,7 @@ module Fluent
82
82
  replacement_pattern = "(?<#{m["subname"]}>#{curr_pattern})"
83
83
  type_map[m["subname"]] = m["type"] || "string"
84
84
  else
85
- replacement_pattern = curr_pattern
85
+ replacement_pattern = "(?:#{curr_pattern})"
86
86
  end
87
87
  pattern.sub!(m[0]) do |s| replacement_pattern end
88
88
  end
data/patterns/aws CHANGED
@@ -1,6 +1,6 @@
1
1
  S3_REQUEST_LINE (?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})
2
2
 
3
- S3_ACCESS_LOG %{WORD:owner} %{NOTSPACE:bucket} \[%{HTTPDATE:timestamp}\] %{IP:clientip} %{NOTSPACE:requester} %{NOTSPACE:request_id} %{NOTSPACE:operation} %{NOTSPACE:key} (?:"%{S3_REQUEST_LINE}"|-) (?:%{INT:response:int}|-) (?:-|%{NOTSPACE:error_code}) (?:%{INT:bytes:int}|-) (?:%{INT:object_size:int}|-) (?:%{INT:request_time_ms:int}|-) (?:%{INT:turnaround_time_ms:int}|-) (?:%{QS:referrer}|-) (?:"?%{QS:agent}"?|-) (?:-|%{NOTSPACE:version_id})
3
+ S3_ACCESS_LOG %{WORD:owner} %{NOTSPACE:bucket} \[%{HTTPDATE:timestamp}\] %{IP:clientip} %{NOTSPACE:requester} %{NOTSPACE:request_id} %{NOTSPACE:operation} %{NOTSPACE:key} (?:"%{S3_REQUEST_LINE}"|-) (?:%{INT:response:integer}|-) (?:-|%{NOTSPACE:error_code}) (?:%{INT:bytes:integer}|-) (?:%{INT:object_size:integer}|-) (?:%{INT:request_time_ms:integer}|-) (?:%{INT:turnaround_time_ms:integer}|-) (?:%{QS:referrer}|-) (?:"?%{QS:agent}"?|-) (?:-|%{NOTSPACE:version_id})
4
4
 
5
5
  ELB_URIPATHPARAM %{URIPATH:path}(?:%{URIPARAM:params})?
6
6
 
@@ -8,7 +8,7 @@ ELB_URI %{URIPROTO:proto}://(?:%{USER}(?::[^@]*)?@)?(?:%{URIHOST:urihost})?(?:%{
8
8
 
9
9
  ELB_REQUEST_LINE (?:%{WORD:verb} %{ELB_URI:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})
10
10
 
11
- ELB_ACCESS_LOG %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:int} (?:(%{IP:backendip}:?:%{INT:backendport:int})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} %{INT:response:int} %{INT:backend_response:int} %{INT:received_bytes:int} %{INT:bytes:int} "%{ELB_REQUEST_LINE}"
11
+ ELB_ACCESS_LOG %{TIMESTAMP_ISO8601:timestamp} %{NOTSPACE:elb} %{IP:clientip}:%{INT:clientport:integer} (?:(%{IP:backendip}:?:%{INT:backendport:integer})|-) %{NUMBER:request_processing_time:float} %{NUMBER:backend_processing_time:float} %{NUMBER:response_processing_time:float} %{INT:response:integer} %{INT:backend_response:integer} %{INT:received_bytes:integer} %{INT:bytes:integer} "%{ELB_REQUEST_LINE}"
12
12
 
13
- CLOUDFRONT_ACCESS_LOG (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{TIME})\t%{WORD:x_edge_location}\t(?:%{NUMBER:sc_bytes:int}|-)\t%{IPORHOST:clientip}\t%{WORD:cs_method}\t%{HOSTNAME:cs_host}\t%{NOTSPACE:cs_uri_stem}\t%{NUMBER:sc_status:int}\t%{GREEDYDATA:referrer}\t%{GREEDYDATA:agent}\t%{GREEDYDATA:cs_uri_query}\t%{GREEDYDATA:cookies}\t%{WORD:x_edge_result_type}\t%{NOTSPACE:x_edge_request_id}\t%{HOSTNAME:x_host_header}\t%{URIPROTO:cs_protocol}\t%{INT:cs_bytes:int}\t%{GREEDYDATA:time_taken:float}\t%{GREEDYDATA:x_forwarded_for}\t%{GREEDYDATA:ssl_protocol}\t%{GREEDYDATA:ssl_cipher}\t%{GREEDYDATA:x_edge_response_result_type}
13
+ CLOUDFRONT_ACCESS_LOG (?<timestamp>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}\t%{TIME})\t%{WORD:x_edge_location}\t(?:%{NUMBER:sc_bytes:integer}|-)\t%{IPORHOST:clientip}\t%{WORD:cs_method}\t%{HOSTNAME:cs_host}\t%{NOTSPACE:cs_uri_stem}\t%{NUMBER:sc_status:integer}\t%{GREEDYDATA:referrer}\t%{GREEDYDATA:agent}\t%{GREEDYDATA:cs_uri_query}\t%{GREEDYDATA:cookies}\t%{WORD:x_edge_result_type}\t%{NOTSPACE:x_edge_request_id}\t%{HOSTNAME:x_host_header}\t%{URIPROTO:cs_protocol}\t%{INT:cs_bytes:integer}\t%{GREEDYDATA:time_taken:float}\t%{GREEDYDATA:x_forwarded_for}\t%{GREEDYDATA:ssl_protocol}\t%{GREEDYDATA:ssl_cipher}\t%{GREEDYDATA:x_edge_response_result_type}
14
14
 
data/test/test_grok_parser.rb CHANGED
@@ -37,6 +37,11 @@ class GrokParserTest < ::Test::Unit::TestCase
37
37
  end
38
38
  end
39
39
 
40
+ def test_date
41
+ internal_test_grok_pattern("\\[(?<date>%{DATE} %{TIME} (?:AM|PM))\\]", "[2/16/2018 10:19:34 AM]",
42
+ nil, { "date" => "2/16/2018 10:19:34 AM" })
43
+ end
44
+
40
45
  def test_call_for_grok_pattern_not_found
41
46
  assert_raise Grok::GrokPatternNotFoundError do
42
47
  internal_test_grok_pattern('%{THIS_PATTERN_DOESNT_EXIST}', 'Some stuff at somewhere', nil, {})
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-grok-parser
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.0
4
+ version: 1.0.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - kiyoto
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-10-05 00:00:00.000000000 Z
11
+ date: 2018-02-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -135,7 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
135
135
  version: '0'
136
136
  requirements: []
137
137
  rubyforge_project:
138
- rubygems_version: 2.6.4
138
+ rubygems_version: 2.7.3
139
139
  signing_key:
140
140
  specification_version: 4
141
141
  summary: Fluentd plugin to support Logstash-inspired Grok format for parsing logs