fluent-plugin-grok-parser 2.1.5 → 2.1.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/fluent-plugin-grok-parser.gemspec +1 -1
- data/lib/fluent/plugin/grok.rb +4 -2
- data/patterns/grok-patterns +1 -1
- data/patterns/haproxy +1 -1
- data/patterns/httpd +2 -2
- data/patterns/linux-syslog +1 -1
- data/test/test_grok_parser.rb +5 -0
- metadata +3 -3
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1bc85cddf3ae82876f8fa683d15d4554a2c83a1f077a8fc46ece9e6d14f3ec3d
|
4
|
+
data.tar.gz: 4b4321c7a01f13be984bcb853a8048dbe6e590b73980984e122be0407b0a37aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 1fe9e8af7dcfec87f6fbdb1d0e7f70aaeed3a1ae930810e58f0eeb19d39dbb21bceb8dbf8260ee58793711abd2dda9a7ac1247f7db300e0f69865fc60cbbb345
|
7
|
+
data.tar.gz: d1cfba449d9fe5747b2746dd0d3a9e3ad8aff05560c85f6f5630238f46f63493dc3645f24d7d2d484dff468723b7c79ba407e92d74fe8e00b867639003645f32
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-grok-parser"
|
7
|
-
spec.version = "2.1.
|
7
|
+
spec.version = "2.1.6"
|
8
8
|
spec.authors = ["kiyoto", "Kenji Okimoto"]
|
9
9
|
spec.email = ["kiyoto@treasure-data.com", "okimoto@clear-code.com"]
|
10
10
|
spec.summary = %q{Fluentd plugin to support Logstash-inspired Grok format for parsing logs}
|
data/lib/fluent/plugin/grok.rb
CHANGED
@@ -89,9 +89,11 @@ module Fluent
|
|
89
89
|
replacement_pattern = "(?<#{m["subname"]}>#{curr_pattern})"
|
90
90
|
type_map[m["subname"]] = m["type"] || "string"
|
91
91
|
else
|
92
|
-
replacement_pattern = curr_pattern
|
92
|
+
replacement_pattern = "(?:#{curr_pattern})"
|
93
|
+
end
|
94
|
+
pattern.sub!(m[0]) do |s|
|
95
|
+
replacement_pattern
|
93
96
|
end
|
94
|
-
pattern.sub!(m[0]) do |s| replacement_pattern end
|
95
97
|
end
|
96
98
|
|
97
99
|
[pattern, type_map]
|
data/patterns/grok-patterns
CHANGED
@@ -37,7 +37,7 @@ PATH (?:%{UNIXPATH}|%{WINPATH})
|
|
37
37
|
UNIXPATH (/([\w_%!$@:.,+~-]+|\\.)*)+
|
38
38
|
TTY (?:/dev/(pts|tty([pq])?)(\w+)?/?(?:[0-9]+))
|
39
39
|
WINPATH (?>[A-Za-z]+:|\\)(?:\\[^\\?*]*)+
|
40
|
-
URIPROTO [A-Za-z]([A-Za-
|
40
|
+
URIPROTO [A-Za-z]+(\+[A-Za-z+]+)?
|
41
41
|
URIHOST %{IPORHOST}(?::%{POSINT:port})?
|
42
42
|
# uripath comes loosely from RFC1738, but mostly from what Firefox
|
43
43
|
# doesn't turn into %XX
|
data/patterns/haproxy
CHANGED
@@ -31,7 +31,7 @@ HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:captured_response_headers}
|
|
31
31
|
# HAPROXYCAPTUREDRESPONSEHEADERS %{DATA:response_header_content_type}\|%{DATA:response_header_content_encoding}\|%{DATA:response_header_cache_control}\|%{DATA:response_header_last_modified}
|
32
32
|
|
33
33
|
# parse a haproxy 'httplog' line
|
34
|
-
HAPROXYHTTPBASE %{IP:client_ip}:%{INT:client_port} \[%{HAPROXYDATE:accept_date}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\{%{HAPROXYCAPTUREDREQUESTHEADERS}\})?( )?(\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\})?( )?"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?"
|
34
|
+
HAPROXYHTTPBASE %{IP:client_ip}:%{INT:client_port} \[%{HAPROXYDATE:accept_date}\] %{NOTSPACE:frontend_name} %{NOTSPACE:backend_name}/%{NOTSPACE:server_name} %{INT:time_request}/%{INT:time_queue}/%{INT:time_backend_connect}/%{INT:time_backend_response}/%{NOTSPACE:time_duration} %{INT:http_status_code} %{NOTSPACE:bytes_read} %{DATA:captured_request_cookie} %{DATA:captured_response_cookie} %{NOTSPACE:termination_state} %{INT:actconn}/%{INT:feconn}/%{INT:beconn}/%{INT:srvconn}/%{NOTSPACE:retries} %{INT:srv_queue}/%{INT:backend_queue} (\{%{HAPROXYCAPTUREDREQUESTHEADERS}\})?( )?(\{%{HAPROXYCAPTUREDRESPONSEHEADERS}\})?( )?"(<BADREQ>|(%{WORD:http_verb} (%{URIPROTO:http_proto}://)?(?:%{USER:http_user}(?::[^@]*)?@)?(?:%{URIHOST:http_host})?(?:%{URIPATHPARAM:http_request})?( HTTP/%{NUMBER:http_version})?))?"
|
35
35
|
|
36
36
|
HAPROXYHTTP (?:%{SYSLOGTIMESTAMP:syslog_timestamp}|%{TIMESTAMP_ISO8601:timestamp8601}) %{IPORHOST:syslog_server} %{SYSLOGPROG}: %{HAPROXYHTTPBASE}
|
37
37
|
|
data/patterns/httpd
CHANGED
@@ -7,9 +7,9 @@ HTTPD_COMBINEDLOG %{HTTPD_COMMONLOG} %{QS:referrer} %{QS:agent}
|
|
7
7
|
|
8
8
|
# Error logs
|
9
9
|
HTTPD20_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{LOGLEVEL:loglevel}\] (?:\[client %{IPORHOST:clientip}\] ){0,1}%{GREEDYDATA:message}
|
10
|
-
HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{WORD:module}:%{LOGLEVEL:loglevel}\] \[pid %{POSINT:pid}
|
10
|
+
HTTPD24_ERRORLOG \[%{HTTPDERROR_DATE:timestamp}\] \[%{WORD:module}:%{LOGLEVEL:loglevel}\] \[pid %{POSINT:pid}:tid %{NUMBER:tid}\]( \(%{POSINT:proxy_errorcode}\)%{DATA:proxy_message}:)?( \[client %{IPORHOST:clientip}:%{POSINT:clientport}\])? %{DATA:errorcode}: %{GREEDYDATA:message}
|
11
11
|
HTTPD_ERRORLOG %{HTTPD20_ERRORLOG}|%{HTTPD24_ERRORLOG}
|
12
12
|
|
13
13
|
# Deprecated
|
14
14
|
COMMONAPACHELOG %{HTTPD_COMMONLOG}
|
15
|
-
COMBINEDAPACHELOG %{HTTPD_COMBINEDLOG}
|
15
|
+
COMBINEDAPACHELOG %{HTTPD_COMBINEDLOG}
|
data/patterns/linux-syslog
CHANGED
@@ -11,6 +11,6 @@ SYSLOGLINE %{SYSLOGBASE2} %{GREEDYDATA:message}
|
|
11
11
|
# IETF 5424 syslog(8) format (see http://www.rfc-editor.org/info/rfc5424)
|
12
12
|
SYSLOG5424PRI <%{NONNEGINT:syslog5424_pri}>
|
13
13
|
SYSLOG5424SD \[%{DATA}\]+
|
14
|
-
SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{
|
14
|
+
SYSLOG5424BASE %{SYSLOG5424PRI}%{NONNEGINT:syslog5424_ver} +(?:%{TIMESTAMP_ISO8601:syslog5424_ts}|-) +(?:%{HOSTNAME:syslog5424_host}|-) +(-|%{SYSLOG5424PRINTASCII:syslog5424_app}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_proc}) +(-|%{SYSLOG5424PRINTASCII:syslog5424_msgid}) +(?:%{SYSLOG5424SD:syslog5424_sd}|-|)
|
15
15
|
|
16
16
|
SYSLOG5424LINE %{SYSLOG5424BASE} +%{GREEDYDATA:syslog5424_msg}
|
data/test/test_grok_parser.rb
CHANGED
@@ -37,6 +37,11 @@ class GrokParserTest < ::Test::Unit::TestCase
|
|
37
37
|
end
|
38
38
|
end
|
39
39
|
|
40
|
+
def test_date
|
41
|
+
internal_test_grok_pattern("\\[(?<date>%{DATE} %{TIME} (?:AM|PM))\\]", "[2/16/2018 10:19:34 AM]",
|
42
|
+
nil, { "date" => "2/16/2018 10:19:34 AM" })
|
43
|
+
end
|
44
|
+
|
40
45
|
def test_call_for_grok_pattern_not_found
|
41
46
|
assert_raise Fluent::Grok::GrokPatternNotFoundError do
|
42
47
|
internal_test_grok_pattern("%{THIS_PATTERN_DOESNT_EXIST}", "Some stuff at somewhere", nil, {})
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-grok-parser
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.1.
|
4
|
+
version: 2.1.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- kiyoto
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2018-02-
|
12
|
+
date: 2018-02-20 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: bundler
|
@@ -133,7 +133,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
133
133
|
version: '0'
|
134
134
|
requirements: []
|
135
135
|
rubyforge_project:
|
136
|
-
rubygems_version: 2.7.
|
136
|
+
rubygems_version: 2.7.3
|
137
137
|
signing_key:
|
138
138
|
specification_version: 4
|
139
139
|
summary: Fluentd plugin to support Logstash-inspired Grok format for parsing logs
|