fluent-plugin-grok-parser 2.0.1 → 2.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +1 -1
- data/README.md +72 -0
- data/fluent-plugin-grok-parser.gemspec +3 -3
- data/lib/fluent/plugin/grok.rb +1 -1
- data/lib/fluent/plugin/parser_grok.rb +3 -0
- data/lib/fluent/plugin/parser_multiline_grok.rb +4 -8
- data/test/test_grok_parser.rb +39 -1
- data/test/test_multiline_grok_parser.rb +34 -0
- metadata +4 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2c5c25e59b231fe7a4902d8e691fb1b999185faa
|
4
|
+
data.tar.gz: 2aa97bc6af77717e3833292b040d0669b78f07a7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3f28d4fe0a807b0efde2781e5e0c086689dfa4c56b47722100b7e44088801f9ae342c2dcc7e658405fef0683f38ff8445f9ee65125ccbc3ffebfceb3fdaed74e
|
7
|
+
data.tar.gz: 30ab878638d27d96bfbcdba1072f7458e99210df286aca12f2aa8e9f2ed79bc17bbad04d054bb11bbca9389fb7360307aa43bf1bd304bfa7236058dd934ca58f
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
@@ -145,6 +145,78 @@ Fluentd accumulates data in the buffer forever to parse complete data when no pa
|
|
145
145
|
|
146
146
|
You can use this parser without `multiline_start_regexp` when you know your data structure perfectly.
|
147
147
|
|
148
|
+
## Configurations
|
149
|
+
|
150
|
+
**time_format**
|
151
|
+
|
152
|
+
The format of the time field.
|
153
|
+
|
154
|
+
**grok_pattern**
|
155
|
+
|
156
|
+
The pattern of grok. You cannot specify multiple grok pattern with this.
|
157
|
+
|
158
|
+
**custom_pattern_path**
|
159
|
+
|
160
|
+
Path to the file that includes custom grok patterns
|
161
|
+
|
162
|
+
**grok_failure_key**
|
163
|
+
|
164
|
+
The key has grok failure reason. Default is `nil`.
|
165
|
+
|
166
|
+
```aconf
|
167
|
+
<source>
|
168
|
+
@type dummy
|
169
|
+
@label @dummy
|
170
|
+
dummy [
|
171
|
+
{ "message1": "no grok pattern matched!", "prog": "foo" },
|
172
|
+
{ "message1": "/", "prog": "bar" }
|
173
|
+
]
|
174
|
+
tag dummy.log
|
175
|
+
</source>
|
176
|
+
|
177
|
+
<label @dummy>
|
178
|
+
<filter>
|
179
|
+
@type parser
|
180
|
+
key_name message1
|
181
|
+
reserve_data true
|
182
|
+
reserve_time true
|
183
|
+
<parse>
|
184
|
+
@type grok
|
185
|
+
grok_failure_key grokfailure
|
186
|
+
<grok>
|
187
|
+
pattern %{PATH:path}
|
188
|
+
</grok>
|
189
|
+
</parse>
|
190
|
+
</filter>
|
191
|
+
<match dummy.log>
|
192
|
+
@type stdout
|
193
|
+
</match>
|
194
|
+
</label>
|
195
|
+
```
|
196
|
+
|
197
|
+
This generates following events:
|
198
|
+
|
199
|
+
```
|
200
|
+
2016-11-28 13:07:08.009131727 +0900 dummy.log: {"message1":"no grok pattern matched!","prog":"foo","message":"no grok pattern matched!","grokfailure":"No grok pattern matched"}
|
201
|
+
2016-11-28 13:07:09.010400923 +0900 dummy.log: {"message1":"/","prog":"bar","path":"/"}
|
202
|
+
```
|
203
|
+
|
204
|
+
|
205
|
+
**grok/pattern**
|
206
|
+
|
207
|
+
Section for grok patterns. You can use multiple grok patterns with
|
208
|
+
multiple `<grok>` sections.
|
209
|
+
|
210
|
+
```aconf
|
211
|
+
<grok>
|
212
|
+
pattern %{IP:ipaddress}
|
213
|
+
</grok>
|
214
|
+
```
|
215
|
+
|
216
|
+
**multiline_start_regexp**
|
217
|
+
|
218
|
+
The regexp to match beginning of multiline. This is only for "multiline_grok".
|
219
|
+
|
148
220
|
## How to write Grok patterns
|
149
221
|
|
150
222
|
Grok patterns look like `%{PATTERN_NAME:name}` where ":name" is optional. If "name" is provided, then it
|
@@ -4,9 +4,9 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |spec|
|
6
6
|
spec.name = "fluent-plugin-grok-parser"
|
7
|
-
spec.version = "2.0
|
8
|
-
spec.authors = ["kiyoto"]
|
9
|
-
spec.email = ["kiyoto@treasure-data.com"]
|
7
|
+
spec.version = "2.1.0"
|
8
|
+
spec.authors = ["kiyoto", "Kenji Okimoto"]
|
9
|
+
spec.email = ["kiyoto@treasure-data.com", "okimoto@clear-code.com"]
|
10
10
|
spec.summary = %q{Fluentd plugin to support Logstash-inspired Grok format for parsing logs}
|
11
11
|
spec.homepage = "https://github.com/fluent/fluent-plugin-grok-parser"
|
12
12
|
spec.license = "Apache-2.0"
|
data/lib/fluent/plugin/grok.rb
CHANGED
@@ -11,6 +11,8 @@ module Fluent
|
|
11
11
|
config_param :grok_pattern, :string, default: nil
|
12
12
|
desc "Path to the file that includes custom grok patterns"
|
13
13
|
config_param :custom_pattern_path, :string, default: nil
|
14
|
+
desc "The key has grok failure reason"
|
15
|
+
config_param :grok_failure_key, :string, default: nil
|
14
16
|
|
15
17
|
def initialize
|
16
18
|
super
|
@@ -50,6 +52,7 @@ module Fluent
|
|
50
52
|
end
|
51
53
|
end
|
52
54
|
@default_parser.parse(text) do |time, record|
|
55
|
+
record[@grok_failure_key] = "No grok pattern matched" if @grok_failure_key
|
53
56
|
yield time, record
|
54
57
|
end
|
55
58
|
end
|
@@ -8,14 +8,6 @@ module Fluent
|
|
8
8
|
desc "The regexp to match beginning of multiline"
|
9
9
|
config_param :multiline_start_regexp, :string, default: nil
|
10
10
|
|
11
|
-
def initialize
|
12
|
-
super
|
13
|
-
end
|
14
|
-
|
15
|
-
def configure(conf={})
|
16
|
-
super
|
17
|
-
end
|
18
|
-
|
19
11
|
def has_firstline?
|
20
12
|
!!@multiline_start_regexp
|
21
13
|
end
|
@@ -33,6 +25,10 @@ module Fluent
|
|
33
25
|
end
|
34
26
|
end
|
35
27
|
end
|
28
|
+
@default_parser.parse(text) do |time, record|
|
29
|
+
record[@grok_failure_key] = "No grok pattern matched" if @grok_failure_key
|
30
|
+
yield time, record
|
31
|
+
end
|
36
32
|
end
|
37
33
|
end
|
38
34
|
end
|
data/test/test_grok_parser.rb
CHANGED
@@ -123,10 +123,48 @@ class GrokParserTest < ::Test::Unit::TestCase
|
|
123
123
|
end
|
124
124
|
end
|
125
125
|
|
126
|
+
class NoGrokPatternMatched < self
|
127
|
+
def test_with_grok_failure_key
|
128
|
+
config = %[
|
129
|
+
grok_failure_key grok_failure
|
130
|
+
<grok>
|
131
|
+
pattern %{PATH:path}
|
132
|
+
</grok>
|
133
|
+
]
|
134
|
+
expected = {
|
135
|
+
"grok_failure" => "No grok pattern matched",
|
136
|
+
"message" => "no such pattern"
|
137
|
+
}
|
138
|
+
d = create_driver(config)
|
139
|
+
d.instance.parse("no such pattern") do |_time, record|
|
140
|
+
assert_equal(expected, record)
|
141
|
+
end
|
142
|
+
end
|
143
|
+
|
144
|
+
def test_without_grok_failure_key
|
145
|
+
config = %[
|
146
|
+
<grok>
|
147
|
+
pattern %{PATH:path}
|
148
|
+
</grok>
|
149
|
+
]
|
150
|
+
expected = {
|
151
|
+
"message" => "no such pattern"
|
152
|
+
}
|
153
|
+
d = create_driver(config)
|
154
|
+
d.instance.parse("no such pattern") do |_time, record|
|
155
|
+
assert_equal(expected, record)
|
156
|
+
end
|
157
|
+
end
|
158
|
+
end
|
159
|
+
|
126
160
|
private
|
127
161
|
|
162
|
+
def create_driver(conf)
|
163
|
+
Fluent::Test::Driver::Parser.new(Fluent::Plugin::GrokParser).configure(conf)
|
164
|
+
end
|
165
|
+
|
128
166
|
def internal_test_grok_pattern(grok_pattern, text, expected_time, expected_record, options = {})
|
129
|
-
d =
|
167
|
+
d = create_driver({"grok_pattern" => grok_pattern}.merge(options))
|
130
168
|
|
131
169
|
# for the new API
|
132
170
|
d.instance.parse(text) {|time, record|
|
@@ -61,6 +61,40 @@ TEXT
|
|
61
61
|
assert(d.instance.firstline?(text))
|
62
62
|
end
|
63
63
|
|
64
|
+
class NoGrokPatternMatched < self
|
65
|
+
def test_with_grok_failure_key
|
66
|
+
config = %[
|
67
|
+
grok_failure_key grok_failure
|
68
|
+
<grok>
|
69
|
+
pattern %{PATH:path}
|
70
|
+
</grok>
|
71
|
+
]
|
72
|
+
expected = {
|
73
|
+
"grok_failure" => "No grok pattern matched",
|
74
|
+
"message" => "no such pattern\nno such pattern\n"
|
75
|
+
}
|
76
|
+
d = create_driver(config)
|
77
|
+
d.instance.parse("no such pattern\nno such pattern\n") do |_time, record|
|
78
|
+
assert_equal(expected, record)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_without_grok_failure_key
|
83
|
+
config = %[
|
84
|
+
<grok>
|
85
|
+
pattern %{PATH:path}
|
86
|
+
</grok>
|
87
|
+
]
|
88
|
+
expected = {
|
89
|
+
"message" => "no such pattern\nno such pattern\n"
|
90
|
+
}
|
91
|
+
d = create_driver(config)
|
92
|
+
d.instance.parse("no such pattern\nno such pattern\n") do |_time, record|
|
93
|
+
assert_equal(expected, record)
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
64
98
|
private
|
65
99
|
|
66
100
|
def create_driver(conf)
|
metadata
CHANGED
@@ -1,14 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-grok-parser
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0
|
4
|
+
version: 2.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- kiyoto
|
8
|
+
- Kenji Okimoto
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|
11
|
-
date: 2016-11-
|
12
|
+
date: 2016-11-28 00:00:00.000000000 Z
|
12
13
|
dependencies:
|
13
14
|
- !ruby/object:Gem::Dependency
|
14
15
|
name: bundler
|
@@ -69,6 +70,7 @@ dependencies:
|
|
69
70
|
description:
|
70
71
|
email:
|
71
72
|
- kiyoto@treasure-data.com
|
73
|
+
- okimoto@clear-code.com
|
72
74
|
executables: []
|
73
75
|
extensions: []
|
74
76
|
extra_rdoc_files: []
|