fluent-plugin-splunk-parser 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +3 -0
- data/LICENSE +25 -0
- data/README.md +43 -0
- data/Rakefile +13 -0
- data/fluent-plugin-splunk-parser.gemspec +27 -0
- data/lib/fluent/plugin/parser_splunk_parser.rb +49 -0
- data/test/helper.rb +8 -0
- data/test/plugin/test_parser_splunk_parser.rb +18 -0
- metadata +116 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: f6b2dc2d8fc62bd5fea3dd3e5eb0a3e87d74e7a9
|
4
|
+
data.tar.gz: aa80774ae7fce182336899d5eb546adc0b5ccbb4
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: eda11ef02b55551cde94ac50c88c1b3ecc836d0cb65247ab49ac8be206dfeea93c1754366502f300ffcbfece38334a229470cd2682c455ca971af9756e1bccbd
|
7
|
+
data.tar.gz: 0da28126b70ec3772cad7f332527dc73bc761050e60a38e15a181eafc713068a09e27eb34e45d54d9b4ae04c194f2d2864327429cd5634929f1717eb99f5c0f5
|
data/Gemfile
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
BSD 2-Clause License
|
2
|
+
|
3
|
+
Copyright (c) 2017, Zsolt Fekete
|
4
|
+
All rights reserved.
|
5
|
+
|
6
|
+
Redistribution and use in source and binary forms, with or without
|
7
|
+
modification, are permitted provided that the following conditions are met:
|
8
|
+
|
9
|
+
* Redistributions of source code must retain the above copyright notice, this
|
10
|
+
list of conditions and the following disclaimer.
|
11
|
+
|
12
|
+
* Redistributions in binary form must reproduce the above copyright notice,
|
13
|
+
this list of conditions and the following disclaimer in the documentation
|
14
|
+
and/or other materials provided with the distribution.
|
15
|
+
|
16
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
17
|
+
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
18
|
+
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
19
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
|
20
|
+
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
21
|
+
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
22
|
+
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
|
23
|
+
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
24
|
+
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
25
|
+
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/README.md
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
# fluent-plugin-splunk-parser
|
2
|
+
|
3
|
+
[Fluentd](https://fluentd.org/) parser plugin to do something.
|
4
|
+
|
5
|
+
TODO: write description for you plugin.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
### RubyGems
|
10
|
+
|
11
|
+
```
|
12
|
+
$ gem install fluent-plugin-splunk-parser
|
13
|
+
```
|
14
|
+
|
15
|
+
### Bundler
|
16
|
+
|
17
|
+
Add following line to your Gemfile:
|
18
|
+
|
19
|
+
```ruby
|
20
|
+
gem "fluent-plugin-splunk-parser"
|
21
|
+
```
|
22
|
+
|
23
|
+
And then execute:
|
24
|
+
|
25
|
+
```
|
26
|
+
$ bundle
|
27
|
+
```
|
28
|
+
|
29
|
+
## Configuration
|
30
|
+
|
31
|
+
You can generate configuration template:
|
32
|
+
|
33
|
+
```
|
34
|
+
$ fluent-plugin-config-format parser splunk-parser
|
35
|
+
```
|
36
|
+
|
37
|
+
You can copy and paste generated documents here.
|
38
|
+
|
39
|
+
## Copyright
|
40
|
+
|
41
|
+
* Copyright(c) 2017- TODO: Write your name
|
42
|
+
* License
|
43
|
+
* Apache License, Version 2.0
|
data/Rakefile
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
require "bundler"
|
2
|
+
Bundler::GemHelper.install_tasks
|
3
|
+
|
4
|
+
require "rake/testtask"
|
5
|
+
|
6
|
+
Rake::TestTask.new(:test) do |t|
|
7
|
+
t.libs.push("lib", "test")
|
8
|
+
t.test_files = FileList["test/**/test_*.rb"]
|
9
|
+
t.verbose = true
|
10
|
+
t.warning = true
|
11
|
+
end
|
12
|
+
|
13
|
+
task default: [:test]
|
@@ -0,0 +1,27 @@
|
|
1
|
+
lib = File.expand_path("../lib", __FILE__)
|
2
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
3
|
+
|
4
|
+
Gem::Specification.new do |spec|
|
5
|
+
spec.name = "fluent-plugin-splunk-parser"
|
6
|
+
spec.version = "0.1.0"
|
7
|
+
spec.authors = ["Zsolt Fekete"]
|
8
|
+
spec.email = ["zsoltf@me.com"]
|
9
|
+
|
10
|
+
spec.summary = %q{Fluentd Splunk Parser plugin}
|
11
|
+
spec.description = %q{Fluentd plugin that parsers splunk formatted logs}
|
12
|
+
spec.homepage = "https://github.com/zsoltf/fluent-plugin-splunk-parser"
|
13
|
+
spec.license = "BSD-2-Clause"
|
14
|
+
|
15
|
+
test_files, files = `git ls-files -z`.split("\x0").partition do |f|
|
16
|
+
f.match(%r{^(test|spec|features)/})
|
17
|
+
end
|
18
|
+
spec.files = files
|
19
|
+
spec.executables = files.grep(%r{^bin/}) { |f| File.basename(f) }
|
20
|
+
spec.test_files = test_files
|
21
|
+
spec.require_paths = ["lib"]
|
22
|
+
|
23
|
+
spec.add_development_dependency "bundler", "~> 1.14"
|
24
|
+
spec.add_development_dependency "rake", "~> 12.0"
|
25
|
+
spec.add_development_dependency "test-unit", "~> 3.0"
|
26
|
+
spec.add_runtime_dependency "fluentd", [">= 0.14.10", "< 2"]
|
27
|
+
end
|
@@ -0,0 +1,49 @@
|
|
1
|
+
#
|
2
|
+
# Copyright 2017- TODO: Write your name
|
3
|
+
#
|
4
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
# you may not use this file except in compliance with the License.
|
6
|
+
# You may obtain a copy of the License at
|
7
|
+
#
|
8
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
#
|
10
|
+
# Unless required by applicable law or agreed to in writing, software
|
11
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
# See the License for the specific language governing permissions and
|
14
|
+
# limitations under the License.
|
15
|
+
|
16
|
+
require "fluent/plugin/parser"
|
17
|
+
|
18
|
+
module Fluent::Plugin
|
19
|
+
class SplunkParser < Parser
|
20
|
+
# Register this parser as "splunk"
|
21
|
+
Fluent::Plugin.register_parser("splunk", self)
|
22
|
+
|
23
|
+
config_param :delimiter, :string, default: "|" # delimiter is configurable with " " as default
|
24
|
+
config_param :time_format, :string, default: nil # time_format is configurable
|
25
|
+
|
26
|
+
def configure(conf)
|
27
|
+
super
|
28
|
+
|
29
|
+
if @delimiter.length != 1
|
30
|
+
raise ConfigError, "delimiter must be a single character. #{@delimiter} is not."
|
31
|
+
end
|
32
|
+
|
33
|
+
# TimeParser class is already given. It takes a single argument as the time format
|
34
|
+
# to parse the time string with.
|
35
|
+
@time_parser = Fluent::TimeParser.new(@time_format)
|
36
|
+
end
|
37
|
+
|
38
|
+
def parse(text)
|
39
|
+
time, key_values = text.split(@delimiter, 2)
|
40
|
+
time = @time_parser.parse(time)
|
41
|
+
record = {}
|
42
|
+
key_values.split(@delimiter).each { |kv|
|
43
|
+
k, v = kv.split("=", 2)
|
44
|
+
record[k] = v
|
45
|
+
}
|
46
|
+
yield time, record
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
data/test/helper.rb
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.expand_path("../../", __FILE__))
|
2
|
+
require "test-unit"
|
3
|
+
require "fluent/test"
|
4
|
+
require "fluent/test/driver/parser"
|
5
|
+
require "fluent/test/helpers"
|
6
|
+
|
7
|
+
Test::Unit::TestCase.include(Fluent::Test::Helpers)
|
8
|
+
Test::Unit::TestCase.extend(Fluent::Test::Helpers)
|
@@ -0,0 +1,18 @@
|
|
1
|
+
require "helper"
|
2
|
+
require "fluent/plugin/parser_splunk_parser.rb"
|
3
|
+
|
4
|
+
class SplunkParserParserTest < Test::Unit::TestCase
|
5
|
+
setup do
|
6
|
+
Fluent::Test.setup
|
7
|
+
end
|
8
|
+
|
9
|
+
test "failure" do
|
10
|
+
flunk
|
11
|
+
end
|
12
|
+
|
13
|
+
private
|
14
|
+
|
15
|
+
def create_driver(conf)
|
16
|
+
Fluent::Test::Driver::Parser.new(Fluent::Plugin::SplunkParserParser).configure(conf)
|
17
|
+
end
|
18
|
+
end
|
metadata
ADDED
@@ -0,0 +1,116 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: fluent-plugin-splunk-parser
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Zsolt Fekete
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2017-11-28 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.14'
|
20
|
+
type: :development
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: '1.14'
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '12.0'
|
34
|
+
type: :development
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '12.0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: test-unit
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '3.0'
|
48
|
+
type: :development
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '3.0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: fluentd
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.14.10
|
62
|
+
- - "<"
|
63
|
+
- !ruby/object:Gem::Version
|
64
|
+
version: '2'
|
65
|
+
type: :runtime
|
66
|
+
prerelease: false
|
67
|
+
version_requirements: !ruby/object:Gem::Requirement
|
68
|
+
requirements:
|
69
|
+
- - ">="
|
70
|
+
- !ruby/object:Gem::Version
|
71
|
+
version: 0.14.10
|
72
|
+
- - "<"
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '2'
|
75
|
+
description: Fluentd plugin that parsers splunk formatted logs
|
76
|
+
email:
|
77
|
+
- zsoltf@me.com
|
78
|
+
executables: []
|
79
|
+
extensions: []
|
80
|
+
extra_rdoc_files: []
|
81
|
+
files:
|
82
|
+
- Gemfile
|
83
|
+
- LICENSE
|
84
|
+
- README.md
|
85
|
+
- Rakefile
|
86
|
+
- fluent-plugin-splunk-parser.gemspec
|
87
|
+
- lib/fluent/plugin/parser_splunk_parser.rb
|
88
|
+
- test/helper.rb
|
89
|
+
- test/plugin/test_parser_splunk_parser.rb
|
90
|
+
homepage: https://github.com/zsoltf/fluent-plugin-splunk-parser
|
91
|
+
licenses:
|
92
|
+
- BSD-2-Clause
|
93
|
+
metadata: {}
|
94
|
+
post_install_message:
|
95
|
+
rdoc_options: []
|
96
|
+
require_paths:
|
97
|
+
- lib
|
98
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
99
|
+
requirements:
|
100
|
+
- - ">="
|
101
|
+
- !ruby/object:Gem::Version
|
102
|
+
version: '0'
|
103
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
104
|
+
requirements:
|
105
|
+
- - ">="
|
106
|
+
- !ruby/object:Gem::Version
|
107
|
+
version: '0'
|
108
|
+
requirements: []
|
109
|
+
rubyforge_project:
|
110
|
+
rubygems_version: 2.5.2.1
|
111
|
+
signing_key:
|
112
|
+
specification_version: 4
|
113
|
+
summary: Fluentd Splunk Parser plugin
|
114
|
+
test_files:
|
115
|
+
- test/helper.rb
|
116
|
+
- test/plugin/test_parser_splunk_parser.rb
|