logstash-filter-aggregate 0.1.3 → 0.1.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 60e752551408fc57869c2ab7866e76f8612aa0c6
-  data.tar.gz: 3757e961e87a984a827b07a748811638c2df4cb7
+  metadata.gz: fd8b53ee4301fd348e4c688e79b3f1aad2586c2f
+  data.tar.gz: 2fd5b3532db3244d976fc837d50f2ee8faf4631c
 SHA512:
-  metadata.gz: b9cb0e54a99fd0933499f98101d72b11943a24bd039c84a76fa9e9578a4580ef4b4ff514c9141415fc6740f93e2c9b34fed4fa1df9b4d980df70eb520e399154
-  data.tar.gz: caec2ae83b4d7d0985e2a96b1cf40d5be58de8915b2b8a17f3c8043085db270d895e8c6f60fe250d0333390d507458306a3b39ec6a192ae18d7a4ab0071c89cf
+  metadata.gz: ede2f98ac9891b48583578798c746173a04bbbfe5444394b93c97fe8e11ef3934db8c43076b6c3f2c197f8aa247e1716f026faf6eecef6db12b362eaa49bc5eb
+  data.tar.gz: 23ce067a14832716f854752e4ed05ccf5b4f237b47f00021a30ee6c751a2e710a607aa702906df587546bc15fe5e9b7b7464b5024d421725af82c3d6e27f5a9c

data/BUILD.md

@@ -11,10 +11,6 @@ Logstash provides infrastructure to automatically generate documentation for thi
 - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
 - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
 
-## Need Help?
-
-Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
-
 ## Developing
 
 ### 1. Plugin Developement and Testing
@@ -22,7 +18,7 @@ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/log
 #### Code
 - To get started, you'll need JRuby with the Bundler gem installed.
 
-- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+- Create a new plugin or clone an existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
 
 - Install dependencies
 ```sh

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# v 0.1.4
+- fix issue #5 : when code call raises an exception, the error is logged and the event is tagged '_aggregateexception'. It avoids logstash crash.
+
+# v 0.1.3
+- break compatibility with logstash 1.4
+- remove "milestone" method call which is deprecated in logstash 1.5
+- enhanced tests using 'expect' command
+- add a second example in documentation
+
+# v 0.1.2
+- compatible with logstash 1.4
+- first version available on github

data/README.md

@@ -1,6 +1,6 @@
 # Logstash Filter Aggregate Documentation
 
-The aim of this filter is to aggregate informations available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event.
+The aim of this filter is to aggregate information available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event.
  
 ## Example #1
 
@@ -104,6 +104,7 @@ it allows to initialize 'sql_duration' map entry to 0 only if this map entry is
 - after the final event, the map attached to task is deleted
 - in one filter configuration, it is recommanded to define a timeout option to protect the filter against unterminated tasks. It tells the filter to delete expired maps
 - if no timeout is defined, by default, all maps older than 1800 seconds are automatically deleted
+- finally, if `code` execution raises an exception, the error is logged and event is tagged '_aggregateexception'
 
 ## Aggregate Plugin Options
 - **task_id :**  
@@ -134,3 +135,13 @@ Default value: `false`
 The amount of seconds after a task "end event" can be considered lost.  
 The task "map" is then evicted.  
 The default value is 0, which means no timeout so no auto eviction.  
+
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+
+## Want to contribute?
+
+Read [BUILD.md](BUILD.md).

data/lib/logstash/filters/aggregate.rb

@@ -5,13 +5,13 @@ require "logstash/namespace"
 require "thread"
 
 #
-# The aim of this filter is to aggregate informations available among several events (typically log lines) belonging to a same task,
+# The aim of this filter is to aggregate information available among several events (typically log lines) belonging to a same task,
 # and finally push aggregated information into final task event.
 # 
-# An example of use can be:  
+# ==== Example #1
 #
 # * with these given logs :  
-# [source,log]
+# [source,ruby]
 # ----------------------------------
 #   INFO - 12345 - TASK_START - start
 #   INFO - 12345 - SQL - sqlQuery1 - 12
@@ -19,7 +19,7 @@ require "thread"
 #   INFO - 12345 - TASK_END - end
 # ----------------------------------
 #
-# * you can aggregate "dao duration" with this configuration :  
+# * you can aggregate "sql duration" for the whole task with this configuration :
 # [source,ruby]
 # ----------------------------------
 #     filter {
@@ -56,7 +56,7 @@ require "thread"
 # ----------------------------------
 #
 # * the final event then looks like :  
-# [source,json]
+# [source,ruby]
 # ----------------------------------
 # {
 #         "message" => "INFO - 12345 - TASK_END - end message",
@@ -66,9 +66,10 @@ require "thread"
 #
 # the field `sql_duration` is added and contains the sum of all sql queries durations.
 #
-#
-# * Another example : imagine you have the same logs than example #1, but without a start log : 
-# [source,log]
+# ==== Example #2
+# 
+# * If you have the same logs than example #1, but without a start log :
+# [source,ruby]
 # ----------------------------------
 #   INFO - 12345 - SQL - sqlQuery1 - 12
 #   INFO - 12345 - SQL - sqlQuery2 - 34
@@ -102,47 +103,57 @@ require "thread"
 # ----------------------------------
 #
 # * the final event is exactly the same than example #1
-# * the key point is the "||=" ruby operator. +
-# it allows to initialize 'sql_duration' map entry to 0 only if this map entry is not already initialized
+# * the key point is the "||=" ruby operator. It allows to initialize 'sql_duration' map entry to 0 only if this map entry is not already initialized
 #
 #
-# How it works :
-# - the filter needs a "task_id" to correlate events (log lines) of a same task
-# - at the task beggining, filter creates a map, attached to task_id
-# - for each event, you can execute code using 'event' and 'map' (for instance, copy an event field to map)
-# - in the final event, you can execute a last code (for instance, add map data to final event)
-# - after the final event, the map attached to task is deleted
-# - in one filter configuration, it is recommanded to define a timeout option to protect the feature against unterminated tasks. It tells the filter to delete expired maps
-# - if no timeout is defined, by default, all maps older than 1800 seconds are automatically deleted
+# ==== How it works
+# * the filter needs a "task_id" to correlate events (log lines) of a same task
+# * at the task beggining, filter creates a map, attached to task_id
+# * for each event, you can execute code using 'event' and 'map' (for instance, copy an event field to map)
+# * in the final event, you can execute a last code (for instance, add map data to final event)
+# * after the final event, the map attached to task is deleted
+# * in one filter configuration, it is recommanded to define a timeout option to protect the feature against unterminated tasks. It tells the filter to delete expired maps
+# * if no timeout is defined, by default, all maps older than 1800 seconds are automatically deleted
+# * finally, if `code` execution raises an exception, the error is logged and event is tagged '_aggregateexception'
 #
 #
 class LogStash::Filters::Aggregate < LogStash::Filters::Base
 
 	config_name "aggregate"
 
-	# The expression defining task ID to correlate logs. +
-	# This value must uniquely identify the task in the system +
-	# Example value : "%{application}%{my_task_id}" +
+	# The expression defining task ID to correlate logs.
+	#
+	# This value must uniquely identify the task in the system.
+	#
+	# Example value : "%{application}%{my_task_id}"
 	config :task_id, :validate => :string, :required => true
 
-	# The code to execute to update map, using current event. +
-	# Or on the contrary, the code to execute to update event, using current map. +
-	# You will have a 'map' variable and an 'event' variable available (that is the event itself). +
-	# Example value : "map['sql_duration'] += event['duration']" +
+	# The code to execute to update map, using current event.
+	#
+	# Or on the contrary, the code to execute to update event, using current map.
+	#
+	# You will have a 'map' variable and an 'event' variable available (that is the event itself).
+	#
+	# Example value : "map['sql_duration'] += event['duration']"
 	config :code, :validate => :string, :required => true
 
-	# Tell the filter what to do with aggregate map (default :  "create_or_update"). +
-	# create: create the map, and execute the code only if map wasn't created before +
-	# update: doesn't create the map, and execute the code only if map was created before +
-	# create_or_update: create the map if it wasn't created before, execute the code in all cases +
+	# Tell the filter what to do with aggregate map.
+	#
+	# `create`: create the map, and execute the code only if map wasn't created before
+	#
+	# `update`: doesn't create the map, and execute the code only if map was created before
+	#
+	# `create_or_update`: create the map if it wasn't created before, execute the code in all cases
 	config :map_action, :validate => :string, :default => "create_or_update"
 
 	# Tell the filter that task is ended, and therefore, to delete map after code execution.  
 	config :end_of_task, :validate => :boolean, :default => false
 
-	# The amount of seconds after a task "end event" can be considered lost. +
-	# The task "map" is evicted. +
-	# The default value is 0, which means no timeout so no auto eviction. +
+	# The amount of seconds after a task "end event" can be considered lost.
+	#
+	# The task "map" is evicted.
+	#
+	# Default value (`0`) means no timeout so no auto eviction.
 	config :timeout, :validate => :number, :required => false, :default => 0
 
 	
@@ -188,7 +199,11 @@ class LogStash::Filters::Aggregate < LogStash::Filters::Base
 		task_id = event.sprintf(@task_id)
 		return if task_id.nil? || task_id.empty? || task_id == @task_id
 
+		noError = false
+
+		# protect aggregate_maps against concurrent access, using a mutex
 		@@mutex.synchronize do
+		
 			# retrieve the current aggregate map
 			aggregate_maps_element = @@aggregate_maps[task_id]
 			if (aggregate_maps_element.nil?)
@@ -201,13 +216,20 @@ class LogStash::Filters::Aggregate < LogStash::Filters::Base
 			map = aggregate_maps_element.map
 
 			# execute the code to read/update map and event
-			@codeblock.call(event, map)
+			begin
+				@codeblock.call(event, map)
+				noError = true
+			rescue => exception
+				@logger.error("Aggregate exception occurred. Error: #{exception} ; Code: #{@code} ; Map: #{map} ; EventData: #{event.instance_variable_get('@data')}")
+				event.tag("_aggregateexception")
+			end
 			
 			# delete the map if task is ended
 			@@aggregate_maps.delete(task_id) if @end_of_task
 		end
 
-		filter_matched(event)
+		# match the filter, only if no error occurred
+		filter_matched(event) if noError
 	end
 
 	# Necessary to indicate logstash to periodically call 'flush' method

data/logstash-filter-aggregate.gemspec

@@ -1,8 +1,8 @@
 Gem::Specification.new do |s|
   s.name = 'logstash-filter-aggregate'
-  s.version         = '0.1.3'
+  s.version         = '0.1.4'
   s.licenses = ['Apache License (2.0)']
-  s.summary = "The aim of this filter is to aggregate informations available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event."
+  s.summary = "The aim of this filter is to aggregate information available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event."
   s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
   s.authors = ["Elastic", "Fabien Baligand"]
   s.email = 'info@elastic.co'

data/spec/filters/aggregate_spec.rb

@@ -1,167 +1,177 @@
-# encoding: utf-8
-require "logstash/devutils/rspec/spec_helper"
-require "logstash/filters/aggregate"
-require_relative "aggregate_spec_helper"
-
-describe LogStash::Filters::Aggregate do
-
-	before(:each) do
-		set_eviction_instance(nil)
-		aggregate_maps.clear()
-		@start_filter = setup_filter({ "map_action" => "create", "code" => "map['sql_duration'] = 0" })
-		@update_filter = setup_filter({ "map_action" => "update", "code" => "map['sql_duration'] += event['duration']" })
-		@end_filter = setup_filter({ "map_action" => "update", "code" => "event.to_hash.merge!(map)", "end_of_task" => true, "timeout" => 5 })
-	end
-
-	context "Start event" do
-		describe "and receiving an event without task_id" do
-			it "does not record it" do
-				@start_filter.filter(event())
-				expect(aggregate_maps).to be_empty
-			end
-		end
-		describe "and receiving an event with task_id" do
-			it "records it" do
-				event = start_event("taskid" => "id123")
-				@start_filter.filter(event)
-
-				expect(aggregate_maps.size).to eq(1)
-				expect(aggregate_maps["id123"]).not_to be_nil
-				expect(aggregate_maps["id123"].creation_timestamp).to be >= event["@timestamp"]
-				expect(aggregate_maps["id123"].map["sql_duration"]).to eq(0)
-			end
-		end
-
-		describe "and receiving two 'start events' for the same task_id" do
-			it "keeps the first one and does nothing with the second one" do
-
-				first_start_event = start_event("taskid" => "id124")
-				@start_filter.filter(first_start_event)
-				
-				first_update_event = update_event("taskid" => "id124", "duration" => 2)
-				@update_filter.filter(first_update_event)
-				
-				sleep(1)
-				second_start_event = start_event("taskid" => "id124")
-				@start_filter.filter(second_start_event)
-
-				expect(aggregate_maps.size).to eq(1)
-				expect(aggregate_maps["id124"].creation_timestamp).to be < second_start_event["@timestamp"]
-				expect(aggregate_maps["id124"].map["sql_duration"]).to eq(first_update_event["duration"])
-			end
-		end
-	end
-
-	context "End event" do
-		describe "receiving an event without a previous 'start event'" do
-			describe "but without a previous 'start event'" do
-				it "does nothing with the event" do
-					end_event = end_event("taskid" => "id124")
-					@end_filter.filter(end_event)
-
-					expect(aggregate_maps).to be_empty
-					expect(end_event["sql_duration"]).to be_nil
-				end
-			end
-		end
-	end
-
-	context "Start/end events interaction" do
-		describe "receiving a 'start event'" do
-			before(:each) do
-				@task_id_value = "id_123"
-				@start_event = start_event({"taskid" => @task_id_value})
-				@start_filter.filter(@start_event)
-				expect(aggregate_maps.size).to eq(1)
-			end
-
-			describe "and receiving an end event" do
-				describe "and without an id" do
-					it "does nothing" do
-						end_event = end_event()
-						@end_filter.filter(end_event)
-						expect(aggregate_maps.size).to eq(1)
-						expect(end_event["sql_duration"]).to be_nil
-					end
-				end
-
-				describe "and an id different from the one of the 'start event'" do
-					it "does nothing" do
-						different_id_value = @task_id_value + "_different"
-						@end_filter.filter(end_event("taskid" => different_id_value))
-
-						expect(aggregate_maps.size).to eq(1)
-						expect(aggregate_maps[@task_id_value]).not_to be_nil
-					end
-				end
-
-				describe "and the same id of the 'start event'" do
-					it "add 'sql_duration' field to the end event and deletes the recorded 'start event'" do
-						expect(aggregate_maps.size).to eq(1)
-
-						@update_filter.filter(update_event("taskid" => @task_id_value, "duration" => 2))
-
-						end_event = end_event("taskid" => @task_id_value)
-						@end_filter.filter(end_event)
-
-						expect(aggregate_maps).to be_empty
-						expect(end_event["sql_duration"]).to eq(2)
-					end
-
-				end
-			end
-		end
-	end
-
-	context "flush call" do
-		before(:each) do
-			@end_filter.timeout = 1
-			expect(@end_filter.timeout).to eq(1)
-			@task_id_value = "id_123"
-			@start_event = start_event({"taskid" => @task_id_value})
-			@start_filter.filter(@start_event)
-			expect(aggregate_maps.size).to eq(1)
-		end
-
-		describe "no timeout defined in none filter" do
-			it "defines a default timeout on a default filter" do
-				set_eviction_instance(nil)
-				expect(eviction_instance).to be_nil
-				@end_filter.flush()
-				expect(eviction_instance).to eq(@end_filter)
-				expect(@end_filter.timeout).to eq(LogStash::Filters::Aggregate::DEFAULT_TIMEOUT)
-			end
-		end
-
-		describe "timeout is defined on another filter" do
-			it "eviction_instance is not updated" do
-				expect(eviction_instance).not_to be_nil
-				@start_filter.flush()
-				expect(eviction_instance).not_to eq(@start_filter)
-				expect(eviction_instance).to eq(@end_filter)
-			end
-		end
-
-		describe "no timeout defined on the filter" do
-			it "event is not removed" do
-				sleep(2)
-				@start_filter.flush()
-				expect(aggregate_maps.size).to eq(1)
-			end
-		end
-
-		describe "timeout defined on the filter" do
-			it "event is not removed if not expired" do
-				@end_filter.flush()
-				expect(aggregate_maps.size).to eq(1)
-			end
-			it "event is removed if expired" do
-				sleep(2)
-				@end_filter.flush()
-				expect(aggregate_maps).to be_empty
-			end
-		end
-
-	end
-
-end
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/filters/aggregate"
+require_relative "aggregate_spec_helper"
+
+describe LogStash::Filters::Aggregate do
+
+	before(:each) do
+		set_eviction_instance(nil)
+		aggregate_maps.clear()
+		@start_filter = setup_filter({ "map_action" => "create", "code" => "map['sql_duration'] = 0" })
+		@update_filter = setup_filter({ "map_action" => "update", "code" => "map['sql_duration'] += event['duration']" })
+		@end_filter = setup_filter({ "map_action" => "update", "code" => "event.to_hash.merge!(map)", "end_of_task" => true, "timeout" => 5 })
+	end
+
+	context "Start event" do
+		describe "and receiving an event without task_id" do
+			it "does not record it" do
+				@start_filter.filter(event())
+				expect(aggregate_maps).to be_empty
+			end
+		end
+		describe "and receiving an event with task_id" do
+			it "records it" do
+				event = start_event("taskid" => "id123")
+				@start_filter.filter(event)
+
+				expect(aggregate_maps.size).to eq(1)
+				expect(aggregate_maps["id123"]).not_to be_nil
+				expect(aggregate_maps["id123"].creation_timestamp).to be >= event["@timestamp"]
+				expect(aggregate_maps["id123"].map["sql_duration"]).to eq(0)
+			end
+		end
+
+		describe "and receiving two 'start events' for the same task_id" do
+			it "keeps the first one and does nothing with the second one" do
+
+				first_start_event = start_event("taskid" => "id124")
+				@start_filter.filter(first_start_event)
+				
+				first_update_event = update_event("taskid" => "id124", "duration" => 2)
+				@update_filter.filter(first_update_event)
+				
+				sleep(1)
+				second_start_event = start_event("taskid" => "id124")
+				@start_filter.filter(second_start_event)
+
+				expect(aggregate_maps.size).to eq(1)
+				expect(aggregate_maps["id124"].creation_timestamp).to be < second_start_event["@timestamp"]
+				expect(aggregate_maps["id124"].map["sql_duration"]).to eq(first_update_event["duration"])
+			end
+		end
+	end
+
+	context "End event" do
+		describe "receiving an event without a previous 'start event'" do
+			describe "but without a previous 'start event'" do
+				it "does nothing with the event" do
+					end_event = end_event("taskid" => "id124")
+					@end_filter.filter(end_event)
+
+					expect(aggregate_maps).to be_empty
+					expect(end_event["sql_duration"]).to be_nil
+				end
+			end
+		end
+	end
+
+	context "Start/end events interaction" do
+		describe "receiving a 'start event'" do
+			before(:each) do
+				@task_id_value = "id_123"
+				@start_event = start_event({"taskid" => @task_id_value})
+				@start_filter.filter(@start_event)
+				expect(aggregate_maps.size).to eq(1)
+			end
+
+			describe "and receiving an end event" do
+				describe "and without an id" do
+					it "does nothing" do
+						end_event = end_event()
+						@end_filter.filter(end_event)
+						expect(aggregate_maps.size).to eq(1)
+						expect(end_event["sql_duration"]).to be_nil
+					end
+				end
+
+				describe "and an id different from the one of the 'start event'" do
+					it "does nothing" do
+						different_id_value = @task_id_value + "_different"
+						@end_filter.filter(end_event("taskid" => different_id_value))
+
+						expect(aggregate_maps.size).to eq(1)
+						expect(aggregate_maps[@task_id_value]).not_to be_nil
+					end
+				end
+
+				describe "and the same id of the 'start event'" do
+					it "add 'sql_duration' field to the end event and deletes the aggregate map associated to taskid" do
+						expect(aggregate_maps.size).to eq(1)
+
+						@update_filter.filter(update_event("taskid" => @task_id_value, "duration" => 2))
+
+						end_event = end_event("taskid" => @task_id_value)
+						@end_filter.filter(end_event)
+
+						expect(aggregate_maps).to be_empty
+						expect(end_event["sql_duration"]).to eq(2)
+					end
+
+				end
+			end
+		end
+	end
+
+	context "Event which causes an exception when code call" do
+		it "intercepts exception, logs the error and tags the event with '_aggregateexception'" do
+			@start_filter = setup_filter({ "code" => "fail 'Test'" })
+			start_event = start_event("taskid" => "id124")
+			@start_filter.filter(start_event)
+
+			expect(start_event["tags"]).to eq(["_aggregateexception"])
+		end
+	end
+
+	context "flush call" do
+		before(:each) do
+			@end_filter.timeout = 1
+			expect(@end_filter.timeout).to eq(1)
+			@task_id_value = "id_123"
+			@start_event = start_event({"taskid" => @task_id_value})
+			@start_filter.filter(@start_event)
+			expect(aggregate_maps.size).to eq(1)
+		end
+
+		describe "no timeout defined in none filter" do
+			it "defines a default timeout on a default filter" do
+				set_eviction_instance(nil)
+				expect(eviction_instance).to be_nil
+				@end_filter.flush()
+				expect(eviction_instance).to eq(@end_filter)
+				expect(@end_filter.timeout).to eq(LogStash::Filters::Aggregate::DEFAULT_TIMEOUT)
+			end
+		end
+
+		describe "timeout is defined on another filter" do
+			it "eviction_instance is not updated" do
+				expect(eviction_instance).not_to be_nil
+				@start_filter.flush()
+				expect(eviction_instance).not_to eq(@start_filter)
+				expect(eviction_instance).to eq(@end_filter)
+			end
+		end
+
+		describe "no timeout defined on the filter" do
+			it "event is not removed" do
+				sleep(2)
+				@start_filter.flush()
+				expect(aggregate_maps.size).to eq(1)
+			end
+		end
+
+		describe "timeout defined on the filter" do
+			it "event is not removed if not expired" do
+				@end_filter.flush()
+				expect(aggregate_maps.size).to eq(1)
+			end
+			it "event is removed if expired" do
+				sleep(2)
+				@end_filter.flush()
+				expect(aggregate_maps).to be_empty
+			end
+		end
+
+	end
+
+end

data/spec/filters/aggregate_spec_helper.rb

@@ -1,49 +1,49 @@
-# encoding: utf-8
-require "logstash/filters/aggregate"
-
-def event(data = {})
-	data["message"] ||= "Log message"
-	data["@timestamp"] ||= Time.now
-	LogStash::Event.new(data)
-end
-
-def start_event(data = {})
-	data["logger"] = "TASK_START"
-	event(data)
-end
-
-def update_event(data = {})
-	data["logger"] = "SQL"
-	event(data)
-end
-
-def end_event(data = {})
-	data["logger"] = "TASK_END"
-	event(data)
-end
-
-def setup_filter(config = {})
-	config["task_id"] ||= "%{taskid}"
-	filter = LogStash::Filters::Aggregate.new(config)
-	filter.register()
-	return filter
-end
-
-def filter(event)
-	@start_filter.filter(event)
-	@update_filter.filter(event)
-	@end_filter.filter(event)
-end
-
-def aggregate_maps()
-	LogStash::Filters::Aggregate.class_variable_get(:@@aggregate_maps)
-end
-
-def eviction_instance()
-	LogStash::Filters::Aggregate.class_variable_get(:@@eviction_instance)
-end
-
-def set_eviction_instance(new_value)
-	LogStash::Filters::Aggregate.class_variable_set(:@@eviction_instance, new_value)
-end
-
+# encoding: utf-8
+require "logstash/filters/aggregate"
+
+def event(data = {})
+	data["message"] ||= "Log message"
+	data["@timestamp"] ||= Time.now
+	LogStash::Event.new(data)
+end
+
+def start_event(data = {})
+	data["logger"] = "TASK_START"
+	event(data)
+end
+
+def update_event(data = {})
+	data["logger"] = "SQL"
+	event(data)
+end
+
+def end_event(data = {})
+	data["logger"] = "TASK_END"
+	event(data)
+end
+
+def setup_filter(config = {})
+	config["task_id"] ||= "%{taskid}"
+	filter = LogStash::Filters::Aggregate.new(config)
+	filter.register()
+	return filter
+end
+
+def filter(event)
+	@start_filter.filter(event)
+	@update_filter.filter(event)
+	@end_filter.filter(event)
+end
+
+def aggregate_maps()
+	LogStash::Filters::Aggregate.class_variable_get(:@@aggregate_maps)
+end
+
+def eviction_instance()
+	LogStash::Filters::Aggregate.class_variable_get(:@@eviction_instance)
+end
+
+def set_eviction_instance(new_value)
+	LogStash::Filters::Aggregate.class_variable_set(:@@eviction_instance, new_value)
+end
+

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-aggregate
 version: !ruby/object:Gem::Version
-  version: 0.1.3
+  version: 0.1.4
 platform: ruby
 authors:
 - Elastic
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-07-04 00:00:00.000000000 Z
+date: 2015-10-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logstash-core
@@ -86,7 +86,7 @@ rubyforge_project:
 rubygems_version: 2.4.5
 signing_key:
 specification_version: 4
-summary: The aim of this filter is to aggregate informations available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event.
+summary: The aim of this filter is to aggregate information available among several events (typically log lines) belonging to a same task, and finally push aggregated information into final task event.
 test_files:
 - spec/filters/aggregate_spec.rb
 - spec/filters/aggregate_spec_helper.rb