logstash-filter-elasticsearchslowlog 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 0242d4cd501af99926848b0cd889fb15d05a53a1c3e68228ad95d774f8d162e8
|
|
4
|
+
data.tar.gz: 604a0868a681a0b2902295bcb7c2e80e11334c10a27b758eead50eb0af1042f7
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 69c6518cc1594f081993f7d1e45fbf5558ded250efa6649d54231df4e9ae1c6e7b1e1a3634c38023b814521c6ae2d898794030e9a34dcc724206fd06f69d26b7
|
|
7
|
+
data.tar.gz: 61b106501ecc2a93fc4ef7e44f78dcf260c72e53202ee9bc9ae12f09345e75a4bcf3cef55d08efc21b880716df8fa224e847bc681ba9e7a043c63cc015744962
|
|
@@ -27,7 +27,7 @@ class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
|
|
|
27
27
|
SLOWLOG_REGEX = /^\s*\[(?<local_timestamp>[^,]+),\d+\]\s*\[(?<level>.+?)\s*\]\s*\[index.search.slowlog.(?:query|fetch)\]\s*\[(?<node>.+?)\]\s*\[(?<index>.+?)\]\s*\[(?<shard>.+?)\]\s*(?<key_values>.+)$/.freeze
|
|
28
28
|
|
|
29
29
|
def filter(event)
|
|
30
|
-
message = event
|
|
30
|
+
message = event_get(event, @source)
|
|
31
31
|
if message
|
|
32
32
|
if matches = message.match(SLOWLOG_REGEX)
|
|
33
33
|
captures = Hash[matches.names.zip(matches.captures)]
|
|
@@ -37,7 +37,7 @@ class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
|
|
|
37
37
|
if ['shard'].include?(key)
|
|
38
38
|
value = value.to_i
|
|
39
39
|
end
|
|
40
|
-
event
|
|
40
|
+
event_set(event, key, value)
|
|
41
41
|
end
|
|
42
42
|
if captures['key_values']
|
|
43
43
|
key_values = parse_key_values(captures['key_values'])
|
|
@@ -45,7 +45,7 @@ class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
|
|
|
45
45
|
if ['took_millis', 'total_shards'].include?(key)
|
|
46
46
|
value = value.to_i
|
|
47
47
|
end
|
|
48
|
-
event
|
|
48
|
+
event_set(event, key, value)
|
|
49
49
|
end
|
|
50
50
|
|
|
51
51
|
source = key_values['source']
|
|
@@ -54,8 +54,8 @@ class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
|
|
|
54
54
|
if normalized
|
|
55
55
|
normalized = JSON.dump(normalized)
|
|
56
56
|
source_id = Digest::MD5.hexdigest(normalized)[0..8]
|
|
57
|
-
event
|
|
58
|
-
event
|
|
57
|
+
event_set(event, 'source_normalized', normalized)
|
|
58
|
+
event_set(event, 'source_id', source_id.force_encoding("utf-8"))
|
|
59
59
|
end
|
|
60
60
|
end
|
|
61
61
|
end
|
|
@@ -65,6 +65,22 @@ class LogStash::Filters::Elasticsearchslowlog < LogStash::Filters::Base
|
|
|
65
65
|
filter_matched(event)
|
|
66
66
|
end
|
|
67
67
|
|
|
68
|
+
def event_get(event, field)
|
|
69
|
+
if event.respond_to?(:get)
|
|
70
|
+
event.get(field)
|
|
71
|
+
else
|
|
72
|
+
event[field]
|
|
73
|
+
end
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def event_set(event, field, value)
|
|
77
|
+
if event.respond_to?(:set)
|
|
78
|
+
event.set(field, value)
|
|
79
|
+
else
|
|
80
|
+
event[field] = value
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
private
|
|
69
85
|
|
|
70
86
|
def parse_key_values(kv)
|
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = 'logstash-filter-elasticsearchslowlog'
|
|
5
|
-
s.version = '0.
|
|
5
|
+
s.version = '0.5.0'
|
|
6
6
|
s.licenses = ['Apache-2.0']
|
|
7
7
|
s.summary = 'elasticsearch slowlog parser'
|
|
8
8
|
s.description = 'elasticsearch slowlog parser'
|
|
@@ -23,4 +23,5 @@ Gem::Specification.new do |s|
|
|
|
23
23
|
s.add_runtime_dependency "deepsort", "0.4.0"
|
|
24
24
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.20", "<= 2.99"
|
|
25
25
|
s.add_development_dependency 'logstash-devutils'
|
|
26
|
+
s.add_development_dependency 'appraisal'
|
|
26
27
|
end
|
|
@@ -14,20 +14,20 @@ describe LogStash::Filters::Elasticsearchslowlog do
|
|
|
14
14
|
|
|
15
15
|
describe "filter" do
|
|
16
16
|
sample("message" => "some text") do
|
|
17
|
-
expect(subject
|
|
17
|
+
expect(event_get(subject, 'message')).to eq('some text')
|
|
18
18
|
end
|
|
19
19
|
|
|
20
20
|
sample("message" => '[2019-05-07T15:27:34,422][TRACE ][index.search.slowlog.query] [elasticsearch-data7.mid.veritrans.co.id] [transactionsv3_2018-12][2] took[350.9ms], took_millis[350], types[transaction], stats[], search_type[QUERY_THEN_FETCH], total_shards[111], source[{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["abcd"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}],') do
|
|
21
|
-
expect(subject
|
|
22
|
-
expect(subject
|
|
23
|
-
expect(subject
|
|
24
|
-
expect(subject
|
|
25
|
-
expect(subject
|
|
26
|
-
expect(subject
|
|
27
|
-
expect(subject
|
|
28
|
-
expect(subject
|
|
29
|
-
expect(subject
|
|
30
|
-
expect(subject
|
|
21
|
+
expect(event_get(subject, 'local_timestamp')).to eq('2019-05-07T15:27:34')
|
|
22
|
+
expect(event_get(subject, 'level')).to eq('TRACE')
|
|
23
|
+
expect(event_get(subject, 'node')).to eq('elasticsearch-data7.mid.veritrans.co.id')
|
|
24
|
+
expect(event_get(subject, 'index')).to eq('transactionsv3_2018-12')
|
|
25
|
+
expect(event_get(subject, 'shard')).to eq(2)
|
|
26
|
+
expect(event_get(subject, 'took_millis')).to eq(350)
|
|
27
|
+
expect(event_get(subject, 'types')).to eq('transaction')
|
|
28
|
+
expect(event_get(subject, 'search_type')).to eq('QUERY_THEN_FETCH')
|
|
29
|
+
expect(event_get(subject, 'total_shards')).to eq(111)
|
|
30
|
+
expect(event_get(subject, 'source')).to eq('{"from":0,"size":20,"query":{"bool":{"filter":[{"terms":{"transaction.merchant_id":["abcd"],"boost":1.0}}],"disable_coord":false,"adjust_pure_negative":true,"boost":1.0}},"sort":[{"transaction.transaction_time":{"order":"desc"}}]}')
|
|
31
31
|
expect(subject).to include('source_id')
|
|
32
32
|
end
|
|
33
33
|
end
|
|
@@ -49,10 +49,10 @@ describe LogStash::Filters::Elasticsearchslowlog do
|
|
|
49
49
|
expect(subject).to include('total_shards')
|
|
50
50
|
expect(subject).to include('source')
|
|
51
51
|
expect(subject).to include('source_id')
|
|
52
|
-
unless subject
|
|
53
|
-
puts subject
|
|
52
|
+
unless event_get(subject, 'source_normalized') == source_normalized[i]
|
|
53
|
+
puts event_get(subject, 'source_normalized')
|
|
54
54
|
end
|
|
55
|
-
expect(subject
|
|
55
|
+
expect(event_get(subject, 'source_normalized')).to eq(source_normalized[i])
|
|
56
56
|
end
|
|
57
57
|
end
|
|
58
58
|
end
|
|
@@ -65,4 +65,12 @@ describe LogStash::Filters::Elasticsearchslowlog do
|
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
+
|
|
69
|
+
def event_get(event, field)
|
|
70
|
+
if event.respond_to?(:get)
|
|
71
|
+
event.get(field)
|
|
72
|
+
else
|
|
73
|
+
event[field]
|
|
74
|
+
end
|
|
75
|
+
end
|
|
68
76
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elasticsearchslowlog
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Anantha Kumaran
|
|
@@ -58,6 +58,20 @@ dependencies:
|
|
|
58
58
|
- - ">="
|
|
59
59
|
- !ruby/object:Gem::Version
|
|
60
60
|
version: '0'
|
|
61
|
+
- !ruby/object:Gem::Dependency
|
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
|
63
|
+
requirements:
|
|
64
|
+
- - ">="
|
|
65
|
+
- !ruby/object:Gem::Version
|
|
66
|
+
version: '0'
|
|
67
|
+
name: appraisal
|
|
68
|
+
prerelease: false
|
|
69
|
+
type: :development
|
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
71
|
+
requirements:
|
|
72
|
+
- - ">="
|
|
73
|
+
- !ruby/object:Gem::Version
|
|
74
|
+
version: '0'
|
|
61
75
|
description: elasticsearch slowlog parser
|
|
62
76
|
email: ananthakumaran@gmail.com
|
|
63
77
|
executables: []
|