logstash-filter-grok 3.2.1 → 3.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/filters/grok.rb +4 -4
- data/logstash-filter-grok.gemspec +1 -1
- data/spec/filters/grok_spec.rb +15 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b2156be2aaef0d13ad330e90b4e944f07fd5caa4
|
4
|
+
data.tar.gz: 8942af6f6ca5680c40f4851e6ba94c669e79bfc1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab1e10603d6cbf3bd6ee646a2e2c201f327c0e435c06cfb4e729905ed062fbbd1ce8afa1cadc0a4ac69620af36657a7a2cc252cc28f26dec040d0e802bed20fd
|
7
|
+
data.tar.gz: 9aa1ba7a12e0f8bdff56979d508e367a34d5d1f140c10e73d0dd0571e72c5727e3cd3bf7d9ca7a097dbaa82584644a53bc9a4a5cd12a7147047045220211f9cd
|
data/CHANGELOG.md
CHANGED
@@ -254,7 +254,7 @@
|
|
254
254
|
|
255
255
|
@patterns = Hash.new { |h,k| h[k] = [] }
|
256
256
|
|
257
|
-
@logger.
|
257
|
+
@logger.debug("Match data", :match => @match)
|
258
258
|
|
259
259
|
@metric_match_fields = metric.namespace(:patterns_per_field)
|
260
260
|
|
@@ -262,7 +262,7 @@
|
|
262
262
|
patterns = [patterns] if patterns.is_a?(String)
|
263
263
|
@metric_match_fields.gauge(field, patterns.length)
|
264
264
|
|
265
|
-
@logger.
|
265
|
+
@logger.trace("Grok compile", :field => field, :patterns => patterns)
|
266
266
|
patterns.each do |pattern|
|
267
267
|
@logger.debug? and @logger.debug("regexp: #{@type}/#{field}", :pattern => pattern)
|
268
268
|
grok = Grok.new
|
@@ -367,14 +367,14 @@
|
|
367
367
|
private
|
368
368
|
def patterns_files_from_paths(paths, glob)
|
369
369
|
patternfiles = []
|
370
|
-
@logger.
|
370
|
+
@logger.debug("Grok patterns path", :paths => paths)
|
371
371
|
paths.each do |path|
|
372
372
|
if File.directory?(path)
|
373
373
|
path = File.join(path, glob)
|
374
374
|
end
|
375
375
|
|
376
376
|
Dir.glob(path).each do |file|
|
377
|
-
@logger.
|
377
|
+
@logger.trace("Grok loading patterns from file", :path => file)
|
378
378
|
patternfiles << file
|
379
379
|
end
|
380
380
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-grok'
|
4
|
-
s.version = '3.2.
|
4
|
+
s.version = '3.2.2'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Parse arbitrary text and structure it."
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/grok_spec.rb
CHANGED
@@ -840,4 +840,19 @@ describe LogStash::Filters::Grok do
|
|
840
840
|
end
|
841
841
|
end
|
842
842
|
|
843
|
+
describe "after grok when the event is JSON serialised the field values are unchanged" do
|
844
|
+
config <<-CONFIG
|
845
|
+
filter {grok {match => ["message", "Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port}"] remove_field => ["message","severity"] add_tag => ["ssh_failure"]}}
|
846
|
+
CONFIG
|
847
|
+
|
848
|
+
sample('{"facility":"auth","message":"Failed password for testuser from 1.1.1.1 port 22"}') do
|
849
|
+
insist { subject.get("username") } == "testuser"
|
850
|
+
insist { subject.get("port") } == "22"
|
851
|
+
insist { subject.get("src_ip") } == "1.1.1.1"
|
852
|
+
insist { LogStash::Json.dump(subject.get('username')) } == "\"testuser\""
|
853
|
+
|
854
|
+
insist { subject.to_json } =~ %r|{"src_ip":"1.1.1.1","@timestamp":"20\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\.\d\d\dZ","port":"22","@version":"1","username":"testuser","tags":\["ssh_failure"\]}|
|
855
|
+
end
|
856
|
+
end
|
857
|
+
|
843
858
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-grok
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.2.
|
4
|
+
version: 3.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|