logstash-filter-grok 3.2.1 → 3.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 26ce02b49c1b5bf27a1ea5470cef3b2875fa73e6
4
- data.tar.gz: 936454b6cf21105471e21ed161835d722a9092c2
3
+ metadata.gz: b2156be2aaef0d13ad330e90b4e944f07fd5caa4
4
+ data.tar.gz: 8942af6f6ca5680c40f4851e6ba94c669e79bfc1
5
5
  SHA512:
6
- metadata.gz: 2723677afeb369af6e1555b308b11c24ee4cb9f6c1baf6b74fc2fdedcff3e4d09702bcabf1532a2738134850eaa9f4c9821daf3f230df02f0a2c8bed66f701eb
7
- data.tar.gz: 2625317a10db35a9de2905ba534bfa80bbf7d6df031122077e180e252d0dc20ea1bfdaa46e62ada24894150502275c007c6706ef3433bb5a02735c45189b26c2
6
+ metadata.gz: ab1e10603d6cbf3bd6ee646a2e2c201f327c0e435c06cfb4e729905ed062fbbd1ce8afa1cadc0a4ac69620af36657a7a2cc252cc28f26dec040d0e802bed20fd
7
+ data.tar.gz: 9aa1ba7a12e0f8bdff56979d508e367a34d5d1f140c10e73d0dd0571e72c5727e3cd3bf7d9ca7a097dbaa82584644a53bc9a4a5cd12a7147047045220211f9cd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.2.2
2
+ - Move one log message from info to debug to avoid noise
3
+
1
4
  ## 3.2.1
2
5
  - Fix race condition in TimeoutEnforcer that could cause crashes
3
6
  - Fix shutdown code to close cleanly and properly close the enforcer
@@ -254,7 +254,7 @@
254
254
 
255
255
  @patterns = Hash.new { |h,k| h[k] = [] }
256
256
 
257
- @logger.info? and @logger.info("Match data", :match => @match)
257
+ @logger.debug("Match data", :match => @match)
258
258
 
259
259
  @metric_match_fields = metric.namespace(:patterns_per_field)
260
260
 
@@ -262,7 +262,7 @@
262
262
  patterns = [patterns] if patterns.is_a?(String)
263
263
  @metric_match_fields.gauge(field, patterns.length)
264
264
 
265
- @logger.info? and @logger.info("Grok compile", :field => field, :patterns => patterns)
265
+ @logger.trace("Grok compile", :field => field, :patterns => patterns)
266
266
  patterns.each do |pattern|
267
267
  @logger.debug? and @logger.debug("regexp: #{@type}/#{field}", :pattern => pattern)
268
268
  grok = Grok.new
@@ -367,14 +367,14 @@
367
367
  private
368
368
  def patterns_files_from_paths(paths, glob)
369
369
  patternfiles = []
370
- @logger.info? and @logger.info("Grok patterns path", :paths => paths)
370
+ @logger.debug("Grok patterns path", :paths => paths)
371
371
  paths.each do |path|
372
372
  if File.directory?(path)
373
373
  path = File.join(path, glob)
374
374
  end
375
375
 
376
376
  Dir.glob(path).each do |file|
377
- @logger.info? and @logger.info("Grok loading patterns from file", :path => file)
377
+ @logger.trace("Grok loading patterns from file", :path => file)
378
378
  patternfiles << file
379
379
  end
380
380
  end
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-grok'
4
- s.version = '3.2.1'
4
+ s.version = '3.2.2'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Parse arbitrary text and structure it."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -840,4 +840,19 @@ describe LogStash::Filters::Grok do
840
840
  end
841
841
  end
842
842
 
843
+ describe "after grok when the event is JSON serialised the field values are unchanged" do
844
+ config <<-CONFIG
845
+ filter {grok {match => ["message", "Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port}"] remove_field => ["message","severity"] add_tag => ["ssh_failure"]}}
846
+ CONFIG
847
+
848
+ sample('{"facility":"auth","message":"Failed password for testuser from 1.1.1.1 port 22"}') do
849
+ insist { subject.get("username") } == "testuser"
850
+ insist { subject.get("port") } == "22"
851
+ insist { subject.get("src_ip") } == "1.1.1.1"
852
+ insist { LogStash::Json.dump(subject.get('username')) } == "\"testuser\""
853
+
854
+ insist { subject.to_json } =~ %r|{"src_ip":"1.1.1.1","@timestamp":"20\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\.\d\d\dZ","port":"22","@version":"1","username":"testuser","tags":\["ssh_failure"\]}|
855
+ end
856
+ end
857
+
843
858
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-grok
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.1
4
+ version: 3.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-08-08 00:00:00.000000000 Z
11
+ date: 2016-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement