logstash-filter-grok 3.2.1 → 3.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/lib/logstash/filters/grok.rb +4 -4
  4. data/logstash-filter-grok.gemspec +1 -1
  5. data/spec/filters/grok_spec.rb +15 -0
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 26ce02b49c1b5bf27a1ea5470cef3b2875fa73e6
4
- data.tar.gz: 936454b6cf21105471e21ed161835d722a9092c2
3
+ metadata.gz: b2156be2aaef0d13ad330e90b4e944f07fd5caa4
4
+ data.tar.gz: 8942af6f6ca5680c40f4851e6ba94c669e79bfc1
5
5
  SHA512:
6
- metadata.gz: 2723677afeb369af6e1555b308b11c24ee4cb9f6c1baf6b74fc2fdedcff3e4d09702bcabf1532a2738134850eaa9f4c9821daf3f230df02f0a2c8bed66f701eb
7
- data.tar.gz: 2625317a10db35a9de2905ba534bfa80bbf7d6df031122077e180e252d0dc20ea1bfdaa46e62ada24894150502275c007c6706ef3433bb5a02735c45189b26c2
6
+ metadata.gz: ab1e10603d6cbf3bd6ee646a2e2c201f327c0e435c06cfb4e729905ed062fbbd1ce8afa1cadc0a4ac69620af36657a7a2cc252cc28f26dec040d0e802bed20fd
7
+ data.tar.gz: 9aa1ba7a12e0f8bdff56979d508e367a34d5d1f140c10e73d0dd0571e72c5727e3cd3bf7d9ca7a097dbaa82584644a53bc9a4a5cd12a7147047045220211f9cd
data/CHANGELOG.md CHANGED
@@ -1,3 +1,6 @@
1
+ ## 3.2.2
2
+ - Move one log message from info to debug to avoid noise
3
+
1
4
  ## 3.2.1
2
5
  - Fix race condition in TimeoutEnforcer that could cause crashes
3
6
  - Fix shutdown code to close cleanly and properly close the enforcer
data/lib/logstash/filters/grok.rb CHANGED
@@ -254,7 +254,7 @@
254
254
 
255
255
  @patterns = Hash.new { |h,k| h[k] = [] }
256
256
 
257
- @logger.info? and @logger.info("Match data", :match => @match)
257
+ @logger.debug("Match data", :match => @match)
258
258
 
259
259
  @metric_match_fields = metric.namespace(:patterns_per_field)
260
260
 
@@ -262,7 +262,7 @@
262
262
  patterns = [patterns] if patterns.is_a?(String)
263
263
  @metric_match_fields.gauge(field, patterns.length)
264
264
 
265
- @logger.info? and @logger.info("Grok compile", :field => field, :patterns => patterns)
265
+ @logger.trace("Grok compile", :field => field, :patterns => patterns)
266
266
  patterns.each do |pattern|
267
267
  @logger.debug? and @logger.debug("regexp: #{@type}/#{field}", :pattern => pattern)
268
268
  grok = Grok.new
@@ -367,14 +367,14 @@
367
367
  private
368
368
  def patterns_files_from_paths(paths, glob)
369
369
  patternfiles = []
370
- @logger.info? and @logger.info("Grok patterns path", :paths => paths)
370
+ @logger.debug("Grok patterns path", :paths => paths)
371
371
  paths.each do |path|
372
372
  if File.directory?(path)
373
373
  path = File.join(path, glob)
374
374
  end
375
375
 
376
376
  Dir.glob(path).each do |file|
377
- @logger.info? and @logger.info("Grok loading patterns from file", :path => file)
377
+ @logger.trace("Grok loading patterns from file", :path => file)
378
378
  patternfiles << file
379
379
  end
380
380
  end
data/logstash-filter-grok.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-grok'
4
- s.version = '3.2.1'
4
+ s.version = '3.2.2'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Parse arbitrary text and structure it."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/filters/grok_spec.rb CHANGED
@@ -840,4 +840,19 @@ describe LogStash::Filters::Grok do
840
840
  end
841
841
  end
842
842
 
843
+ describe "after grok when the event is JSON serialised the field values are unchanged" do
844
+ config <<-CONFIG
845
+ filter {grok {match => ["message", "Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port}"] remove_field => ["message","severity"] add_tag => ["ssh_failure"]}}
846
+ CONFIG
847
+
848
+ sample('{"facility":"auth","message":"Failed password for testuser from 1.1.1.1 port 22"}') do
849
+ insist { subject.get("username") } == "testuser"
850
+ insist { subject.get("port") } == "22"
851
+ insist { subject.get("src_ip") } == "1.1.1.1"
852
+ insist { LogStash::Json.dump(subject.get('username')) } == "\"testuser\""
853
+
854
+ insist { subject.to_json } =~ %r|{"src_ip":"1.1.1.1","@timestamp":"20\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\.\d\d\dZ","port":"22","@version":"1","username":"testuser","tags":\["ssh_failure"\]}|
855
+ end
856
+ end
857
+
843
858
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-grok
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.2.1
4
+ version: 3.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-08-08 00:00:00.000000000 Z
11
+ date: 2016-09-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement