logstash-filter-grok 3.2.1 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/filters/grok.rb +4 -4
- data/logstash-filter-grok.gemspec +1 -1
- data/spec/filters/grok_spec.rb +15 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b2156be2aaef0d13ad330e90b4e944f07fd5caa4
|
4
|
+
data.tar.gz: 8942af6f6ca5680c40f4851e6ba94c669e79bfc1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ab1e10603d6cbf3bd6ee646a2e2c201f327c0e435c06cfb4e729905ed062fbbd1ce8afa1cadc0a4ac69620af36657a7a2cc252cc28f26dec040d0e802bed20fd
|
7
|
+
data.tar.gz: 9aa1ba7a12e0f8bdff56979d508e367a34d5d1f140c10e73d0dd0571e72c5727e3cd3bf7d9ca7a097dbaa82584644a53bc9a4a5cd12a7147047045220211f9cd
|
data/CHANGELOG.md
CHANGED
@@ -254,7 +254,7 @@
|
|
254
254
|
|
255
255
|
@patterns = Hash.new { |h,k| h[k] = [] }
|
256
256
|
|
257
|
-
@logger.
|
257
|
+
@logger.debug("Match data", :match => @match)
|
258
258
|
|
259
259
|
@metric_match_fields = metric.namespace(:patterns_per_field)
|
260
260
|
|
@@ -262,7 +262,7 @@
|
|
262
262
|
patterns = [patterns] if patterns.is_a?(String)
|
263
263
|
@metric_match_fields.gauge(field, patterns.length)
|
264
264
|
|
265
|
-
@logger.
|
265
|
+
@logger.trace("Grok compile", :field => field, :patterns => patterns)
|
266
266
|
patterns.each do |pattern|
|
267
267
|
@logger.debug? and @logger.debug("regexp: #{@type}/#{field}", :pattern => pattern)
|
268
268
|
grok = Grok.new
|
@@ -367,14 +367,14 @@
|
|
367
367
|
private
|
368
368
|
def patterns_files_from_paths(paths, glob)
|
369
369
|
patternfiles = []
|
370
|
-
@logger.
|
370
|
+
@logger.debug("Grok patterns path", :paths => paths)
|
371
371
|
paths.each do |path|
|
372
372
|
if File.directory?(path)
|
373
373
|
path = File.join(path, glob)
|
374
374
|
end
|
375
375
|
|
376
376
|
Dir.glob(path).each do |file|
|
377
|
-
@logger.
|
377
|
+
@logger.trace("Grok loading patterns from file", :path => file)
|
378
378
|
patternfiles << file
|
379
379
|
end
|
380
380
|
end
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-grok'
|
4
|
-
s.version = '3.2.
|
4
|
+
s.version = '3.2.2'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Parse arbitrary text and structure it."
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/grok_spec.rb
CHANGED
@@ -840,4 +840,19 @@ describe LogStash::Filters::Grok do
|
|
840
840
|
end
|
841
841
|
end
|
842
842
|
|
843
|
+
describe "after grok when the event is JSON serialised the field values are unchanged" do
|
844
|
+
config <<-CONFIG
|
845
|
+
filter {grok {match => ["message", "Failed password for (invalid user |)%{USERNAME:username} from %{IP:src_ip} port %{BASE10NUM:port}"] remove_field => ["message","severity"] add_tag => ["ssh_failure"]}}
|
846
|
+
CONFIG
|
847
|
+
|
848
|
+
sample('{"facility":"auth","message":"Failed password for testuser from 1.1.1.1 port 22"}') do
|
849
|
+
insist { subject.get("username") } == "testuser"
|
850
|
+
insist { subject.get("port") } == "22"
|
851
|
+
insist { subject.get("src_ip") } == "1.1.1.1"
|
852
|
+
insist { LogStash::Json.dump(subject.get('username')) } == "\"testuser\""
|
853
|
+
|
854
|
+
insist { subject.to_json } =~ %r|{"src_ip":"1.1.1.1","@timestamp":"20\d\d-\d\d-\d\dT\d\d:\d\d:\d\d\.\d\d\dZ","port":"22","@version":"1","username":"testuser","tags":\["ssh_failure"\]}|
|
855
|
+
end
|
856
|
+
end
|
857
|
+
|
843
858
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-grok
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.2.
|
4
|
+
version: 3.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-09-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|