logstash-filter-grok 3.3.1 → 3.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/lib/logstash/filters/grok.rb +20 -0
- data/logstash-filter-grok.gemspec +1 -1
- data/spec/filters/grok_spec.rb +36 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b1e652d5cf4cc9eff9c8a678a3c981b394c26de0
|
|
4
|
+
data.tar.gz: 6124306fb38c72fdad65262fb0e544ca5b51592b
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2fd4bb01edc17528e22cf0085b8a09b5f42624c4f843c1cef1ff089c3ec3f8a4ba79a3e5957a5cec0d819a257e389c6c0985bfb1065b305ad7c8128435f89916
|
|
7
|
+
data.tar.gz: 0fbc997375ccbc3e5406b36afe73d4ee38f5e618c5f7e5c2158a5407d030e5c1a924f9e7fc4e220eed5dbd7276f3e01e84ddb1780ce8c195f19eebb91cd288ec
|
data/CHANGELOG.md
CHANGED
|
@@ -136,6 +136,11 @@
|
|
|
136
136
|
#
|
|
137
137
|
# The `timestamp`, `logsource`, `program`, and `pid` fields come from the
|
|
138
138
|
# `SYSLOGBASE` pattern which itself is defined by other patterns.
|
|
139
|
+
#
|
|
140
|
+
# Another option is to define patterns _inline_ in the filter using `pattern_definitions`.
|
|
141
|
+
# This is mostly for convenience and allows user to define a pattern which can be used just in that
|
|
142
|
+
# filter. This newly defined patterns in `pattern_definitions` will not be available outside of that particular `grok` filter.
|
|
143
|
+
#
|
|
139
144
|
class LogStash::Filters::Grok < LogStash::Filters::Base
|
|
140
145
|
config_name "grok"
|
|
141
146
|
require "logstash/filters/grok/timeout_enforcer"
|
|
@@ -178,6 +183,12 @@
|
|
|
178
183
|
# The patterns are loaded when the pipeline is created.
|
|
179
184
|
config :patterns_dir, :validate => :array, :default => []
|
|
180
185
|
|
|
186
|
+
# A hash of pattern-name and pattern tuples defining custom patterns to be used by
|
|
187
|
+
# the current filter. Patterns matching existing names will override the pre-existing
|
|
188
|
+
# definition. Think of this as inline patterns available just for this definition of
|
|
189
|
+
# grok
|
|
190
|
+
config :pattern_definitions, :validate => :hash, :default => {}
|
|
191
|
+
|
|
181
192
|
# Glob pattern, used to select the pattern files in the directories
|
|
182
193
|
# specified by patterns_dir
|
|
183
194
|
config :patterns_files_glob, :validate => :string, :default => "*"
|
|
@@ -271,6 +282,7 @@
|
|
|
271
282
|
grok = Grok.new
|
|
272
283
|
grok.logger = @logger unless @logger.nil?
|
|
273
284
|
add_patterns_from_files(@patternfiles, grok)
|
|
285
|
+
add_patterns_from_inline_definition(@pattern_definitions, grok)
|
|
274
286
|
grok.compile(pattern, @named_captures_only)
|
|
275
287
|
@patterns[field] << grok
|
|
276
288
|
end
|
|
@@ -394,6 +406,14 @@
|
|
|
394
406
|
end
|
|
395
407
|
end # def add_patterns_from_files
|
|
396
408
|
|
|
409
|
+
private
|
|
410
|
+
def add_patterns_from_inline_definition(pattern_definitions, grok)
|
|
411
|
+
pattern_definitions.each do |name, pattern|
|
|
412
|
+
next if pattern.nil?
|
|
413
|
+
grok.add_pattern(name, pattern.chomp)
|
|
414
|
+
end
|
|
415
|
+
end
|
|
416
|
+
|
|
397
417
|
def close
|
|
398
418
|
@timeout_enforcer.stop!
|
|
399
419
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-grok'
|
|
4
|
-
s.version = '3.
|
|
4
|
+
s.version = '3.4.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Parse arbitrary text and structure it."
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
data/spec/filters/grok_spec.rb
CHANGED
|
@@ -868,4 +868,40 @@ describe LogStash::Filters::Grok do
|
|
|
868
868
|
end
|
|
869
869
|
end
|
|
870
870
|
|
|
871
|
+
describe "grok with inline pattern definition successfully extracts fields" do
|
|
872
|
+
config <<-CONFIG
|
|
873
|
+
filter {
|
|
874
|
+
grok {
|
|
875
|
+
match => { "message" => "%{APACHE_TIME:timestamp} %{LOGLEVEL:level} %{MY_PATTERN:hindsight}" }
|
|
876
|
+
pattern_definitions => { "APACHE_TIME" => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
|
|
877
|
+
"MY_PATTERN" => "%{YEAR}"}
|
|
878
|
+
}
|
|
879
|
+
}
|
|
880
|
+
CONFIG
|
|
881
|
+
|
|
882
|
+
sample "Mon Dec 26 16:22:08 2016 error 2020" do
|
|
883
|
+
insist { subject.get("timestamp") } == "Mon Dec 26 16:22:08 2016"
|
|
884
|
+
insist { subject.get("level") } == "error"
|
|
885
|
+
insist { subject.get("hindsight") } == "2020"
|
|
886
|
+
end
|
|
887
|
+
end
|
|
888
|
+
|
|
889
|
+
describe "grok with inline pattern definition overwrites existing pattern definition" do
|
|
890
|
+
config <<-CONFIG
|
|
891
|
+
filter {
|
|
892
|
+
grok {
|
|
893
|
+
match => { "message" => "%{APACHE_TIME:timestamp} %{LOGLEVEL:level}" }
|
|
894
|
+
# loglevel was previously ([Aa]lert|ALERT|[Tt]...
|
|
895
|
+
pattern_definitions => { "APACHE_TIME" => "%{DAY} %{MONTH} %{MONTHDAY} %{TIME} %{YEAR}"
|
|
896
|
+
"LOGLEVEL" => "%{NUMBER}"}
|
|
897
|
+
}
|
|
898
|
+
}
|
|
899
|
+
CONFIG
|
|
900
|
+
|
|
901
|
+
sample "Mon Dec 26 16:22:08 2016 9999" do
|
|
902
|
+
insist { subject.get("timestamp") } == "Mon Dec 26 16:22:08 2016"
|
|
903
|
+
insist { subject.get("level") } == "9999"
|
|
904
|
+
end
|
|
905
|
+
end
|
|
906
|
+
|
|
871
907
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-grok
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2017-03-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|