logstash-filter-grok 2.0.5 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/Gemfile +3 -1
  4. data/LICENSE +1 -1
  5. data/README.md +12 -3
  6. data/lib/logstash/filters/grok.rb +7 -9
  7. data/logstash-filter-grok.gemspec +3 -3
  8. data/spec/filters/grok_spec.rb +166 -166
  9. metadata +20 -18
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4f63a7bd21e2ebab75a4cc94f26731323f8912f7
4
- data.tar.gz: a2ae27830a99ac4b0bdeb2a2ff76c8e1f691e1f3
3
+ metadata.gz: 6ed17e8438274c966ed007c49208b42683ce7e95
4
+ data.tar.gz: 98c0b8ff214122ef7e1c90d7bb527d86e44e09aa
5
5
  SHA512:
6
- metadata.gz: 872e7daf89f4af9d5d92ceea3ba791b24fd358e1a1f7e5d738032b2f90286b256ad544ae06a24231c290535526efaef3a772fbb81e09f991928b17521ce83563
7
- data.tar.gz: 4a8ff939e59d6c704946618e315b17df72ae5fedaa2cdd9449652c22f4987f14458f31e15d8bbd9b63e6f0d371c85585143de1676b8e30485e528871a006a009
6
+ metadata.gz: 2e36982282ce0ab9ba59b9c59a7b659897f2d87ad67f059d167dbc3666b1298c3584c22737923b27e04287e6854cd691654281dde12aebb486c333f8e2798d7a
7
+ data.tar.gz: 41a23c2079664a3a1d6c7849fd05e4255bc2ec462eeb500cf3cea8a2cface478be2ed48eb9070f17083b2e080eea221555cbe53d7cf848ad57ba49b971d78286
data/CHANGELOG.md CHANGED
@@ -1,3 +1,5 @@
1
+ ## 3.0.0
2
+ - Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
1
3
  # 2.0.5
2
4
  - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
3
5
  # 2.0.4
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
1
  source 'https://rubygems.org'
2
- gemspec
2
+
3
+ # Specify your gem's dependencies in logstash-mass_effect.gemspec
4
+ gemspec
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
1
+ Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
2
2
 
3
3
  Licensed under the Apache License, Version 2.0 (the "License");
4
4
  you may not use this file except in compliance with the License.
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  # Logstash Plugin
2
2
 
3
- [![Build
4
- Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-grok-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-grok-unit/)
3
+ [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-grok.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-grok)
5
4
 
6
5
  This is a plugin for [Logstash](https://github.com/elastic/logstash).
7
6
 
@@ -56,7 +55,12 @@ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
56
55
  ```
57
56
  - Install plugin
58
57
  ```sh
58
+ # Logstash 2.3 and higher
59
+ bin/logstash-plugin install --no-verify
60
+
61
+ # Prior to Logstash 2.3
59
62
  bin/plugin install --no-verify
63
+
60
64
  ```
61
65
  - Run Logstash with your plugin
62
66
  ```sh
@@ -74,7 +78,12 @@ gem build logstash-filter-awesome.gemspec
74
78
  ```
75
79
  - Install the plugin from the Logstash home
76
80
  ```sh
77
- bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
81
+ # Logstash 2.3 and higher
82
+ bin/logstash-plugin install --no-verify
83
+
84
+ # Prior to Logstash 2.3
85
+ bin/plugin install --no-verify
86
+
78
87
  ```
79
88
  - Start Logstash and proceed to test the plugin
80
89
 
data/lib/logstash/filters/grok.rb CHANGED
@@ -247,7 +247,7 @@
247
247
  # will let folks redefine built-in patterns at runtime.
248
248
  @patternfiles += patterns_files_from_paths(@@patterns_path.to_a, "*")
249
249
  @patternfiles += patterns_files_from_paths(@patterns_dir, @patterns_files_glob)
250
-
250
+
251
251
  @patterns = Hash.new { |h,k| h[k] = [] }
252
252
 
253
253
  @logger.info? and @logger.info("Match data", :match => @match)
@@ -269,8 +269,6 @@
269
269
 
270
270
  public
271
271
  def filter(event)
272
-
273
-
274
272
  matched = false
275
273
  done = false
276
274
 
@@ -294,7 +292,7 @@
294
292
 
295
293
  private
296
294
  def match(groks, field, event)
297
- input = event[field]
295
+ input = event.get(field)
298
296
  if input.is_a?(Array)
299
297
  success = false
300
298
  input.each do |input|
@@ -327,21 +325,21 @@
327
325
  return if (value.nil? || (value.is_a?(String) && value.empty?)) unless @keep_empty_captures
328
326
 
329
327
  if @overwrite.include?(field)
330
- event[field] = value
328
+ event.set(field, value)
331
329
  else
332
- v = event[field]
330
+ v = event.get(field)
333
331
  if v.nil?
334
- event[field] = value
332
+ event.set(field, value)
335
333
  elsif v.is_a?(Array)
336
334
  # do not replace the code below with:
337
335
  # event[field] << value
338
336
  # this assumes implementation specific feature of returning a mutable object
339
337
  # from a field ref which should not be assumed and will change in the future.
340
338
  v << value
341
- event[field] = v
339
+ event.set(field, v)
342
340
  elsif v.is_a?(String)
343
341
  # Promote to array since we aren't overwriting.
344
- event[field] = [v, value]
342
+ event.set(field, [v, value])
345
343
  end
346
344
  end
347
345
  end
data/logstash-filter-grok.gemspec CHANGED
@@ -1,10 +1,10 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-grok'
4
- s.version = '2.0.5'
4
+ s.version = '3.0.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Parse arbitrary text and structure it."
7
- s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
7
+ s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
8
8
  s.authors = ["Elastic"]
9
9
  s.email = 'info@elastic.co'
10
10
  s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
20
20
  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
21
21
 
22
22
  # Gem dependencies
23
- s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
23
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
24
24
 
25
25
  s.add_runtime_dependency 'jls-grok', '~> 0.11.1'
26
26
  s.add_runtime_dependency 'logstash-patterns-core'
data/spec/filters/grok_spec.rb CHANGED
@@ -36,12 +36,12 @@ describe LogStash::Filters::Grok do
36
36
  CONFIG
37
37
 
38
38
  sample "Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]" do
39
- insist { subject["tags"] }.nil?
40
- insist { subject["logsource"] } == "evita"
41
- insist { subject["timestamp"] } == "Mar 16 00:01:25"
42
- insist { subject["message"] } == "connect from camomile.cloud9.net[168.100.1.3]"
43
- insist { subject["program"] } == "postfix/smtpd"
44
- insist { subject["pid"] } == "1713"
39
+ insist { subject.get("tags") }.nil?
40
+ insist { subject.get("logsource") } == "evita"
41
+ insist { subject.get("timestamp") } == "Mar 16 00:01:25"
42
+ insist { subject.get("message") } == "connect from camomile.cloud9.net[168.100.1.3]"
43
+ insist { subject.get("program") } == "postfix/smtpd"
44
+ insist { subject.get("pid") } == "1713"
45
45
  end
46
46
  end
47
47
 
@@ -58,120 +58,120 @@ describe LogStash::Filters::Grok do
58
58
  CONFIG
59
59
 
60
60
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - [id1 foo=\"bar\"][id2 baz=\"something\"] Hello, syslog." do
61
- insist { subject["tags"] }.nil?
62
- insist { subject["syslog5424_pri"] } == "191"
63
- insist { subject["syslog5424_ver"] } == "1"
64
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
65
- insist { subject["syslog5424_host"] } == "paxton.local"
66
- insist { subject["syslog5424_app"] } == "grokdebug"
67
- insist { subject["syslog5424_proc"] } == "4123"
68
- insist { subject["syslog5424_msgid"] } == nil
69
- insist { subject["syslog5424_sd"] } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
70
- insist { subject["syslog5424_msg"] } == "Hello, syslog."
61
+ insist { subject.get("tags") }.nil?
62
+ insist { subject.get("syslog5424_pri") } == "191"
63
+ insist { subject.get("syslog5424_ver") } == "1"
64
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
65
+ insist { subject.get("syslog5424_host") } == "paxton.local"
66
+ insist { subject.get("syslog5424_app") } == "grokdebug"
67
+ insist { subject.get("syslog5424_proc") } == "4123"
68
+ insist { subject.get("syslog5424_msgid") } == nil
69
+ insist { subject.get("syslog5424_sd") } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
70
+ insist { subject.get("syslog5424_msg") } == "Hello, syslog."
71
71
  end
72
72
 
73
73
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - [id1 foo=\"bar\"] No process ID." do
74
- insist { subject["tags"] }.nil?
75
- insist { subject["syslog5424_pri"] } == "191"
76
- insist { subject["syslog5424_ver"] } == "1"
77
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
78
- insist { subject["syslog5424_host"] } == "paxton.local"
79
- insist { subject["syslog5424_app"] } == "grokdebug"
80
- insist { subject["syslog5424_proc"] } == nil
81
- insist { subject["syslog5424_msgid"] } == nil
82
- insist { subject["syslog5424_sd"] } == "[id1 foo=\"bar\"]"
83
- insist { subject["syslog5424_msg"] } == "No process ID."
74
+ insist { subject.get("tags") }.nil?
75
+ insist { subject.get("syslog5424_pri") } == "191"
76
+ insist { subject.get("syslog5424_ver") } == "1"
77
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
78
+ insist { subject.get("syslog5424_host") } == "paxton.local"
79
+ insist { subject.get("syslog5424_app") } == "grokdebug"
80
+ insist { subject.get("syslog5424_proc") } == nil
81
+ insist { subject.get("syslog5424_msgid") } == nil
82
+ insist { subject.get("syslog5424_sd") } == "[id1 foo=\"bar\"]"
83
+ insist { subject.get("syslog5424_msg") } == "No process ID."
84
84
  end
85
85
 
86
86
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - No structured data." do
87
- insist { subject["tags"] }.nil?
88
- insist { subject["syslog5424_pri"] } == "191"
89
- insist { subject["syslog5424_ver"] } == "1"
90
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
91
- insist { subject["syslog5424_host"] } == "paxton.local"
92
- insist { subject["syslog5424_app"] } == "grokdebug"
93
- insist { subject["syslog5424_proc"] } == "4123"
94
- insist { subject["syslog5424_msgid"] } == nil
95
- insist { subject["syslog5424_sd"] } == nil
96
- insist { subject["syslog5424_msg"] } == "No structured data."
87
+ insist { subject.get("tags") }.nil?
88
+ insist { subject.get("syslog5424_pri") } == "191"
89
+ insist { subject.get("syslog5424_ver") } == "1"
90
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
91
+ insist { subject.get("syslog5424_host") } == "paxton.local"
92
+ insist { subject.get("syslog5424_app") } == "grokdebug"
93
+ insist { subject.get("syslog5424_proc") } == "4123"
94
+ insist { subject.get("syslog5424_msgid") } == nil
95
+ insist { subject.get("syslog5424_sd") } == nil
96
+ insist { subject.get("syslog5424_msg") } == "No structured data."
97
97
  end
98
98
 
99
99
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - - No PID or SD." do
100
- insist { subject["tags"] }.nil?
101
- insist { subject["syslog5424_pri"] } == "191"
102
- insist { subject["syslog5424_ver"] } == "1"
103
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
104
- insist { subject["syslog5424_host"] } == "paxton.local"
105
- insist { subject["syslog5424_app"] } == "grokdebug"
106
- insist { subject["syslog5424_proc"] } == nil
107
- insist { subject["syslog5424_msgid"] } == nil
108
- insist { subject["syslog5424_sd"] } == nil
109
- insist { subject["syslog5424_msg"] } == "No PID or SD."
100
+ insist { subject.get("tags") }.nil?
101
+ insist { subject.get("syslog5424_pri") } == "191"
102
+ insist { subject.get("syslog5424_ver") } == "1"
103
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
104
+ insist { subject.get("syslog5424_host") } == "paxton.local"
105
+ insist { subject.get("syslog5424_app") } == "grokdebug"
106
+ insist { subject.get("syslog5424_proc") } == nil
107
+ insist { subject.get("syslog5424_msgid") } == nil
108
+ insist { subject.get("syslog5424_sd") } == nil
109
+ insist { subject.get("syslog5424_msg") } == "No PID or SD."
110
110
  end
111
111
 
112
112
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - Missing structured data." do
113
- insist { subject["tags"] }.nil?
114
- insist { subject["syslog5424_pri"] } == "191"
115
- insist { subject["syslog5424_ver"] } == "1"
116
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
117
- insist { subject["syslog5424_host"] } == "paxton.local"
118
- insist { subject["syslog5424_app"] } == "grokdebug"
119
- insist { subject["syslog5424_proc"] } == "4123"
120
- insist { subject["syslog5424_msgid"] } == nil
121
- insist { subject["syslog5424_sd"] } == nil
122
- insist { subject["syslog5424_msg"] } == "Missing structured data."
113
+ insist { subject.get("tags") }.nil?
114
+ insist { subject.get("syslog5424_pri") } == "191"
115
+ insist { subject.get("syslog5424_ver") } == "1"
116
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
117
+ insist { subject.get("syslog5424_host") } == "paxton.local"
118
+ insist { subject.get("syslog5424_app") } == "grokdebug"
119
+ insist { subject.get("syslog5424_proc") } == "4123"
120
+ insist { subject.get("syslog5424_msgid") } == nil
121
+ insist { subject.get("syslog5424_sd") } == nil
122
+ insist { subject.get("syslog5424_msg") } == "Missing structured data."
123
123
  end
124
124
 
125
125
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - Additional spaces." do
126
- insist { subject["tags"] }.nil?
127
- insist { subject["syslog5424_pri"] } == "191"
128
- insist { subject["syslog5424_ver"] } == "1"
129
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
130
- insist { subject["syslog5424_host"] } == "paxton.local"
131
- insist { subject["syslog5424_app"] } == "grokdebug"
132
- insist { subject["syslog5424_proc"] } == "4123"
133
- insist { subject["syslog5424_msgid"] } == nil
134
- insist { subject["syslog5424_sd"] } == nil
135
- insist { subject["syslog5424_msg"] } == "Additional spaces."
126
+ insist { subject.get("tags") }.nil?
127
+ insist { subject.get("syslog5424_pri") } == "191"
128
+ insist { subject.get("syslog5424_ver") } == "1"
129
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
130
+ insist { subject.get("syslog5424_host") } == "paxton.local"
131
+ insist { subject.get("syslog5424_app") } == "grokdebug"
132
+ insist { subject.get("syslog5424_proc") } == "4123"
133
+ insist { subject.get("syslog5424_msgid") } == nil
134
+ insist { subject.get("syslog5424_sd") } == nil
135
+ insist { subject.get("syslog5424_msg") } == "Additional spaces."
136
136
  end
137
137
 
138
138
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - Additional spaces and missing SD." do
139
- insist { subject["tags"] }.nil?
140
- insist { subject["syslog5424_pri"] } == "191"
141
- insist { subject["syslog5424_ver"] } == "1"
142
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
143
- insist { subject["syslog5424_host"] } == "paxton.local"
144
- insist { subject["syslog5424_app"] } == "grokdebug"
145
- insist { subject["syslog5424_proc"] } == "4123"
146
- insist { subject["syslog5424_msgid"] } == nil
147
- insist { subject["syslog5424_sd"] } == nil
148
- insist { subject["syslog5424_msg"] } == "Additional spaces and missing SD."
139
+ insist { subject.get("tags") }.nil?
140
+ insist { subject.get("syslog5424_pri") } == "191"
141
+ insist { subject.get("syslog5424_ver") } == "1"
142
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
143
+ insist { subject.get("syslog5424_host") } == "paxton.local"
144
+ insist { subject.get("syslog5424_app") } == "grokdebug"
145
+ insist { subject.get("syslog5424_proc") } == "4123"
146
+ insist { subject.get("syslog5424_msgid") } == nil
147
+ insist { subject.get("syslog5424_sd") } == nil
148
+ insist { subject.get("syslog5424_msg") } == "Additional spaces and missing SD."
149
149
  end
150
150
 
151
151
  sample "<30>1 2014-04-04T16:44:07+02:00 osctrl01 dnsmasq-dhcp 8048 - - Appname contains a dash" do
152
- insist { subject["tags"] }.nil?
153
- insist { subject["syslog5424_pri"] } == "30"
154
- insist { subject["syslog5424_ver"] } == "1"
155
- insist { subject["syslog5424_ts"] } == "2014-04-04T16:44:07+02:00"
156
- insist { subject["syslog5424_host"] } == "osctrl01"
157
- insist { subject["syslog5424_app"] } == "dnsmasq-dhcp"
158
- insist { subject["syslog5424_proc"] } == "8048"
159
- insist { subject["syslog5424_msgid"] } == nil
160
- insist { subject["syslog5424_sd"] } == nil
161
- insist { subject["syslog5424_msg"] } == "Appname contains a dash"
152
+ insist { subject.get("tags") }.nil?
153
+ insist { subject.get("syslog5424_pri") } == "30"
154
+ insist { subject.get("syslog5424_ver") } == "1"
155
+ insist { subject.get("syslog5424_ts") } == "2014-04-04T16:44:07+02:00"
156
+ insist { subject.get("syslog5424_host") } == "osctrl01"
157
+ insist { subject.get("syslog5424_app") } == "dnsmasq-dhcp"
158
+ insist { subject.get("syslog5424_proc") } == "8048"
159
+ insist { subject.get("syslog5424_msgid") } == nil
160
+ insist { subject.get("syslog5424_sd") } == nil
161
+ insist { subject.get("syslog5424_msg") } == "Appname contains a dash"
162
162
  end
163
163
 
164
164
  sample "<30>1 2014-04-04T16:44:07+02:00 osctrl01 - 8048 - - Appname is nil" do
165
- insist { subject["tags"] }.nil?
166
- insist { subject["syslog5424_pri"] } == "30"
167
- insist { subject["syslog5424_ver"] } == "1"
168
- insist { subject["syslog5424_ts"] } == "2014-04-04T16:44:07+02:00"
169
- insist { subject["syslog5424_host"] } == "osctrl01"
170
- insist { subject["syslog5424_app"] } == nil
171
- insist { subject["syslog5424_proc"] } == "8048"
172
- insist { subject["syslog5424_msgid"] } == nil
173
- insist { subject["syslog5424_sd"] } == nil
174
- insist { subject["syslog5424_msg"] } == "Appname is nil"
165
+ insist { subject.get("tags") }.nil?
166
+ insist { subject.get("syslog5424_pri") } == "30"
167
+ insist { subject.get("syslog5424_ver") } == "1"
168
+ insist { subject.get("syslog5424_ts") } == "2014-04-04T16:44:07+02:00"
169
+ insist { subject.get("syslog5424_host") } == "osctrl01"
170
+ insist { subject.get("syslog5424_app") } == nil
171
+ insist { subject.get("syslog5424_proc") } == "8048"
172
+ insist { subject.get("syslog5424_msgid") } == nil
173
+ insist { subject.get("syslog5424_sd") } == nil
174
+ insist { subject.get("syslog5424_msg") } == "Appname is nil"
175
175
  end
176
176
  end
177
177
 
@@ -186,7 +186,7 @@ describe LogStash::Filters::Grok do
186
186
  CONFIG
187
187
 
188
188
  sample("message" => [ "hello 12345", "world 23456" ]) do
189
- insist { subject["NUMBER"] } == [ "12345", "23456" ]
189
+ insist { subject.get("NUMBER") } == [ "12345", "23456" ]
190
190
  end
191
191
  end
192
192
 
@@ -201,10 +201,10 @@ describe LogStash::Filters::Grok do
201
201
  CONFIG
202
202
 
203
203
  sample "400 454.33" do
204
- insist { subject["foo"] } == 400
205
- insist { subject["foo"] }.is_a?(Fixnum)
206
- insist { subject["bar"] } == 454.33
207
- insist { subject["bar"] }.is_a?(Float)
204
+ insist { subject.get("foo") } == 400
205
+ insist { subject.get("foo") }.is_a?(Fixnum)
206
+ insist { subject.get("bar") } == 454.33
207
+ insist { subject.get("bar") }.is_a?(Float)
208
208
  end
209
209
  end
210
210
 
@@ -220,7 +220,7 @@ describe LogStash::Filters::Grok do
220
220
  CONFIG
221
221
 
222
222
  sample "hello 1234" do
223
- insist { subject["FIZZLE"] } == "1234"
223
+ insist { subject.get("FIZZLE") } == "1234"
224
224
  end
225
225
  end
226
226
 
@@ -237,8 +237,8 @@ describe LogStash::Filters::Grok do
237
237
  CONFIG
238
238
 
239
239
  sample("message" => "hello world", "examplefield" => "12345") do
240
- insist { subject["examplefield"] } == "12345"
241
- insist { subject["word"] } == "hello"
240
+ insist { subject.get("examplefield") } == "12345"
241
+ insist { subject.get("word") } == "hello"
242
242
  end
243
243
  end
244
244
 
@@ -254,12 +254,12 @@ describe LogStash::Filters::Grok do
254
254
  CONFIG
255
255
 
256
256
  sample "matchme 1234" do
257
- insist { subject["tags"] }.nil?
258
- insist { subject["new_field"] } == "1234"
257
+ insist { subject.get("tags") }.nil?
258
+ insist { subject.get("new_field") } == "1234"
259
259
  end
260
260
 
261
261
  sample "this will not be matched" do
262
- insist { subject["tags"] }.include?("_grokparsefailure")
262
+ insist { subject.get("tags") }.include?("_grokparsefailure")
263
263
  reject { subject }.include?("new_field")
264
264
  end
265
265
  end
@@ -275,7 +275,7 @@ describe LogStash::Filters::Grok do
275
275
  CONFIG
276
276
 
277
277
  sample "1=test" do
278
- insist { subject["tags"] }.nil?
278
+ insist { subject.get("tags") }.nil?
279
279
  insist { subject }.include?("foo1")
280
280
 
281
281
  # Since 'foo2' was not captured, it must not be present in the event.
@@ -294,7 +294,7 @@ describe LogStash::Filters::Grok do
294
294
  CONFIG
295
295
 
296
296
  sample "1=test" do
297
- insist { subject["tags"] }.nil?
297
+ insist { subject.get("tags") }.nil?
298
298
  # use .to_hash for this test, for now, because right now
299
299
  # the Event.include? returns false for missing fields as well
300
300
  # as for fields with nil values.
@@ -317,9 +317,9 @@ describe LogStash::Filters::Grok do
317
317
 
318
318
  sample "Hello World, yo!" do
319
319
  insist { subject }.include?("WORD")
320
- insist { subject["WORD"] } == "World"
320
+ insist { subject.get("WORD") } == "World"
321
321
  insist { subject }.include?("foo")
322
- insist { subject["foo"] } == "yo"
322
+ insist { subject.get("foo") } == "yo"
323
323
  end
324
324
  end
325
325
 
@@ -334,8 +334,8 @@ describe LogStash::Filters::Grok do
334
334
  }
335
335
  CONFIG
336
336
  sample "hello world" do
337
- insist { subject["tags"] }.nil?
338
- insist { subject["foo"] } == "hello"
337
+ insist { subject.get("tags") }.nil?
338
+ insist { subject.get("foo") } == "hello"
339
339
  end
340
340
  end
341
341
 
@@ -350,8 +350,8 @@ describe LogStash::Filters::Grok do
350
350
  CONFIG
351
351
 
352
352
  sample "fancy 12-12-12 12:12:12" do
353
- insist { subject["tags"] }.nil?
354
- insist { subject["timestamp"] } == "12-12-12 12:12:12"
353
+ insist { subject.get("tags") }.nil?
354
+ insist { subject.get("timestamp") } == "12-12-12 12:12:12"
355
355
  end
356
356
  end
357
357
  end
@@ -367,8 +367,8 @@ describe LogStash::Filters::Grok do
367
367
  CONFIG
368
368
 
369
369
  sample("status" => 403) do
370
- reject { subject["tags"] }.include?("_grokparsefailure")
371
- insist { subject["tags"] }.include?("four_oh_three")
370
+ reject { subject.get("tags") }.include?("_grokparsefailure")
371
+ insist { subject.get("tags") }.include?("four_oh_three")
372
372
  end
373
373
  end
374
374
 
@@ -383,8 +383,8 @@ describe LogStash::Filters::Grok do
383
383
  CONFIG
384
384
 
385
385
  sample("version" => 1.0) do
386
- insist { subject["tags"] }.include?("one_point_oh")
387
- insist { subject["tags"] }.include?("one_point_oh")
386
+ insist { subject.get("tags") }.include?("one_point_oh")
387
+ insist { subject.get("tags") }.include?("one_point_oh")
388
388
  end
389
389
  end
390
390
 
@@ -411,7 +411,7 @@ describe LogStash::Filters::Grok do
411
411
  )
412
412
  log_level_names.each do |level_name|
413
413
  sample "#{level_name}: error!" do
414
- insist { subject['level'] } == level_name
414
+ insist { subject.get("level") } == level_name
415
415
  end
416
416
  end
417
417
  end
@@ -427,11 +427,11 @@ describe LogStash::Filters::Grok do
427
427
  CONFIG
428
428
 
429
429
  sample "matchme 1234" do
430
- insist { subject["tags"] }.nil?
430
+ insist { subject.get("tags") }.nil?
431
431
  end
432
432
 
433
433
  sample "this will not be matched" do
434
- insist { subject["tags"] }.include?("false")
434
+ insist { subject.get("tags") }.include?("false")
435
435
  end
436
436
  end
437
437
 
@@ -446,7 +446,7 @@ describe LogStash::Filters::Grok do
446
446
  CONFIG
447
447
 
448
448
  sample "11/01/01" do
449
- insist { subject["stimestamp"] } == "11/01/01"
449
+ insist { subject.get("stimestamp") } == "11/01/01"
450
450
  end
451
451
  end
452
452
 
@@ -461,7 +461,7 @@ describe LogStash::Filters::Grok do
461
461
  CONFIG
462
462
 
463
463
  sample "hello world" do
464
- insist { subject["foo-bar"] } == "hello"
464
+ insist { subject.get("foo-bar") } == "hello"
465
465
  end
466
466
  end
467
467
 
@@ -509,11 +509,11 @@ describe LogStash::Filters::Grok do
509
509
  CONFIG
510
510
 
511
511
  sample "hello world" do
512
- insist { subject["foo"] }.is_a?(String)
512
+ insist { subject.get("foo") }.is_a?(String)
513
513
  end
514
514
 
515
515
  sample "123 world" do
516
- insist { subject["foo"] }.is_a?(String)
516
+ insist { subject.get("foo") }.is_a?(String)
517
517
  end
518
518
  end
519
519
 
@@ -528,8 +528,8 @@ describe LogStash::Filters::Grok do
528
528
  CONFIG
529
529
 
530
530
  sample("message" => "hello world 123", "somefield" => "testme abc 999") do
531
- insist { subject["foo"] } == "123"
532
- insist { subject["bar"] }.nil?
531
+ insist { subject.get("foo") } == "123"
532
+ insist { subject.get("bar") }.nil?
533
533
  end
534
534
  end
535
535
 
@@ -545,8 +545,8 @@ describe LogStash::Filters::Grok do
545
545
  CONFIG
546
546
 
547
547
  sample("message" => "hello world 123", "somefield" => "testme abc 999") do
548
- insist { subject["foo"] } == "123"
549
- insist { subject["bar"] } == "999"
548
+ insist { subject.get("foo") } == "123"
549
+ insist { subject.get("bar") } == "999"
550
550
  end
551
551
  end
552
552
 
@@ -561,16 +561,16 @@ describe LogStash::Filters::Grok do
561
561
  CONFIG
562
562
 
563
563
  sample "treebranch" do
564
- insist { subject["name2"] } == "branch"
564
+ insist { subject.get("name2") } == "branch"
565
565
  end
566
566
 
567
567
  sample "bushbeard" do
568
- insist { subject["name1"] } == "bush"
568
+ insist { subject.get("name1") } == "bush"
569
569
  end
570
570
 
571
571
  sample "treebeard" do
572
- insist { subject["name1"] } == "tree"
573
- insist { subject["name2"] } == "beard"
572
+ insist { subject.get("name1") } == "tree"
573
+ insist { subject.get("name2") } == "beard"
574
574
  end
575
575
  end
576
576
 
@@ -585,14 +585,14 @@ describe LogStash::Filters::Grok do
585
585
 
586
586
  # array input --
587
587
  sample("message" => ["hello world 123", "line 23"]) do
588
- insist { subject["foo"] } == ["123", "23"]
589
- insist { subject["tags"] }.nil?
588
+ insist { subject.get("foo") } == ["123", "23"]
589
+ insist { subject.get("tags") }.nil?
590
590
  end
591
591
 
592
592
  # array input, one of them matches
593
593
  sample("message" => ["hello world 123", "abc"]) do
594
- insist { subject["foo"] } == "123"
595
- insist { subject["tags"] }.nil?
594
+ insist { subject.get("foo") } == "123"
595
+ insist { subject.get("tags") }.nil?
596
596
  end
597
597
  end
598
598
 
@@ -607,16 +607,16 @@ describe LogStash::Filters::Grok do
607
607
 
608
608
  # array input --
609
609
  sample("message" => ["hello world 123", "line 23"]) do
610
- insist { subject["foo"] } == ["123", "23"]
611
- insist { subject["bar"] }.nil?
612
- insist { subject["tags"] }.nil?
610
+ insist { subject.get("foo") } == ["123", "23"]
611
+ insist { subject.get("bar") }.nil?
612
+ insist { subject.get("tags") }.nil?
613
613
  end
614
614
 
615
615
  # array input, one of them matches
616
616
  sample("message" => ["hello world", "line 23"]) do
617
- insist { subject["bar"] } == "hello"
618
- insist { subject["foo"] } == "23"
619
- insist { subject["tags"] }.nil?
617
+ insist { subject.get("bar") } == "hello"
618
+ insist { subject.get("foo") } == "23"
619
+ insist { subject.get("tags") }.nil?
620
620
  end
621
621
  end
622
622
 
@@ -632,16 +632,16 @@ describe LogStash::Filters::Grok do
632
632
 
633
633
  # array input --
634
634
  sample("message" => ["hello world 123", "line 23"]) do
635
- insist { subject["foo"] } == ["123", "23"]
636
- insist { subject["bar"] } == ["hello", "line"]
637
- insist { subject["tags"] }.nil?
635
+ insist { subject.get("foo") } == ["123", "23"]
636
+ insist { subject.get("bar") } == ["hello", "line"]
637
+ insist { subject.get("tags") }.nil?
638
638
  end
639
639
 
640
640
  # array input, one of them matches
641
641
  sample("message" => ["hello world", "line 23"]) do
642
- insist { subject["bar"] } == ["hello", "line"]
643
- insist { subject["foo"] } == "23"
644
- insist { subject["tags"] }.nil?
642
+ insist { subject.get("bar") } == ["hello", "line"]
643
+ insist { subject.get("foo") } == "23"
644
+ insist { subject.get("tags") }.nil?
645
645
  end
646
646
  end
647
647
 
@@ -656,9 +656,9 @@ describe LogStash::Filters::Grok do
656
656
  CONFIG
657
657
 
658
658
  sample "<22>Jan 4 07:50:46 mailmaster postfix/policy-spf[9454]: : SPF permerror (Junk encountered in record 'v=spf1 mx a:mail.domain.no ip4:192.168.0.4 �all'): Envelope-from: email@domain.no" do
659
- insist { subject["tags"] }.nil?
660
- insist { subject["syslog_pri"] } == "22"
661
- insist { subject["syslog_program"] } == "postfix/policy-spf"
659
+ insist { subject.get("tags") }.nil?
660
+ insist { subject.get("syslog_pri") } == "22"
661
+ insist { subject.get("syslog_program") } == "postfix/policy-spf"
662
662
  end
663
663
  end
664
664
 
@@ -681,7 +681,7 @@ describe LogStash::Filters::Grok do
681
681
  end
682
682
 
683
683
  sample("message" => 'hello') do
684
- insist { subject["tags"] } == ["_grokparsefailure"]
684
+ insist { subject.get("tags") } == ["_grokparsefailure"]
685
685
  end
686
686
 
687
687
  after do
@@ -713,7 +713,7 @@ describe LogStash::Filters::Grok do
713
713
  end
714
714
 
715
715
  sample("message" => '0') do
716
- insist { subject["tags"] } == nil
716
+ insist { subject.get("tags") } == nil
717
717
  end
718
718
 
719
719
  after do
@@ -744,7 +744,7 @@ describe LogStash::Filters::Grok do
744
744
  end
745
745
 
746
746
  sample("message" => '0') do
747
- insist { subject["tags"] } == nil
747
+ insist { subject.get("tags") } == nil
748
748
  end
749
749
 
750
750
  after do
@@ -764,18 +764,18 @@ describe LogStash::Filters::Grok do
764
764
  CONFIG
765
765
 
766
766
  sample "test 28.4ms" do
767
- insist { subject["duration"] } == 28.4
768
- insist { subject["tags"] }.nil?
767
+ insist { subject.get("duration") } == 28.4
768
+ insist { subject.get("tags") }.nil?
769
769
  end
770
770
 
771
771
  sample "test N/A" do
772
772
  insist { insist { subject.to_hash }.include?("duration") }.fails
773
- insist { subject["tags"] }.nil?
773
+ insist { subject.get("tags") }.nil?
774
774
  end
775
775
 
776
776
  sample "test abc" do
777
- insist { subject["duration"] }.nil?
778
- insist { subject["tags"] } == ["_grokparsefailure"]
777
+ insist { subject.get("duration") }.nil?
778
+ insist { subject.get("tags") } == ["_grokparsefailure"]
779
779
  end
780
780
  end
781
781
 
@@ -791,7 +791,7 @@ describe LogStash::Filters::Grok do
791
791
 
792
792
  sample "test N/A" do
793
793
  insist { subject.to_hash }.include?("duration")
794
- insist { subject["tags"] }.nil?
794
+ insist { subject.get("tags") }.nil?
795
795
  end
796
796
 
797
797
  end
@@ -806,13 +806,13 @@ describe LogStash::Filters::Grok do
806
806
  CONFIG
807
807
 
808
808
  sample "test 28.4ms" do
809
- insist { subject["duration"] } == "28.4"
810
- insist { subject["tags"] }.nil?
809
+ insist { subject.get("duration") } == "28.4"
810
+ insist { subject.get("tags") }.nil?
811
811
  end
812
812
 
813
813
  sample "test N/A" do
814
- insist { subject["duration"] }.nil?
815
- insist { subject["tags"] }.nil?
814
+ insist { subject.get("duration") }.nil?
815
+ insist { subject.get("tags") }.nil?
816
816
  end
817
817
  end
818
818
 
metadata CHANGED
@@ -1,72 +1,74 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-grok
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-24 00:00:00.000000000 Z
11
+ date: 2016-05-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
14
15
  requirement: !ruby/object:Gem::Requirement
15
16
  requirements:
16
17
  - - "~>"
17
18
  - !ruby/object:Gem::Version
18
- version: '1.0'
19
- name: logstash-core-plugin-api
20
- prerelease: false
19
+ version: '2.0'
21
20
  type: :runtime
21
+ prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
+ name: jls-grok
28
29
  requirement: !ruby/object:Gem::Requirement
29
30
  requirements:
30
31
  - - "~>"
31
32
  - !ruby/object:Gem::Version
32
33
  version: 0.11.1
33
- name: jls-grok
34
- prerelease: false
35
34
  type: :runtime
35
+ prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: 0.11.1
41
41
  - !ruby/object:Gem::Dependency
42
+ name: logstash-patterns-core
42
43
  requirement: !ruby/object:Gem::Requirement
43
44
  requirements:
44
45
  - - ">="
45
46
  - !ruby/object:Gem::Version
46
47
  version: '0'
47
- name: logstash-patterns-core
48
- prerelease: false
49
48
  type: :runtime
49
+ prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
+ name: logstash-devutils
56
57
  requirement: !ruby/object:Gem::Requirement
57
58
  requirements:
58
59
  - - ">="
59
60
  - !ruby/object:Gem::Version
60
61
  version: '0'
61
- name: logstash-devutils
62
- prerelease: false
63
62
  type: :development
63
+ prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - ">="
67
67
  - !ruby/object:Gem::Version
68
68
  version: '0'
69
- description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
69
+ description: This gem is a Logstash plugin required to be installed on top of the
70
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
71
+ gem is not a stand-alone program
70
72
  email: info@elastic.co
71
73
  executables: []
72
74
  extensions: []
@@ -87,7 +89,7 @@ licenses:
87
89
  metadata:
88
90
  logstash_plugin: 'true'
89
91
  logstash_group: filter
90
- post_install_message:
92
+ post_install_message:
91
93
  rdoc_options: []
92
94
  require_paths:
93
95
  - lib
@@ -102,9 +104,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
102
104
  - !ruby/object:Gem::Version
103
105
  version: '0'
104
106
  requirements: []
105
- rubyforge_project:
106
- rubygems_version: 2.4.8
107
- signing_key:
107
+ rubyforge_project:
108
+ rubygems_version: 2.5.1
109
+ signing_key:
108
110
  specification_version: 4
109
111
  summary: Parse arbitrary text and structure it.
110
112
  test_files: