logstash-filter-grok 2.0.5 → 3.0.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +2 -0
  3. data/Gemfile +3 -1
  4. data/LICENSE +1 -1
  5. data/README.md +12 -3
  6. data/lib/logstash/filters/grok.rb +7 -9
  7. data/logstash-filter-grok.gemspec +3 -3
  8. data/spec/filters/grok_spec.rb +166 -166
  9. metadata +20 -18
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4f63a7bd21e2ebab75a4cc94f26731323f8912f7
4
- data.tar.gz: a2ae27830a99ac4b0bdeb2a2ff76c8e1f691e1f3
3
+ metadata.gz: 6ed17e8438274c966ed007c49208b42683ce7e95
4
+ data.tar.gz: 98c0b8ff214122ef7e1c90d7bb527d86e44e09aa
5
5
  SHA512:
6
- metadata.gz: 872e7daf89f4af9d5d92ceea3ba791b24fd358e1a1f7e5d738032b2f90286b256ad544ae06a24231c290535526efaef3a772fbb81e09f991928b17521ce83563
7
- data.tar.gz: 4a8ff939e59d6c704946618e315b17df72ae5fedaa2cdd9449652c22f4987f14458f31e15d8bbd9b63e6f0d371c85585143de1676b8e30485e528871a006a009
6
+ metadata.gz: 2e36982282ce0ab9ba59b9c59a7b659897f2d87ad67f059d167dbc3666b1298c3584c22737923b27e04287e6854cd691654281dde12aebb486c333f8e2798d7a
7
+ data.tar.gz: 41a23c2079664a3a1d6c7849fd05e4255bc2ec462eeb500cf3cea8a2cface478be2ed48eb9070f17083b2e080eea221555cbe53d7cf848ad57ba49b971d78286
data/CHANGELOG.md CHANGED
@@ -1,3 +1,5 @@
1
+ ## 3.0.0
2
+ - Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
1
3
  # 2.0.5
2
4
  - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
3
5
  # 2.0.4
data/Gemfile CHANGED
@@ -1,2 +1,4 @@
1
1
  source 'https://rubygems.org'
2
- gemspec
2
+
3
+ # Specify your gem's dependencies in logstash-mass_effect.gemspec
4
+ gemspec
data/LICENSE CHANGED
@@ -1,4 +1,4 @@
1
- Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
1
+ Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
2
2
 
3
3
  Licensed under the Apache License, Version 2.0 (the "License");
4
4
  you may not use this file except in compliance with the License.
data/README.md CHANGED
@@ -1,7 +1,6 @@
1
1
  # Logstash Plugin
2
2
 
3
- [![Build
4
- Status](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-grok-unit/badge/icon)](http://build-eu-00.elastic.co/view/LS%20Plugins/view/LS%20Filters/job/logstash-plugin-filter-grok-unit/)
3
+ [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-grok.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-grok)
5
4
 
6
5
  This is a plugin for [Logstash](https://github.com/elastic/logstash).
7
6
 
@@ -56,7 +55,12 @@ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
56
55
  ```
57
56
  - Install plugin
58
57
  ```sh
58
+ # Logstash 2.3 and higher
59
+ bin/logstash-plugin install --no-verify
60
+
61
+ # Prior to Logstash 2.3
59
62
  bin/plugin install --no-verify
63
+
60
64
  ```
61
65
  - Run Logstash with your plugin
62
66
  ```sh
@@ -74,7 +78,12 @@ gem build logstash-filter-awesome.gemspec
74
78
  ```
75
79
  - Install the plugin from the Logstash home
76
80
  ```sh
77
- bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
81
+ # Logstash 2.3 and higher
82
+ bin/logstash-plugin install --no-verify
83
+
84
+ # Prior to Logstash 2.3
85
+ bin/plugin install --no-verify
86
+
78
87
  ```
79
88
  - Start Logstash and proceed to test the plugin
80
89
 
data/lib/logstash/filters/grok.rb CHANGED
@@ -247,7 +247,7 @@
247
247
  # will let folks redefine built-in patterns at runtime.
248
248
  @patternfiles += patterns_files_from_paths(@@patterns_path.to_a, "*")
249
249
  @patternfiles += patterns_files_from_paths(@patterns_dir, @patterns_files_glob)
250
-
250
+
251
251
  @patterns = Hash.new { |h,k| h[k] = [] }
252
252
 
253
253
  @logger.info? and @logger.info("Match data", :match => @match)
@@ -269,8 +269,6 @@
269
269
 
270
270
  public
271
271
  def filter(event)
272
-
273
-
274
272
  matched = false
275
273
  done = false
276
274
 
@@ -294,7 +292,7 @@
294
292
 
295
293
  private
296
294
  def match(groks, field, event)
297
- input = event[field]
295
+ input = event.get(field)
298
296
  if input.is_a?(Array)
299
297
  success = false
300
298
  input.each do |input|
@@ -327,21 +325,21 @@
327
325
  return if (value.nil? || (value.is_a?(String) && value.empty?)) unless @keep_empty_captures
328
326
 
329
327
  if @overwrite.include?(field)
330
- event[field] = value
328
+ event.set(field, value)
331
329
  else
332
- v = event[field]
330
+ v = event.get(field)
333
331
  if v.nil?
334
- event[field] = value
332
+ event.set(field, value)
335
333
  elsif v.is_a?(Array)
336
334
  # do not replace the code below with:
337
335
  # event[field] << value
338
336
  # this assumes implementation specific feature of returning a mutable object
339
337
  # from a field ref which should not be assumed and will change in the future.
340
338
  v << value
341
- event[field] = v
339
+ event.set(field, v)
342
340
  elsif v.is_a?(String)
343
341
  # Promote to array since we aren't overwriting.
344
- event[field] = [v, value]
342
+ event.set(field, [v, value])
345
343
  end
346
344
  end
347
345
  end
data/logstash-filter-grok.gemspec CHANGED
@@ -1,10 +1,10 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-grok'
4
- s.version = '2.0.5'
4
+ s.version = '3.0.0'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Parse arbitrary text and structure it."
7
- s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
7
+ s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
8
8
  s.authors = ["Elastic"]
9
9
  s.email = 'info@elastic.co'
10
10
  s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
20
20
  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
21
21
 
22
22
  # Gem dependencies
23
- s.add_runtime_dependency "logstash-core-plugin-api", "~> 1.0"
23
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
24
24
 
25
25
  s.add_runtime_dependency 'jls-grok', '~> 0.11.1'
26
26
  s.add_runtime_dependency 'logstash-patterns-core'
data/spec/filters/grok_spec.rb CHANGED
@@ -36,12 +36,12 @@ describe LogStash::Filters::Grok do
36
36
  CONFIG
37
37
 
38
38
  sample "Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]" do
39
- insist { subject["tags"] }.nil?
40
- insist { subject["logsource"] } == "evita"
41
- insist { subject["timestamp"] } == "Mar 16 00:01:25"
42
- insist { subject["message"] } == "connect from camomile.cloud9.net[168.100.1.3]"
43
- insist { subject["program"] } == "postfix/smtpd"
44
- insist { subject["pid"] } == "1713"
39
+ insist { subject.get("tags") }.nil?
40
+ insist { subject.get("logsource") } == "evita"
41
+ insist { subject.get("timestamp") } == "Mar 16 00:01:25"
42
+ insist { subject.get("message") } == "connect from camomile.cloud9.net[168.100.1.3]"
43
+ insist { subject.get("program") } == "postfix/smtpd"
44
+ insist { subject.get("pid") } == "1713"
45
45
  end
46
46
  end
47
47
 
@@ -58,120 +58,120 @@ describe LogStash::Filters::Grok do
58
58
  CONFIG
59
59
 
60
60
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - [id1 foo=\"bar\"][id2 baz=\"something\"] Hello, syslog." do
61
- insist { subject["tags"] }.nil?
62
- insist { subject["syslog5424_pri"] } == "191"
63
- insist { subject["syslog5424_ver"] } == "1"
64
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
65
- insist { subject["syslog5424_host"] } == "paxton.local"
66
- insist { subject["syslog5424_app"] } == "grokdebug"
67
- insist { subject["syslog5424_proc"] } == "4123"
68
- insist { subject["syslog5424_msgid"] } == nil
69
- insist { subject["syslog5424_sd"] } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
70
- insist { subject["syslog5424_msg"] } == "Hello, syslog."
61
+ insist { subject.get("tags") }.nil?
62
+ insist { subject.get("syslog5424_pri") } == "191"
63
+ insist { subject.get("syslog5424_ver") } == "1"
64
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
65
+ insist { subject.get("syslog5424_host") } == "paxton.local"
66
+ insist { subject.get("syslog5424_app") } == "grokdebug"
67
+ insist { subject.get("syslog5424_proc") } == "4123"
68
+ insist { subject.get("syslog5424_msgid") } == nil
69
+ insist { subject.get("syslog5424_sd") } == "[id1 foo=\"bar\"][id2 baz=\"something\"]"
70
+ insist { subject.get("syslog5424_msg") } == "Hello, syslog."
71
71
  end
72
72
 
73
73
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - [id1 foo=\"bar\"] No process ID." do
74
- insist { subject["tags"] }.nil?
75
- insist { subject["syslog5424_pri"] } == "191"
76
- insist { subject["syslog5424_ver"] } == "1"
77
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
78
- insist { subject["syslog5424_host"] } == "paxton.local"
79
- insist { subject["syslog5424_app"] } == "grokdebug"
80
- insist { subject["syslog5424_proc"] } == nil
81
- insist { subject["syslog5424_msgid"] } == nil
82
- insist { subject["syslog5424_sd"] } == "[id1 foo=\"bar\"]"
83
- insist { subject["syslog5424_msg"] } == "No process ID."
74
+ insist { subject.get("tags") }.nil?
75
+ insist { subject.get("syslog5424_pri") } == "191"
76
+ insist { subject.get("syslog5424_ver") } == "1"
77
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
78
+ insist { subject.get("syslog5424_host") } == "paxton.local"
79
+ insist { subject.get("syslog5424_app") } == "grokdebug"
80
+ insist { subject.get("syslog5424_proc") } == nil
81
+ insist { subject.get("syslog5424_msgid") } == nil
82
+ insist { subject.get("syslog5424_sd") } == "[id1 foo=\"bar\"]"
83
+ insist { subject.get("syslog5424_msg") } == "No process ID."
84
84
  end
85
85
 
86
86
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - No structured data." do
87
- insist { subject["tags"] }.nil?
88
- insist { subject["syslog5424_pri"] } == "191"
89
- insist { subject["syslog5424_ver"] } == "1"
90
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
91
- insist { subject["syslog5424_host"] } == "paxton.local"
92
- insist { subject["syslog5424_app"] } == "grokdebug"
93
- insist { subject["syslog5424_proc"] } == "4123"
94
- insist { subject["syslog5424_msgid"] } == nil
95
- insist { subject["syslog5424_sd"] } == nil
96
- insist { subject["syslog5424_msg"] } == "No structured data."
87
+ insist { subject.get("tags") }.nil?
88
+ insist { subject.get("syslog5424_pri") } == "191"
89
+ insist { subject.get("syslog5424_ver") } == "1"
90
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
91
+ insist { subject.get("syslog5424_host") } == "paxton.local"
92
+ insist { subject.get("syslog5424_app") } == "grokdebug"
93
+ insist { subject.get("syslog5424_proc") } == "4123"
94
+ insist { subject.get("syslog5424_msgid") } == nil
95
+ insist { subject.get("syslog5424_sd") } == nil
96
+ insist { subject.get("syslog5424_msg") } == "No structured data."
97
97
  end
98
98
 
99
99
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug - - - No PID or SD." do
100
- insist { subject["tags"] }.nil?
101
- insist { subject["syslog5424_pri"] } == "191"
102
- insist { subject["syslog5424_ver"] } == "1"
103
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
104
- insist { subject["syslog5424_host"] } == "paxton.local"
105
- insist { subject["syslog5424_app"] } == "grokdebug"
106
- insist { subject["syslog5424_proc"] } == nil
107
- insist { subject["syslog5424_msgid"] } == nil
108
- insist { subject["syslog5424_sd"] } == nil
109
- insist { subject["syslog5424_msg"] } == "No PID or SD."
100
+ insist { subject.get("tags") }.nil?
101
+ insist { subject.get("syslog5424_pri") } == "191"
102
+ insist { subject.get("syslog5424_ver") } == "1"
103
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
104
+ insist { subject.get("syslog5424_host") } == "paxton.local"
105
+ insist { subject.get("syslog5424_app") } == "grokdebug"
106
+ insist { subject.get("syslog5424_proc") } == nil
107
+ insist { subject.get("syslog5424_msgid") } == nil
108
+ insist { subject.get("syslog5424_sd") } == nil
109
+ insist { subject.get("syslog5424_msg") } == "No PID or SD."
110
110
  end
111
111
 
112
112
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - Missing structured data." do
113
- insist { subject["tags"] }.nil?
114
- insist { subject["syslog5424_pri"] } == "191"
115
- insist { subject["syslog5424_ver"] } == "1"
116
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
117
- insist { subject["syslog5424_host"] } == "paxton.local"
118
- insist { subject["syslog5424_app"] } == "grokdebug"
119
- insist { subject["syslog5424_proc"] } == "4123"
120
- insist { subject["syslog5424_msgid"] } == nil
121
- insist { subject["syslog5424_sd"] } == nil
122
- insist { subject["syslog5424_msg"] } == "Missing structured data."
113
+ insist { subject.get("tags") }.nil?
114
+ insist { subject.get("syslog5424_pri") } == "191"
115
+ insist { subject.get("syslog5424_ver") } == "1"
116
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
117
+ insist { subject.get("syslog5424_host") } == "paxton.local"
118
+ insist { subject.get("syslog5424_app") } == "grokdebug"
119
+ insist { subject.get("syslog5424_proc") } == "4123"
120
+ insist { subject.get("syslog5424_msgid") } == nil
121
+ insist { subject.get("syslog5424_sd") } == nil
122
+ insist { subject.get("syslog5424_msg") } == "Missing structured data."
123
123
  end
124
124
 
125
125
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - - Additional spaces." do
126
- insist { subject["tags"] }.nil?
127
- insist { subject["syslog5424_pri"] } == "191"
128
- insist { subject["syslog5424_ver"] } == "1"
129
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
130
- insist { subject["syslog5424_host"] } == "paxton.local"
131
- insist { subject["syslog5424_app"] } == "grokdebug"
132
- insist { subject["syslog5424_proc"] } == "4123"
133
- insist { subject["syslog5424_msgid"] } == nil
134
- insist { subject["syslog5424_sd"] } == nil
135
- insist { subject["syslog5424_msg"] } == "Additional spaces."
126
+ insist { subject.get("tags") }.nil?
127
+ insist { subject.get("syslog5424_pri") } == "191"
128
+ insist { subject.get("syslog5424_ver") } == "1"
129
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
130
+ insist { subject.get("syslog5424_host") } == "paxton.local"
131
+ insist { subject.get("syslog5424_app") } == "grokdebug"
132
+ insist { subject.get("syslog5424_proc") } == "4123"
133
+ insist { subject.get("syslog5424_msgid") } == nil
134
+ insist { subject.get("syslog5424_sd") } == nil
135
+ insist { subject.get("syslog5424_msg") } == "Additional spaces."
136
136
  end
137
137
 
138
138
  sample "<191>1 2009-06-30T18:30:00+02:00 paxton.local grokdebug 4123 - Additional spaces and missing SD." do
139
- insist { subject["tags"] }.nil?
140
- insist { subject["syslog5424_pri"] } == "191"
141
- insist { subject["syslog5424_ver"] } == "1"
142
- insist { subject["syslog5424_ts"] } == "2009-06-30T18:30:00+02:00"
143
- insist { subject["syslog5424_host"] } == "paxton.local"
144
- insist { subject["syslog5424_app"] } == "grokdebug"
145
- insist { subject["syslog5424_proc"] } == "4123"
146
- insist { subject["syslog5424_msgid"] } == nil
147
- insist { subject["syslog5424_sd"] } == nil
148
- insist { subject["syslog5424_msg"] } == "Additional spaces and missing SD."
139
+ insist { subject.get("tags") }.nil?
140
+ insist { subject.get("syslog5424_pri") } == "191"
141
+ insist { subject.get("syslog5424_ver") } == "1"
142
+ insist { subject.get("syslog5424_ts") } == "2009-06-30T18:30:00+02:00"
143
+ insist { subject.get("syslog5424_host") } == "paxton.local"
144
+ insist { subject.get("syslog5424_app") } == "grokdebug"
145
+ insist { subject.get("syslog5424_proc") } == "4123"
146
+ insist { subject.get("syslog5424_msgid") } == nil
147
+ insist { subject.get("syslog5424_sd") } == nil
148
+ insist { subject.get("syslog5424_msg") } == "Additional spaces and missing SD."
149
149
  end
150
150
 
151
151
  sample "<30>1 2014-04-04T16:44:07+02:00 osctrl01 dnsmasq-dhcp 8048 - - Appname contains a dash" do
152
- insist { subject["tags"] }.nil?
153
- insist { subject["syslog5424_pri"] } == "30"
154
- insist { subject["syslog5424_ver"] } == "1"
155
- insist { subject["syslog5424_ts"] } == "2014-04-04T16:44:07+02:00"
156
- insist { subject["syslog5424_host"] } == "osctrl01"
157
- insist { subject["syslog5424_app"] } == "dnsmasq-dhcp"
158
- insist { subject["syslog5424_proc"] } == "8048"
159
- insist { subject["syslog5424_msgid"] } == nil
160
- insist { subject["syslog5424_sd"] } == nil
161
- insist { subject["syslog5424_msg"] } == "Appname contains a dash"
152
+ insist { subject.get("tags") }.nil?
153
+ insist { subject.get("syslog5424_pri") } == "30"
154
+ insist { subject.get("syslog5424_ver") } == "1"
155
+ insist { subject.get("syslog5424_ts") } == "2014-04-04T16:44:07+02:00"
156
+ insist { subject.get("syslog5424_host") } == "osctrl01"
157
+ insist { subject.get("syslog5424_app") } == "dnsmasq-dhcp"
158
+ insist { subject.get("syslog5424_proc") } == "8048"
159
+ insist { subject.get("syslog5424_msgid") } == nil
160
+ insist { subject.get("syslog5424_sd") } == nil
161
+ insist { subject.get("syslog5424_msg") } == "Appname contains a dash"
162
162
  end
163
163
 
164
164
  sample "<30>1 2014-04-04T16:44:07+02:00 osctrl01 - 8048 - - Appname is nil" do
165
- insist { subject["tags"] }.nil?
166
- insist { subject["syslog5424_pri"] } == "30"
167
- insist { subject["syslog5424_ver"] } == "1"
168
- insist { subject["syslog5424_ts"] } == "2014-04-04T16:44:07+02:00"
169
- insist { subject["syslog5424_host"] } == "osctrl01"
170
- insist { subject["syslog5424_app"] } == nil
171
- insist { subject["syslog5424_proc"] } == "8048"
172
- insist { subject["syslog5424_msgid"] } == nil
173
- insist { subject["syslog5424_sd"] } == nil
174
- insist { subject["syslog5424_msg"] } == "Appname is nil"
165
+ insist { subject.get("tags") }.nil?
166
+ insist { subject.get("syslog5424_pri") } == "30"
167
+ insist { subject.get("syslog5424_ver") } == "1"
168
+ insist { subject.get("syslog5424_ts") } == "2014-04-04T16:44:07+02:00"
169
+ insist { subject.get("syslog5424_host") } == "osctrl01"
170
+ insist { subject.get("syslog5424_app") } == nil
171
+ insist { subject.get("syslog5424_proc") } == "8048"
172
+ insist { subject.get("syslog5424_msgid") } == nil
173
+ insist { subject.get("syslog5424_sd") } == nil
174
+ insist { subject.get("syslog5424_msg") } == "Appname is nil"
175
175
  end
176
176
  end
177
177
 
@@ -186,7 +186,7 @@ describe LogStash::Filters::Grok do
186
186
  CONFIG
187
187
 
188
188
  sample("message" => [ "hello 12345", "world 23456" ]) do
189
- insist { subject["NUMBER"] } == [ "12345", "23456" ]
189
+ insist { subject.get("NUMBER") } == [ "12345", "23456" ]
190
190
  end
191
191
  end
192
192
 
@@ -201,10 +201,10 @@ describe LogStash::Filters::Grok do
201
201
  CONFIG
202
202
 
203
203
  sample "400 454.33" do
204
- insist { subject["foo"] } == 400
205
- insist { subject["foo"] }.is_a?(Fixnum)
206
- insist { subject["bar"] } == 454.33
207
- insist { subject["bar"] }.is_a?(Float)
204
+ insist { subject.get("foo") } == 400
205
+ insist { subject.get("foo") }.is_a?(Fixnum)
206
+ insist { subject.get("bar") } == 454.33
207
+ insist { subject.get("bar") }.is_a?(Float)
208
208
  end
209
209
  end
210
210
 
@@ -220,7 +220,7 @@ describe LogStash::Filters::Grok do
220
220
  CONFIG
221
221
 
222
222
  sample "hello 1234" do
223
- insist { subject["FIZZLE"] } == "1234"
223
+ insist { subject.get("FIZZLE") } == "1234"
224
224
  end
225
225
  end
226
226
 
@@ -237,8 +237,8 @@ describe LogStash::Filters::Grok do
237
237
  CONFIG
238
238
 
239
239
  sample("message" => "hello world", "examplefield" => "12345") do
240
- insist { subject["examplefield"] } == "12345"
241
- insist { subject["word"] } == "hello"
240
+ insist { subject.get("examplefield") } == "12345"
241
+ insist { subject.get("word") } == "hello"
242
242
  end
243
243
  end
244
244
 
@@ -254,12 +254,12 @@ describe LogStash::Filters::Grok do
254
254
  CONFIG
255
255
 
256
256
  sample "matchme 1234" do
257
- insist { subject["tags"] }.nil?
258
- insist { subject["new_field"] } == "1234"
257
+ insist { subject.get("tags") }.nil?
258
+ insist { subject.get("new_field") } == "1234"
259
259
  end
260
260
 
261
261
  sample "this will not be matched" do
262
- insist { subject["tags"] }.include?("_grokparsefailure")
262
+ insist { subject.get("tags") }.include?("_grokparsefailure")
263
263
  reject { subject }.include?("new_field")
264
264
  end
265
265
  end
@@ -275,7 +275,7 @@ describe LogStash::Filters::Grok do
275
275
  CONFIG
276
276
 
277
277
  sample "1=test" do
278
- insist { subject["tags"] }.nil?
278
+ insist { subject.get("tags") }.nil?
279
279
  insist { subject }.include?("foo1")
280
280
 
281
281
  # Since 'foo2' was not captured, it must not be present in the event.
@@ -294,7 +294,7 @@ describe LogStash::Filters::Grok do
294
294
  CONFIG
295
295
 
296
296
  sample "1=test" do
297
- insist { subject["tags"] }.nil?
297
+ insist { subject.get("tags") }.nil?
298
298
  # use .to_hash for this test, for now, because right now
299
299
  # the Event.include? returns false for missing fields as well
300
300
  # as for fields with nil values.
@@ -317,9 +317,9 @@ describe LogStash::Filters::Grok do
317
317
 
318
318
  sample "Hello World, yo!" do
319
319
  insist { subject }.include?("WORD")
320
- insist { subject["WORD"] } == "World"
320
+ insist { subject.get("WORD") } == "World"
321
321
  insist { subject }.include?("foo")
322
- insist { subject["foo"] } == "yo"
322
+ insist { subject.get("foo") } == "yo"
323
323
  end
324
324
  end
325
325
 
@@ -334,8 +334,8 @@ describe LogStash::Filters::Grok do
334
334
  }
335
335
  CONFIG
336
336
  sample "hello world" do
337
- insist { subject["tags"] }.nil?
338
- insist { subject["foo"] } == "hello"
337
+ insist { subject.get("tags") }.nil?
338
+ insist { subject.get("foo") } == "hello"
339
339
  end
340
340
  end
341
341
 
@@ -350,8 +350,8 @@ describe LogStash::Filters::Grok do
350
350
  CONFIG
351
351
 
352
352
  sample "fancy 12-12-12 12:12:12" do
353
- insist { subject["tags"] }.nil?
354
- insist { subject["timestamp"] } == "12-12-12 12:12:12"
353
+ insist { subject.get("tags") }.nil?
354
+ insist { subject.get("timestamp") } == "12-12-12 12:12:12"
355
355
  end
356
356
  end
357
357
  end
@@ -367,8 +367,8 @@ describe LogStash::Filters::Grok do
367
367
  CONFIG
368
368
 
369
369
  sample("status" => 403) do
370
- reject { subject["tags"] }.include?("_grokparsefailure")
371
- insist { subject["tags"] }.include?("four_oh_three")
370
+ reject { subject.get("tags") }.include?("_grokparsefailure")
371
+ insist { subject.get("tags") }.include?("four_oh_three")
372
372
  end
373
373
  end
374
374
 
@@ -383,8 +383,8 @@ describe LogStash::Filters::Grok do
383
383
  CONFIG
384
384
 
385
385
  sample("version" => 1.0) do
386
- insist { subject["tags"] }.include?("one_point_oh")
387
- insist { subject["tags"] }.include?("one_point_oh")
386
+ insist { subject.get("tags") }.include?("one_point_oh")
387
+ insist { subject.get("tags") }.include?("one_point_oh")
388
388
  end
389
389
  end
390
390
 
@@ -411,7 +411,7 @@ describe LogStash::Filters::Grok do
411
411
  )
412
412
  log_level_names.each do |level_name|
413
413
  sample "#{level_name}: error!" do
414
- insist { subject['level'] } == level_name
414
+ insist { subject.get("level") } == level_name
415
415
  end
416
416
  end
417
417
  end
@@ -427,11 +427,11 @@ describe LogStash::Filters::Grok do
427
427
  CONFIG
428
428
 
429
429
  sample "matchme 1234" do
430
- insist { subject["tags"] }.nil?
430
+ insist { subject.get("tags") }.nil?
431
431
  end
432
432
 
433
433
  sample "this will not be matched" do
434
- insist { subject["tags"] }.include?("false")
434
+ insist { subject.get("tags") }.include?("false")
435
435
  end
436
436
  end
437
437
 
@@ -446,7 +446,7 @@ describe LogStash::Filters::Grok do
446
446
  CONFIG
447
447
 
448
448
  sample "11/01/01" do
449
- insist { subject["stimestamp"] } == "11/01/01"
449
+ insist { subject.get("stimestamp") } == "11/01/01"
450
450
  end
451
451
  end
452
452
 
@@ -461,7 +461,7 @@ describe LogStash::Filters::Grok do
461
461
  CONFIG
462
462
 
463
463
  sample "hello world" do
464
- insist { subject["foo-bar"] } == "hello"
464
+ insist { subject.get("foo-bar") } == "hello"
465
465
  end
466
466
  end
467
467
 
@@ -509,11 +509,11 @@ describe LogStash::Filters::Grok do
509
509
  CONFIG
510
510
 
511
511
  sample "hello world" do
512
- insist { subject["foo"] }.is_a?(String)
512
+ insist { subject.get("foo") }.is_a?(String)
513
513
  end
514
514
 
515
515
  sample "123 world" do
516
- insist { subject["foo"] }.is_a?(String)
516
+ insist { subject.get("foo") }.is_a?(String)
517
517
  end
518
518
  end
519
519
 
@@ -528,8 +528,8 @@ describe LogStash::Filters::Grok do
528
528
  CONFIG
529
529
 
530
530
  sample("message" => "hello world 123", "somefield" => "testme abc 999") do
531
- insist { subject["foo"] } == "123"
532
- insist { subject["bar"] }.nil?
531
+ insist { subject.get("foo") } == "123"
532
+ insist { subject.get("bar") }.nil?
533
533
  end
534
534
  end
535
535
 
@@ -545,8 +545,8 @@ describe LogStash::Filters::Grok do
545
545
  CONFIG
546
546
 
547
547
  sample("message" => "hello world 123", "somefield" => "testme abc 999") do
548
- insist { subject["foo"] } == "123"
549
- insist { subject["bar"] } == "999"
548
+ insist { subject.get("foo") } == "123"
549
+ insist { subject.get("bar") } == "999"
550
550
  end
551
551
  end
552
552
 
@@ -561,16 +561,16 @@ describe LogStash::Filters::Grok do
561
561
  CONFIG
562
562
 
563
563
  sample "treebranch" do
564
- insist { subject["name2"] } == "branch"
564
+ insist { subject.get("name2") } == "branch"
565
565
  end
566
566
 
567
567
  sample "bushbeard" do
568
- insist { subject["name1"] } == "bush"
568
+ insist { subject.get("name1") } == "bush"
569
569
  end
570
570
 
571
571
  sample "treebeard" do
572
- insist { subject["name1"] } == "tree"
573
- insist { subject["name2"] } == "beard"
572
+ insist { subject.get("name1") } == "tree"
573
+ insist { subject.get("name2") } == "beard"
574
574
  end
575
575
  end
576
576
 
@@ -585,14 +585,14 @@ describe LogStash::Filters::Grok do
585
585
 
586
586
  # array input --
587
587
  sample("message" => ["hello world 123", "line 23"]) do
588
- insist { subject["foo"] } == ["123", "23"]
589
- insist { subject["tags"] }.nil?
588
+ insist { subject.get("foo") } == ["123", "23"]
589
+ insist { subject.get("tags") }.nil?
590
590
  end
591
591
 
592
592
  # array input, one of them matches
593
593
  sample("message" => ["hello world 123", "abc"]) do
594
- insist { subject["foo"] } == "123"
595
- insist { subject["tags"] }.nil?
594
+ insist { subject.get("foo") } == "123"
595
+ insist { subject.get("tags") }.nil?
596
596
  end
597
597
  end
598
598
 
@@ -607,16 +607,16 @@ describe LogStash::Filters::Grok do
607
607
 
608
608
  # array input --
609
609
  sample("message" => ["hello world 123", "line 23"]) do
610
- insist { subject["foo"] } == ["123", "23"]
611
- insist { subject["bar"] }.nil?
612
- insist { subject["tags"] }.nil?
610
+ insist { subject.get("foo") } == ["123", "23"]
611
+ insist { subject.get("bar") }.nil?
612
+ insist { subject.get("tags") }.nil?
613
613
  end
614
614
 
615
615
  # array input, one of them matches
616
616
  sample("message" => ["hello world", "line 23"]) do
617
- insist { subject["bar"] } == "hello"
618
- insist { subject["foo"] } == "23"
619
- insist { subject["tags"] }.nil?
617
+ insist { subject.get("bar") } == "hello"
618
+ insist { subject.get("foo") } == "23"
619
+ insist { subject.get("tags") }.nil?
620
620
  end
621
621
  end
622
622
 
@@ -632,16 +632,16 @@ describe LogStash::Filters::Grok do
632
632
 
633
633
  # array input --
634
634
  sample("message" => ["hello world 123", "line 23"]) do
635
- insist { subject["foo"] } == ["123", "23"]
636
- insist { subject["bar"] } == ["hello", "line"]
637
- insist { subject["tags"] }.nil?
635
+ insist { subject.get("foo") } == ["123", "23"]
636
+ insist { subject.get("bar") } == ["hello", "line"]
637
+ insist { subject.get("tags") }.nil?
638
638
  end
639
639
 
640
640
  # array input, one of them matches
641
641
  sample("message" => ["hello world", "line 23"]) do
642
- insist { subject["bar"] } == ["hello", "line"]
643
- insist { subject["foo"] } == "23"
644
- insist { subject["tags"] }.nil?
642
+ insist { subject.get("bar") } == ["hello", "line"]
643
+ insist { subject.get("foo") } == "23"
644
+ insist { subject.get("tags") }.nil?
645
645
  end
646
646
  end
647
647
 
@@ -656,9 +656,9 @@ describe LogStash::Filters::Grok do
656
656
  CONFIG
657
657
 
658
658
  sample "<22>Jan 4 07:50:46 mailmaster postfix/policy-spf[9454]: : SPF permerror (Junk encountered in record 'v=spf1 mx a:mail.domain.no ip4:192.168.0.4 �all'): Envelope-from: email@domain.no" do
659
- insist { subject["tags"] }.nil?
660
- insist { subject["syslog_pri"] } == "22"
661
- insist { subject["syslog_program"] } == "postfix/policy-spf"
659
+ insist { subject.get("tags") }.nil?
660
+ insist { subject.get("syslog_pri") } == "22"
661
+ insist { subject.get("syslog_program") } == "postfix/policy-spf"
662
662
  end
663
663
  end
664
664
 
@@ -681,7 +681,7 @@ describe LogStash::Filters::Grok do
681
681
  end
682
682
 
683
683
  sample("message" => 'hello') do
684
- insist { subject["tags"] } == ["_grokparsefailure"]
684
+ insist { subject.get("tags") } == ["_grokparsefailure"]
685
685
  end
686
686
 
687
687
  after do
@@ -713,7 +713,7 @@ describe LogStash::Filters::Grok do
713
713
  end
714
714
 
715
715
  sample("message" => '0') do
716
- insist { subject["tags"] } == nil
716
+ insist { subject.get("tags") } == nil
717
717
  end
718
718
 
719
719
  after do
@@ -744,7 +744,7 @@ describe LogStash::Filters::Grok do
744
744
  end
745
745
 
746
746
  sample("message" => '0') do
747
- insist { subject["tags"] } == nil
747
+ insist { subject.get("tags") } == nil
748
748
  end
749
749
 
750
750
  after do
@@ -764,18 +764,18 @@ describe LogStash::Filters::Grok do
764
764
  CONFIG
765
765
 
766
766
  sample "test 28.4ms" do
767
- insist { subject["duration"] } == 28.4
768
- insist { subject["tags"] }.nil?
767
+ insist { subject.get("duration") } == 28.4
768
+ insist { subject.get("tags") }.nil?
769
769
  end
770
770
 
771
771
  sample "test N/A" do
772
772
  insist { insist { subject.to_hash }.include?("duration") }.fails
773
- insist { subject["tags"] }.nil?
773
+ insist { subject.get("tags") }.nil?
774
774
  end
775
775
 
776
776
  sample "test abc" do
777
- insist { subject["duration"] }.nil?
778
- insist { subject["tags"] } == ["_grokparsefailure"]
777
+ insist { subject.get("duration") }.nil?
778
+ insist { subject.get("tags") } == ["_grokparsefailure"]
779
779
  end
780
780
  end
781
781
 
@@ -791,7 +791,7 @@ describe LogStash::Filters::Grok do
791
791
 
792
792
  sample "test N/A" do
793
793
  insist { subject.to_hash }.include?("duration")
794
- insist { subject["tags"] }.nil?
794
+ insist { subject.get("tags") }.nil?
795
795
  end
796
796
 
797
797
  end
@@ -806,13 +806,13 @@ describe LogStash::Filters::Grok do
806
806
  CONFIG
807
807
 
808
808
  sample "test 28.4ms" do
809
- insist { subject["duration"] } == "28.4"
810
- insist { subject["tags"] }.nil?
809
+ insist { subject.get("duration") } == "28.4"
810
+ insist { subject.get("tags") }.nil?
811
811
  end
812
812
 
813
813
  sample "test N/A" do
814
- insist { subject["duration"] }.nil?
815
- insist { subject["tags"] }.nil?
814
+ insist { subject.get("duration") }.nil?
815
+ insist { subject.get("tags") }.nil?
816
816
  end
817
817
  end
818
818
 
metadata CHANGED
@@ -1,72 +1,74 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-grok
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.5
4
+ version: 3.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-03-24 00:00:00.000000000 Z
11
+ date: 2016-05-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
+ name: logstash-core-plugin-api
14
15
  requirement: !ruby/object:Gem::Requirement
15
16
  requirements:
16
17
  - - "~>"
17
18
  - !ruby/object:Gem::Version
18
- version: '1.0'
19
- name: logstash-core-plugin-api
20
- prerelease: false
19
+ version: '2.0'
21
20
  type: :runtime
21
+ prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - "~>"
25
25
  - !ruby/object:Gem::Version
26
- version: '1.0'
26
+ version: '2.0'
27
27
  - !ruby/object:Gem::Dependency
28
+ name: jls-grok
28
29
  requirement: !ruby/object:Gem::Requirement
29
30
  requirements:
30
31
  - - "~>"
31
32
  - !ruby/object:Gem::Version
32
33
  version: 0.11.1
33
- name: jls-grok
34
- prerelease: false
35
34
  type: :runtime
35
+ prerelease: false
36
36
  version_requirements: !ruby/object:Gem::Requirement
37
37
  requirements:
38
38
  - - "~>"
39
39
  - !ruby/object:Gem::Version
40
40
  version: 0.11.1
41
41
  - !ruby/object:Gem::Dependency
42
+ name: logstash-patterns-core
42
43
  requirement: !ruby/object:Gem::Requirement
43
44
  requirements:
44
45
  - - ">="
45
46
  - !ruby/object:Gem::Version
46
47
  version: '0'
47
- name: logstash-patterns-core
48
- prerelease: false
49
48
  type: :runtime
49
+ prerelease: false
50
50
  version_requirements: !ruby/object:Gem::Requirement
51
51
  requirements:
52
52
  - - ">="
53
53
  - !ruby/object:Gem::Version
54
54
  version: '0'
55
55
  - !ruby/object:Gem::Dependency
56
+ name: logstash-devutils
56
57
  requirement: !ruby/object:Gem::Requirement
57
58
  requirements:
58
59
  - - ">="
59
60
  - !ruby/object:Gem::Version
60
61
  version: '0'
61
- name: logstash-devutils
62
- prerelease: false
63
62
  type: :development
63
+ prerelease: false
64
64
  version_requirements: !ruby/object:Gem::Requirement
65
65
  requirements:
66
66
  - - ">="
67
67
  - !ruby/object:Gem::Version
68
68
  version: '0'
69
- description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
69
+ description: This gem is a Logstash plugin required to be installed on top of the
70
+ Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
71
+ gem is not a stand-alone program
70
72
  email: info@elastic.co
71
73
  executables: []
72
74
  extensions: []
@@ -87,7 +89,7 @@ licenses:
87
89
  metadata:
88
90
  logstash_plugin: 'true'
89
91
  logstash_group: filter
90
- post_install_message:
92
+ post_install_message:
91
93
  rdoc_options: []
92
94
  require_paths:
93
95
  - lib
@@ -102,9 +104,9 @@ required_rubygems_version: !ruby/object:Gem::Requirement
102
104
  - !ruby/object:Gem::Version
103
105
  version: '0'
104
106
  requirements: []
105
- rubyforge_project:
106
- rubygems_version: 2.4.8
107
- signing_key:
107
+ rubyforge_project:
108
+ rubygems_version: 2.5.1
109
+ signing_key:
108
110
  specification_version: 4
109
111
  summary: Parse arbitrary text and structure it.
110
112
  test_files: