logstash-filter-grok 3.0.1 → 3.1.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (6) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +21 -10
  3. data/lib/logstash/filters/grok.rb +5 -12
  4. data/logstash-filter-grok.gemspec +1 -1
  5. data/spec/filters/grok_spec.rb +7 -20
  6. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 518aabe176da0e624b62775a380dd3a405b0f178
4
- data.tar.gz: e1ee4539e93edc19fdff4118f9b5f7d4557e596a
3
+ metadata.gz: 4496fd80858b9f3beffe2624dede994c83c3c49f
4
+ data.tar.gz: 149364b7446e2671928270f2ed23ba1f1efe93fa
5
5
  SHA512:
6
- metadata.gz: 605a941fa330828af63678f573e830e3cdcaaa86ecaa6bbb444432ce5bfc24c378b01e31f0496518bf2d24912a2e2cd4bd3a0ce93589a45f69144e30450bb5f3
7
- data.tar.gz: 01fca5615a8bafa3a8fd397ad9fd44cc4f955f16824cbf2ac85b1af23836a2fddfede8d0a577fb79a15a898dde3a413daef842bf77f21bf234b250486b94d59d
6
+ metadata.gz: a7f3f873745dfeb0422d7a7414ebed203bbb2bd0b7e6ed8ee7ebb3c5a7457521f1185dbbacba37a8c5298486d3167d26e80cbe0efb6c95171567b96ffadc0aa0
7
+ data.tar.gz: e7cc9ad9efd6dfe7b7457c4c5e0988dfd7b58e1cd3dc1f58ed101f248789409ffbc2593f1613dc374730f9877658ceaebb2bd947e526237127b86935246d9985
data/CHANGELOG.md CHANGED
@@ -1,15 +1,26 @@
1
+ ## 3.1.1
2
+ - Added metrics for failed, matched and number of patters per field.
3
+
4
+ ## 3.1.0
5
+ - breaking,config: Remove deprecated config `singles`.
6
+ - breaking,config: Remove deprecated config `pattern`. Please use `match => { "message" => ""}` syntax.
7
+
1
8
  ## 3.0.1
2
- - Republish all the gems under jruby.
9
+ - internal: Republish all the gems under jruby.
10
+
3
11
  ## 3.0.0
4
- - Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
5
- # 2.0.5
6
- - Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
7
- # 2.0.4
8
- - New dependency requirements for logstash-core for the 5.0 release
12
+ - internal,deps: Update the plugin to the version 2.0 of the plugin api, this change is required for Logstash 5.0 compatibility. See https://github.com/elastic/logstash/issues/5141
13
+
14
+ ## 2.0.5
15
+ - internal,deps: Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
16
+
17
+ ## 2.0.4
18
+ - internal,deps: New dependency requirements for logstash-core for the 5.0 release
19
+
9
20
  ## 2.0.3
10
- - fix fieldref assignment to avoid assumption on mutable object
21
+ - internal: fix fieldref assignment to avoid assumption on mutable object
22
+
11
23
  ## 2.0.0
12
- - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
24
+ - internal: Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
13
25
  instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
14
- - Dependency on logstash-core update to 2.0
15
-
26
+ - internal,deps: Dependency on logstash-core update to 2.0
data/lib/logstash/filters/grok.rb CHANGED
@@ -139,12 +139,6 @@
139
139
  class LogStash::Filters::Grok < LogStash::Filters::Base
140
140
  config_name "grok"
141
141
 
142
- # Specify a pattern to parse with. This will match the `message` field.
143
- #
144
- # If you want to match other fields than message, use the `match` setting.
145
- # Multiple patterns is fine.
146
- config :pattern, :validate => :array, :deprecated => "You should use this instead: match => { \"message\" => \"your pattern here\" }"
147
-
148
142
  # A hash of matches of field => value
149
143
  #
150
144
  # For example:
@@ -195,10 +189,6 @@
195
189
  # If `true`, keep empty captures as event fields.
196
190
  config :keep_empty_captures, :validate => :boolean, :default => false
197
191
 
198
- # If `true`, make single-value fields simply that value, not an array
199
- # containing that one value.
200
- config :singles, :validate => :boolean, :default => true, :deprecated => "This behavior is the default now, you don't need to set it."
201
-
202
192
  # Append values to the `tags` field when there has been no
203
193
  # successful match
204
194
  config :tag_on_failure, :validate => :array, :default => ["_grokparsefailure"]
@@ -231,8 +221,6 @@
231
221
  public
232
222
  def initialize(params)
233
223
  super(params)
234
- @match["message"] ||= []
235
- @match["message"] += @pattern if @pattern # the config 'pattern' value (array)
236
224
  # a cache of capture name handler methods.
237
225
  @handlers = {}
238
226
  end
@@ -252,8 +240,11 @@
252
240
 
253
241
  @logger.info? and @logger.info("Match data", :match => @match)
254
242
 
243
+ @metric_match_fields = metric.namespace(:patterns_per_field)
244
+
255
245
  @match.each do |field, patterns|
256
246
  patterns = [patterns] if patterns.is_a?(String)
247
+ @metric_match_fields.gauge(field, patterns.length)
257
248
 
258
249
  @logger.info? and @logger.info("Grok compile", :field => field, :patterns => patterns)
259
250
  patterns.each do |pattern|
@@ -282,8 +273,10 @@
282
273
  end # @patterns.each
283
274
 
284
275
  if matched
276
+ metric.increment(:matches)
285
277
  filter_matched(event)
286
278
  else
279
+ metric.increment(:failures)
287
280
  @tag_on_failure.each{|tag| event.tag(tag)}
288
281
  end
289
282
 
data/logstash-filter-grok.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-grok'
4
- s.version = '3.0.1'
4
+ s.version = '3.1.1'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Parse arbitrary text and structure it."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
data/spec/filters/grok_spec.rb CHANGED
@@ -29,7 +29,6 @@ describe LogStash::Filters::Grok do
29
29
  filter {
30
30
  grok {
31
31
  match => { "message" => "%{SYSLOGLINE}" }
32
- singles => true
33
32
  overwrite => [ "message" ]
34
33
  }
35
34
  }
@@ -52,7 +51,6 @@ describe LogStash::Filters::Grok do
52
51
  filter {
53
52
  grok {
54
53
  match => { "message" => "%{SYSLOG5424LINE}" }
55
- singles => true
56
54
  }
57
55
  }
58
56
  CONFIG
@@ -195,7 +193,6 @@ describe LogStash::Filters::Grok do
195
193
  filter {
196
194
  grok {
197
195
  match => { "message" => "%{NUMBER:foo:int} %{NUMBER:bar:float}" }
198
- singles => true
199
196
  }
200
197
  }
201
198
  CONFIG
@@ -214,7 +211,6 @@ describe LogStash::Filters::Grok do
214
211
  grok {
215
212
  match => { "message" => "%{FIZZLE=\\d+}" }
216
213
  named_captures_only => false
217
- singles => true
218
214
  }
219
215
  }
220
216
  CONFIG
@@ -231,7 +227,6 @@ describe LogStash::Filters::Grok do
231
227
  match => { "message" => "%{WORD:word}" }
232
228
  match => { "examplefield" => "%{NUMBER:num}" }
233
229
  break_on_match => false
234
- singles => true
235
230
  }
236
231
  }
237
232
  CONFIG
@@ -247,7 +242,6 @@ describe LogStash::Filters::Grok do
247
242
  filter {
248
243
  grok {
249
244
  match => { "message" => "matchme %{NUMBER:fancy}" }
250
- singles => true
251
245
  add_field => [ "new_field", "%{fancy}" ]
252
246
  }
253
247
  }
@@ -310,7 +304,6 @@ describe LogStash::Filters::Grok do
310
304
  grok {
311
305
  match => { "message" => "Hello %{WORD}. %{WORD:foo}" }
312
306
  named_captures_only => false
313
- singles => true
314
307
  }
315
308
  }
316
309
  CONFIG
@@ -328,7 +321,6 @@ describe LogStash::Filters::Grok do
328
321
  config <<-'CONFIG'
329
322
  filter {
330
323
  grok {
331
- singles => true
332
324
  match => { "message" => "(?<foo>\w+)" }
333
325
  }
334
326
  }
@@ -343,7 +335,6 @@ describe LogStash::Filters::Grok do
343
335
  config <<-'CONFIG'
344
336
  filter {
345
337
  grok {
346
- singles => true
347
338
  match => { "message" => "(?<timestamp>%{DATE_EU} %{TIME})" }
348
339
  }
349
340
  }
@@ -392,7 +383,7 @@ describe LogStash::Filters::Grok do
392
383
  config <<-'CONFIG'
393
384
  filter {
394
385
  grok {
395
- pattern => "%{LOGLEVEL:level}: error!"
386
+ match => { "message" => "%{LOGLEVEL:level}: error!" }
396
387
  }
397
388
  }
398
389
  CONFIG
@@ -440,7 +431,6 @@ describe LogStash::Filters::Grok do
440
431
  filter {
441
432
  grok {
442
433
  match => { "message" => "%{DATE_EU:stimestamp}" }
443
- singles => true
444
434
  }
445
435
  }
446
436
  CONFIG
@@ -455,7 +445,6 @@ describe LogStash::Filters::Grok do
455
445
  filter {
456
446
  grok {
457
447
  match => { "message" => "%{WORD:foo-bar}" }
458
- singles => true
459
448
  }
460
449
  }
461
450
  CONFIG
@@ -481,7 +470,6 @@ describe LogStash::Filters::Grok do
481
470
  filter {
482
471
  grok {
483
472
  match => { "message" => "%{SYSLOGLINE}" }
484
- singles => true
485
473
  overwrite => [ "message" ]
486
474
  }
487
475
  }
@@ -498,12 +486,11 @@ describe LogStash::Filters::Grok do
498
486
  end
499
487
  end
500
488
 
501
- describe "singles with duplicate-named fields" do
489
+ describe "single value match with duplicate-named fields in pattern" do
502
490
  config <<-CONFIG
503
491
  filter {
504
492
  grok {
505
493
  match => { "message" => "%{INT:foo}|%{WORD:foo}" }
506
- singles => true
507
494
  }
508
495
  }
509
496
  CONFIG
@@ -649,8 +636,8 @@ describe LogStash::Filters::Grok do
649
636
  config <<-CONFIG
650
637
  filter {
651
638
  grok {
652
- #pattern => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}"
653
- pattern => "<%{POSINT:syslog_pri}>%{SPACE}%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(:?)(?:\\[%{GREEDYDATA:syslog_pid}\\])?(:?) %{GREEDYDATA:syslog_message}"
639
+ #match => { "message" => "<%{POSINT:syslog_pri}>%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
640
+ match => { "message" => "<%{POSINT:syslog_pri}>%{SPACE}%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{PROG:syslog_program}(:?)(?:\\[%{GREEDYDATA:syslog_pid}\\])?(:?) %{GREEDYDATA:syslog_message}" }
654
641
  }
655
642
  }
656
643
  CONFIG
@@ -677,7 +664,7 @@ describe LogStash::Filters::Grok do
677
664
  end
678
665
 
679
666
  let(:config) do
680
- 'filter { grok { pattern => "%{WORD:word}" } }'
667
+ 'filter { grok { match => { "message" => "%{WORD:word}" } } }'
681
668
  end
682
669
 
683
670
  sample("message" => 'hello') do
@@ -709,7 +696,7 @@ describe LogStash::Filters::Grok do
709
696
  end
710
697
 
711
698
  let(:config) do
712
- "filter { grok { patterns_dir => \"#{tmpdir}\" pattern => \"%{WORD:word}\" } }"
699
+ "filter { grok { patterns_dir => \"#{tmpdir}\" match => { \"message\" => \"%{WORD:word}\" } } }"
713
700
  end
714
701
 
715
702
  sample("message" => '0') do
@@ -740,7 +727,7 @@ describe LogStash::Filters::Grok do
740
727
  end
741
728
 
742
729
  let(:config) do
743
- "filter { grok { patterns_dir => \"#{tmpdir}\" patterns_files_glob => \"*.pattern\" pattern => \"%{WORD:word}\" } }"
730
+ "filter { grok { patterns_dir => \"#{tmpdir}\" patterns_files_glob => \"*.pattern\" match => { \"message\" => \"%{WORD:word}\" } } }"
744
731
  end
745
732
 
746
733
  sample("message" => '0') do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-grok
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.1
4
+ version: 3.1.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-09 00:00:00.000000000 Z
11
+ date: 2016-06-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement