logstash-filter-kv 4.3.3 → 4.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 224cad4699c558b68869188886233c5f9932777769e3b2231f96276369982ee5
-  data.tar.gz: d9933e603f3ab6a774ebada27d42bb2d62f829344598871b6d4834b98553e785
+  metadata.gz: 2127186e4a039aaadb013f982c1ed9815827b4c629979a9572a2000a961f3fb1
+  data.tar.gz: e79ab76e7787bb89b4aa0e901a78bc0412c3e9344ff6ac7ac23554b56f8f526b
 SHA512:
-  metadata.gz: 80d20a98f5c89301ae155ffbababe7be169ec5d4bde567fcde0a0117169851a15158767e3bfbc089352bbe7423052aefb237c8e14a0c5d37e1fef3cef70afdf8
-  data.tar.gz: 2499f09c2c41b7eacdb0fb5a4db48d9ef2ffeaca3bfae8d7d089382ac9b769c06dbdf1685a72852fac21bba0844e66ba48bb3b7689d05b324e2cac832f4b2ab1
+  metadata.gz: 237975f6ce46e4d5e5ac94742ea4b7adc323691d22a670ea37d9ff68f111523ca0f5b6dd3f81bf8c5dd60a60b6dafd11d579e5c4fcfc383c356a43b72f8e277d
+  data.tar.gz: bc354d05d413b8781e0baf3076521cd6257baaa49a84650b3182fd076aa91b962558d247d9a8b55ee8485427ccc74e33e0505f97ca38b784b8b3c00333ea926b

data/CHANGELOG.md

@@ -1,3 +1,15 @@
+## 4.6.0
+ - Added `allow_empty_values` option [#72](https://github.com/logstash-plugins/logstash-filter-kv/pull/72)
+
+## 4.5.0
+ - Feat: check that target is set in ECS mode [#96](https://github.com/logstash-plugins/logstash-filter-kv/pull/96)
+
+## 4.4.1
+ - Fixed issue where a `field_split_pattern` containing a literal backslash failed to match correctly [#87](https://github.com/logstash-plugins/logstash-filter-kv/issues/87)
+
+## 4.4.0
+ - Changed timeout handling using the Timeout class [#84](https://github.com/logstash-plugins/logstash-filter-kv/pull/84)
+
 ## 4.3.3
  - Fixed asciidoc formatting in docs
 

data/LICENSE

@@ -1,13 +1,202 @@
-Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
 
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
 
-    http://www.apache.org/licenses/LICENSE-2.0
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
 
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2020 Elastic and contributors
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

data/README.md

@@ -1,6 +1,6 @@
 # Logstash Plugin
 
-[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-kv.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-kv)
+[![Travis Build Status](https://travis-ci.com/logstash-plugins/logstash-filter-kv.svg)](https://travis-ci.com/logstash-plugins/logstash-filter-kv)
 
 This is a plugin for [Logstash](https://github.com/elastic/logstash).
 

data/docs/index.asciidoc

@@ -44,6 +44,13 @@ in case your data is not structured using `=` signs and whitespace.
 For example, this filter can also be used to parse query parameters like
 `foo=bar&baz=fizz` by setting the `field_split` parameter to `&`.
 
+[id="plugins-{type}s-{plugin}-ecs_metadata"]
+==== Event Metadata and the Elastic Common Schema (ECS)
+
+The plugin behaves the same regardless of ECS compatibility, except giving a warning when ECS is enabled and `target` isn't set.
+
+TIP: Set the `target` option to avoid potential schema conflicts.
+
 [id="plugins-{type}s-{plugin}-options"]
 ==== Kv Filter Configuration Options
 
@@ -53,7 +60,9 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-allow_duplicate_values>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-allow_empty_values>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-default_keys>> |<<hash,hash>>|No
+| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-exclude_keys>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-field_split>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-field_split_pattern>> |<<string,string>>|No
@@ -101,6 +110,17 @@ you could use this configuration:
       }
     }
 
+[id="plugins-{type}s-{plugin}-allow_empty_values"]
+===== `allow_empty_values`
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `false`
+
+A bool option for explicitly including empty values.
+When set to true, empty values will be added to the event.
+
+NOTE: Parsing empty values typically requires <<plugins-{type}s-{plugin}-whitespace,`whitespace => strict`>>.
+
 [id="plugins-{type}s-{plugin}-default_keys"]
 ===== `default_keys` 
 
@@ -117,6 +137,17 @@ in case these keys do not exist in the source field being parsed.
       }
     }
 
+[id="plugins-{type}s-{plugin}-ecs_compatibility"]
+===== `ecs_compatibility`
+
+  * Value type is <<string,string>>
+  * Supported values are:
+    ** `disabled`: does not use ECS-compatible field names
+    ** `v1`: Elastic Common Schema compliant behavior (warns when `target` isn't set)
+
+Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
+See <<plugins-{type}s-{plugin}-ecs_metadata>> for detailed information.
+
 [id="plugins-{type}s-{plugin}-exclude_keys"]
 ===== `exclude_keys` 
 

data/lib/logstash/filters/kv.rb

@@ -2,6 +2,10 @@
 
 require "logstash/filters/base"
 require "logstash/namespace"
+require 'logstash/plugin_mixins/ecs_compatibility_support'
+require 'logstash/plugin_mixins/ecs_compatibility_support/target_check'
+require 'logstash/plugin_mixins/validator_support/field_reference_validation_adapter'
+require "timeout"
 
 # This filter helps automatically parse messages (or specific event fields)
 # which are of the `foo=bar` variety.
@@ -29,6 +33,11 @@ require "logstash/namespace"
 class LogStash::Filters::KV < LogStash::Filters::Base
   config_name "kv"
 
+  include LogStash::PluginMixins::ECSCompatibilitySupport
+  include LogStash::PluginMixins::ECSCompatibilitySupport::TargetCheck
+
+  extend LogStash::PluginMixins::ValidatorSupport::FieldReferenceValidationAdapter
+
   # Constants used for transform check
   TRANSFORM_LOWERCASE_KEY = "lowercase"
   TRANSFORM_UPPERCASE_KEY = "uppercase"
@@ -200,7 +209,7 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   # For example, to process the `not_the_message` field:
   # [source,ruby]
   #     filter { kv { source => "not_the_message" } }
-  config :source, :validate => :string, :default => "message"
+  config :source, :validate => :field_reference, :default => "message"
 
   # The name of the container to put all of the key-value pairs into.
   #
@@ -210,7 +219,7 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   # For example, to place all keys into the event field kv:
   # [source,ruby]
   #     filter { kv { target => "kv" } }
-  config :target, :validate => :string
+  config :target, :validate => :field_reference
 
   # An array specifying the parsed keys which should be added to the event.
   # By default all keys will be added.
@@ -263,6 +272,9 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   #     }
   config :allow_duplicate_values, :validate => :boolean, :default => true
 
+  # A bool option for keeping empty or nil values.
+  config :allow_empty_values, :validate => :boolean, :default => false
+
   # A boolean specifying whether to treat square brackets, angle brackets,
   # and parentheses as value "wrappers" that should be removed from the value.
   # [source,ruby]
@@ -319,8 +331,6 @@ class LogStash::Filters::KV < LogStash::Filters::Base
 
   # Attempt to terminate regexps after this amount of time.
   # This applies per source field value if event has multiple values in the source field.
-  # This will never timeout early, but may take a little longer to timeout.
-  # Actual timeout is approximate based on a 250ms quantization.
   # Set to 0 to disable timeouts
   config :timeout_millis, :validate => :number, :default => 30_000
 
@@ -330,7 +340,16 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   # Tag to apply if kv errors
   config :tag_on_failure, :validate => :string, :default => '_kv_filter_error'
 
+
+  EMPTY_STRING = ''.freeze
+
   def register
+    # Too late to set the regexp interruptible flag, at least warn if it is not set.
+    require 'java'
+    if java.lang.System.getProperty("jruby.regexp.interruptible") != "true"
+      logger.warn("KV Filter registered without jruby interruptible regular expressions enabled (`-Djruby.regexp.interruptible=true`); timeouts may not be respected.")
+    end
+
     if @value_split.empty?
       raise LogStash::ConfigurationError, I18n.t(
         "logstash.runner.configuration.invalid_plugin_register",
@@ -406,26 +425,17 @@ class LogStash::Filters::KV < LogStash::Filters::Base
 
     @logger.debug? && @logger.debug("KV scan regex", :regex => @scan_re.inspect)
 
-    @timeout_enforcer = initialize_timeout_enforcer
-    @timeout_enforcer.start!
+    # divide by float to allow fractionnal seconds, the Timeout class timeout value is in seconds but the underlying
+    # executor resolution is in microseconds so fractionnal second parameter down to microseconds is possible.
+    # see https://github.com/jruby/jruby/blob/9.2.7.0/core/src/main/java/org/jruby/ext/timeout/Timeout.java#L125
+    @timeout_seconds = @timeout_millis / 1000.0
   end
 
   def filter(event)
-    kv = Hash.new
     value = event.get(@source)
 
-    @timeout_enforcer.execute do
-      case value
-      when nil
-        # Nothing to do
-      when String
-        parse(value, event, kv)
-      when Array
-        value.each { |v| parse(v, event, kv) }
-      else
-        @logger.warn("kv filter has no support for this type of data", :type => value.class, :value => value)
-      end
-    end
+    # if timeout is 0 avoid creating a closure although Timeout.timeout has a bypass for 0s timeouts.
+    kv = @timeout_seconds > 0.0 ? Timeout.timeout(@timeout_seconds, TimeoutException) { parse_value(value, event) } : parse_value(value, event)
 
     # Add default key-values for missing keys
     kv = @default_keys.merge(kv)
@@ -433,7 +443,9 @@ class LogStash::Filters::KV < LogStash::Filters::Base
     return if kv.empty?
 
     if @target
-      @logger.debug? && @logger.debug("Overwriting existing target field", :target => @target)
+      if event.include?(@target)
+        @logger.debug? && @logger.debug("Overwriting existing target field", field: @target, existing_value: event.get(@target))
+      end
       event.set(@target, kv)
     else
       kv.each{|k, v| event.set(k, v)}
@@ -452,11 +464,27 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   end
 
   def close
-    @timeout_enforcer.stop!
   end
 
   private
 
+  def parse_value(value, event)
+    kv = Hash.new
+
+    case value
+    when nil
+      # Nothing to do
+    when String
+      parse(value, event, kv)
+    when Array
+      value.each { |v| parse(v, event, kv) }
+    else
+      @logger.warn("kv filter has no support for this type of data", :type => value.class, :value => value)
+    end
+
+    kv
+  end
+
   # @overload summarize(value)
   #   @param value [Array]
   #   @return [String]
@@ -474,13 +502,7 @@ class LogStash::Filters::KV < LogStash::Filters::Base
 
     value.bytesize < 255 ? "`#{value}`" : "entry too large; first 255 chars are `#{value[0..255].dump}`"
   end
-
-  def initialize_timeout_enforcer
-    return NULL_TIMEOUT_ENFORCER if @timeout_millis <= 0
-
-    TimeoutEnforcer.new(logger, @timeout_millis * 1_000_000)
-  end
-
+  
   def has_value_splitter?(s)
     s =~ @value_split_re
   end
@@ -513,7 +535,7 @@ class LogStash::Filters::KV < LogStash::Filters::Base
   # @return [Regexp]
   def unquoted_capture_until_pattern(*patterns)
     pattern = patterns.size > 1 ? Regexp.union(patterns) : patterns.first
-    /((?:\\.|(?!#{pattern}).)+)/
+    /((?:(?!#{pattern})(?:\\.|.))+)/
   end
 
   # Helper function for generating *capturing* `Regexp` that will _efficiently_ match any sequence of characters
@@ -553,12 +575,12 @@ class LogStash::Filters::KV < LogStash::Filters::Base
     exclude_keys = @exclude_keys.map{|key| event.sprintf(key)}
 
     text.scan(@scan_re) do |key, *value_candidates|
-      value = value_candidates.compact.first
-      next if value.nil? || value.empty?
+      value = value_candidates.compact.first || EMPTY_STRING
+      next if value.empty? && !@allow_empty_values
 
-      key = @trim_key ? key.gsub(@trim_key_re, "") : key
-      key = @remove_char_key ? key.gsub(@remove_char_key_re, "") : key
-      key = @transform_key ? transform(key, @transform_key) : key
+      key = key.gsub(@trim_key_re, EMPTY_STRING) if @trim_key
+      key = key.gsub(@remove_char_key_re, EMPTY_STRING) if @remove_char_key
+      key = transform(key, @transform_key) if @transform_key
 
       # Bail out as per the values of include_keys and exclude_keys
       next if not include_keys.empty? and not include_keys.include?(key)
@@ -567,9 +589,9 @@ class LogStash::Filters::KV < LogStash::Filters::Base
 
       key = event.sprintf(@prefix) + key
 
-      value = @trim_value ? value.gsub(@trim_value_re, "") : value
-      value = @remove_char_value ? value.gsub(@remove_char_value_re, "") : value
-      value = @transform_value ? transform(value, @transform_value) : value
+      value = value.gsub(@trim_value_re, EMPTY_STRING) if @trim_value
+      value = value.gsub(@remove_char_value_re, EMPTY_STRING) if @remove_char_value
+      value = transform(value, @transform_value) if @transform_value
 
       # Bail out if inserting duplicate value in key mapping when unique_values
       # option is set to true.
@@ -596,100 +618,4 @@ class LogStash::Filters::KV < LogStash::Filters::Base
 
   class TimeoutException < RuntimeError
   end
-
-  class TimeoutEnforcer
-    def initialize(logger, timeout_nanos)
-      @logger = logger
-      @running = java.util.concurrent.atomic.AtomicBoolean.new(false)
-      @timeout_nanos = timeout_nanos
-
-      # Stores running matches with their start time, this is used to cancel long running matches
-      # Is a map of Thread => start_time
-      @threads_to_start_time = java.util.concurrent.ConcurrentHashMap.new
-    end
-
-    def execute(&block)
-      # If the enforcer is not running, either we failed to start it or it has
-      # already been stopped; in either case, we cannot reliably enforce the timeout
-      # so we raise a RuntimeError instead.
-      fail("TimeoutEnforcer not running.") unless alive?
-
-      begin
-        thread = java.lang.Thread.currentThread()
-        @threads_to_start_time.put(thread, java.lang.System.nanoTime)
-
-        yield
-
-      rescue InterruptedRegexpError, java.lang.InterruptedException => e
-        raise TimeoutException.new
-      ensure
-        # If the block finished, but interrupt was called after, we'll want to
-        # clear the interrupted status anyway
-        @threads_to_start_time.remove(thread)
-        thread.interrupted
-      end
-    end
-
-    def start!
-      @running.set(true)
-      @logger.debug("Starting timeout enforcer (#{@timeout_nanos}ns)")
-      @timer_thread = Thread.new do
-        while @running.get() || !@threads_to_start_time.is_empty
-          begin
-            cancel_timed_out!
-          rescue Exception => e
-            @logger.error("Error while attempting to check/cancel excessively long kv patterns",
-                          :message => e.message,
-                          :class => e.class.name,
-                          :backtrace => e.backtrace
-            )
-          end
-          sleep 0.25
-        end
-      end
-    end
-
-    def stop!
-      @running.set(false)
-      @logger.debug("Shutting down timeout enforcer")
-      # Check for the thread mostly for a fast start/shutdown scenario
-      @timer_thread.join if @timer_thread
-    end
-
-    def alive?
-      @running.get() && @timer_thread && @timer_thread.alive?
-    end
-
-    private
-
-    def cancel_timed_out!
-      now = java.lang.System.nanoTime # save ourselves some nanotime calls
-      @threads_to_start_time.keySet.each do |thread|
-        # Use compute to lock this value
-        @threads_to_start_time.computeIfPresent(thread) do |thread, start_time|
-          if start_time < now && now - start_time > @timeout_nanos
-            thread.interrupt
-            nil # Delete the key
-          else
-            start_time # preserve the key
-          end
-        end
-      end
-    end
-  end
-
-  class NullTimeoutEnforcer
-    def execute(&block)
-      yield
-    end
-
-    def start!
-      # no-op
-    end
-
-    def stop!
-      # no-op
-    end
-  end
-  NULL_TIMEOUT_ENFORCER = NullTimeoutEnforcer.new
 end

data/logstash-filter-kv.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-kv'
-  s.version         = '4.3.3'
+  s.version         = '4.6.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Parses key-value pairs"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,6 +21,9 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.3'
+  s.add_runtime_dependency 'logstash-mixin-validator_support', '~> 1.0'
 
   s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'insist'
 end

data/spec/filters/kv_spec.rb

@@ -1,8 +1,16 @@
 # encoding: utf-8
 
 require "logstash/devutils/rspec/spec_helper"
+require "insist"
 require "logstash/filters/kv"
 
+# Logstash starts JRuby with a special flag to ensure that regexp's are
+# executed in an interruptible fashion.
+require 'java'
+if java.lang.System.getProperty("jruby.regexp.interruptible") != "true"
+  fail("Java must be started with `-Djruby.regexp.interruptible=true`")
+end
+
 describe LogStash::Filters::KV do
 
   describe "defaults" do
@@ -487,6 +495,30 @@ describe LogStash::Filters::KV do
     end
   end
 
+  describe 'field_split_pattern with literal backslashes' do
+    config <<-CONFIG
+      filter {
+        kv {
+          source => headers
+          field_split_pattern => "\\\\r\\\\n"
+          value_split_pattern => ": "
+          whitespace => strict
+          target => headerskv
+        }
+      }
+    CONFIG
+
+    sample({"headers"=>"Host: foo.com\\r\\nUser-Agent: Qwerty/1.2.3 (www.qwerty.org)\\r\\nContent-Type: text/xml; charset=utf-8\\r\\nAccept: */*\\r\\nAccept-Encoding: gzip, deflate\\r\\nContent-Length: 123\\r\\nX-UUID: 0:15713435944943992\\r\\n\\r\\n"}) do
+      insist { subject.get("[headerskv][Host]") } == "foo.com"
+      insist { subject.get("[headerskv][User-Agent]") } == "Qwerty/1.2.3 (www.qwerty.org)"
+      insist { subject.get("[headerskv][Content-Type]") } == "text/xml; charset=utf-8"
+      insist { subject.get("[headerskv][Accept]") } == "*/*"
+      insist { subject.get("[headerskv][Accept-Encoding]") } == "gzip, deflate"
+      insist { subject.get("[headerskv][Content-Length]") } == "123"
+      insist { subject.get("[headerskv][X-UUID]") } == "0:15713435944943992"
+    end
+  end
+
 
   describe "test data from specific sub source and target" do
     config <<-CONFIG
@@ -689,6 +721,27 @@ describe LogStash::Filters::KV do
     end
   end
 
+  describe "Allowing empty values" do
+    config <<-CONFIG
+      filter {
+        kv {
+          field_split => " "
+          source => "source"
+          allow_empty_values => true
+          whitespace => strict
+        }
+      }
+    CONFIG
+
+    sample("source" => "present=one empty= emptyquoted='' present=two emptybracketed=[] endofinput=") do
+      insist { subject.get('[present]') } == ['one','two']
+      insist { subject.get('[empty]') } == ''
+      insist { subject.get('[emptyquoted]') } == ''
+      insist { subject.get('[emptybracketed]') } == ''
+      insist { subject.get('[endofinput]') } == ''
+    end
+  end
+
   describe "Allow duplicate key/value pairs by default" do
     config <<-CONFIG
       filter {

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-kv
 version: !ruby/object:Gem::Version
-  version: 4.3.3
+  version: 4.6.0
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-06-21 00:00:00.000000000 Z
+date: 2022-01-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,34 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  name: logstash-mixin-ecs_compatibility_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-mixin-validator_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -44,6 +72,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: insist
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: This gem is a Logstash plugin required to be installed on top of the
   Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
   gem is not a stand-alone program
@@ -83,8 +125,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Parses key-value pairs