logstash-filter-logfmt 0.1.12

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 1cb426613c214f5d0316c50a63d9d13abbfac68d
+  data.tar.gz: 6e67337f908fb1a51e9e672440825c7b0c40131c
+SHA512:
+  metadata.gz: d3d8b52cf14b4df3aefef109237eba3be3c4c9eb14d2a94b5d24557bb3728c0c38518bf229ee0d8412bc1c5fb6592337756f4d1328df9545c5f928bece32b3f1
+  data.tar.gz: 266320d3cc1d0ad87da4f0a3720a49bf969f57846bea9701801dabe4fc10e7c97366592ec7a454b0014ac83fd7d7314ea3e2c12c81bd752cf62379e4070aa3b8

data/.gitignore

@@ -0,0 +1,41 @@
+.DS_Store
+*.gem
+
+
+*.gem
+*.rbc
+/.config
+/coverage/
+/InstalledFiles
+/pkg/
+/spec/reports/
+/test/tmp/
+/test/version_tmp/
+/tmp/
+
+## Specific to RubyMotion:
+.dat*
+.repl_history
+build/
+
+## Documentation cache and generated files:
+/.yardoc/
+/_yardoc/
+/doc/
+/rdoc/
+
+## Environment normalisation:
+/.bundle/
+/vendor/bundle
+/lib/bundler/man/
+
+# for a library or gem, you might want to ignore these files since the code is
+# intended to run in multiple environments; otherwise, check them in:
+# Gemfile.lock
+.ruby-version
+.ruby-gemset
+
+# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
+.rvmrc
+
+Gemfile.lock

data/.travis.yml

@@ -0,0 +1,9 @@
+sudo: false
+language: ruby
+jdk:
+  - oraclejdk8
+rvm:
+  - jruby-1.7.25
+before_install: []
+script:
+  - bundle exec rspec spec

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2015 Tim Buchwaldt / grandcentrinx GmbH <http://grandcentrix.net>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,87 @@
+# Logstash Logfmt Parser Plugin
+[![Build Status](https://travis-ci.org/wheely/logstash-filter-logfmt.svg?branch=master)](https://travis-ci.org/wheely/logstash-filter-logfmt)
+
+
+This is a plugin for [Logstash](https://github.com/elasticsearch/logstash), allowing logstash to parse logfmt-formatted messages.
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elasticsearch.org/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elasticsearch/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization.
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+```sh
+bundle exec rspec
+```
+
+The Logstash code required to run the tests/specs is specified in the `Gemfile` by the line similar to:
+```ruby
+gem "logstash", :github => "elasticsearch/logstash", :branch => "1.5"
+```
+To test against another version or a local Logstash, edit the `Gemfile` to specify an alternative location, for example:
+```ruby
+gem "logstash", :github => "elasticsearch/logstash", :ref => "master"
+```
+```ruby
+gem "logstash", :path => "/your/local/logstash"
+```
+
+Then update your dependencies and run your tests:
+
+```sh
+bundle install
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `tools/Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-logfmt", :path => "/your/local/logstash-filter-logfmt"
+```
+- Update Logstash dependencies
+```sh
+rake vendor:gems
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {logfmt { source => "message" }}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-logfmt.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+bin/plugin install /your/local/plugin/logstash-filter-logfmt.gem
+```
+- Start Logstash and proceed to test the plugin

data/lib/logstash/filters/logfmt.rb

@@ -0,0 +1,82 @@
+# encoding: utf-8
+require 'logstash/filters/base'
+require 'logstash/namespace'
+require 'logfmt'
+require 'json'
+
+# Add any asciidoc formatted documentation here
+class LogStash::Filters::Logfmt < LogStash::Filters::Base
+  config_name 'logfmt'
+
+  # The source field to parse
+  config :source, validate: :string
+
+  # The target field to place all the data
+  config :target, validate: :string, default: 'logfmt'
+
+  # Remove source
+  config :remove_source, validate: :boolean, default: false
+
+  # Convert fields to json
+  config :convert_to_json, validate: :array, default: []
+
+  # Convert fields to strings
+  config :convert_to_string, validate: :array, default: []
+
+  def register
+    @logger.info 'Logfmt filter registered'
+  end
+
+  def filter(event)
+    return if resolve(event).nil?
+    filter_matched(event)
+  end
+
+  def resolve(event)
+    data = event.get(@source)
+    params = Logfmt.parse(data)
+
+    # log line should at least have level
+    return if !params['level'].is_a?(String) || params['level'].empty?
+
+    if params['stacktrace']
+      if params['stacktrace'].start_with?('[')
+        params['stacktrace'] = params['stacktrace'][1..-2].split('][')
+      else
+        params['stacktrace'] = params['stacktrace'].split(',')
+      end
+    end
+    event.set(@target, process_hash(params))
+    event.set(@source, nil) if @remove_source
+    return true
+  rescue => e
+    log_exception(e, data)
+    nil
+  end
+
+  private
+
+  def log_exception(e, data)
+    @logger.error({
+      msg: 'Failed to parse logfmt string',
+      error: {
+        message: e.message,
+        err: e.class.to_s,
+        data: data,
+        stacktrace: (e.backtrace && e.backtrace.join(','))
+      }
+    }.to_json)
+  end
+
+  def process_hash(hash)
+    hash.each_with_object({}) do |(key,value), all|
+      key_parts = key.split('.')
+      leaf = key_parts[0...-1].inject(all) { |h, k| h[k] ||= {} }
+      leaf[key_parts.last] = value
+    end.each_with_object({}) do |(key,value), all|
+      next all[key] = value.to_json if @convert_to_json.include?(key)
+      next all[key] = value.to_s if @convert_to_string.include?(key)
+      all[key] = value
+    end
+  end
+end # class LogStash::Filters::Logfmt

data/logstash-filter-logfmt.gemspec

@@ -0,0 +1,27 @@
+Gem::Specification.new do |s|
+  s.name            = 'logstash-filter-logfmt'
+  s.version         = '0.1.12'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = 'This filter may be used to decode Logfmt messages'
+  s.description     = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install logstash-filter-logfmt. This gem is not a stand-alone program'
+  s.authors         = ['Tim Buchwaldt', 'Aleksandr Zykov']
+  s.email           = 'alexandrz@gmail.com'
+  s.homepage        = 'https://github.com/alexandrz/logstash-filter-logfmt/'
+  s.require_paths = ['lib']
+
+  # Files
+  s.files = `git ls-files`.split($OUTPUT_RECORD_SEPARATOR)
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'filter' }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
+  s.add_runtime_dependency 'logfmt', '~> 0.0.8'
+
+  s.add_development_dependency 'logstash-devutils', ['>= 1.0.0']
+  s.add_development_dependency 'rspec'
+end

data/spec/filters/logfmt_spec.rb

@@ -0,0 +1,88 @@
+require 'logstash/devutils/rspec/spec_helper'
+require 'logstash/filters/logfmt'
+require 'logstash/event'
+require 'logstash/json'
+require 'insist'
+
+describe LogStash::Filters::Logfmt do
+  let(:logfmt_filter_options) do
+    {
+      'source' => 'message',
+      'convert_to_json' => ['params'],
+      'convert_to_string' => ['status']
+    }
+  end
+  subject { LogStash::Filters::Logfmt.new(logfmt_filter_options) }
+
+  context '#resolve' do
+    let(:data) { %(time=2016-12-27T16:15:00.108+00:00 level=error status=200 response_status=401 response_body.error="Your user ID or license key could not be authenticated." msg="too many connection resets (due to Net::ReadTimeout - Net::ReadTimeout) after 89 requests on 47144016160240, last used 97.457622864 seconds ago" logger=Wheely::App::Pusher::SmsTransport::Devino err=Net::HTTP::Persistent::Error phone=+79263030599 body="4474 - \u0432\u0430\u0448 \u043A\u043E\u0434" thread=47144031566240 stacktrace="[/usr/local/lib/ruby/2.2.0/net/protocol.rb:158:rescue in rbuf_fill][/usr/local/lib/ruby/2.2.0/net/protocol.rb:152:rbuf_fill][/usr/local/lib/ruby/2.2.0/net/protocol.rb:134:readuntil][/usr/local/lib/ruby/2.2.0/net/protocol.rb:144:readline][/usr/local/lib/ruby/2.2.0/net/http/response.rb:39:read_status_line][/usr/local/lib/ruby/2.2.0/net/http/response.rb:28:read_new][/usr/local/bundle/gems/aws-sdk-core-2.3.0/lib/seahorse/client/net_http/patches.rb:29:block in new_transport_request][/usr/local/bundle/gems/aws-sdk-core-2.3.0/lib/seahorse/client/net_http/patches.rb:26:catch][/usr/local/bundle/gems/aws-sdk-core-2.3.0/lib/seahorse/client/net_http/patches.rb:26:new_transport_request][/usr/local/lib/ruby/2.2.0/net/http.rb:1384:request][/usr/local/bundle/gems/net-http-persistent-2.9.4/lib/net/http/persistent.rb:999:request][/app/lib/sms_transport/devino.rb:45:send_message][/app/lib/sms_transport/devino.rb:22:delivery][/app/lib/sms_transport.rb:48:block (2 levels) in delivery_message][/app/lib/common/statsd.rb:63:call][/app/lib/common/statsd.rb:63:block in delivery_time][/usr/local/bundle/gems/dogstatsd-ruby-1.6.0/lib/statsd.rb:199:time][/app/lib/common/statsd.rb:63:delivery_time][/app/lib/sms_transport.rb:48:block in delivery_message][/app/lib/sms_transport.rb:46:each][/app/lib/sms_transport.rb:46:find][/app/lib/sms_transport.rb:46:delivery_message][/app/lib/sms_transport.rb:28:delivery][/app/lib/tasks/delivery_sms_task.rb:22:block in delivery][/usr/local/bundle/gems/logfoo-0.1.4/lib/logfoo/context.rb:33:context][/app/lib/tasks/delivery_sms_task.rb:16:delivery][/app/lib/consumers/notifications_consumer.rb:40:process][/usr/local/bundle/gems/hutch-0.21.0/lib/hutch/tracers/null_tracer.rb:10:handle][/usr/local/bundle/gems/hutch-0.21.0/lib/hutch/worker.rb:119:handle_message][/usr/local/bundle/gems/hutch-0.21.0/lib/hutch/worker.rb:101:block in setup_queue][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer.rb:56:call][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer.rb:56:call][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/channel.rb:1721:block in handle_frameset][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:97:call][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:97:block (2 levels) in run_loop][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:92:loop][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:92:block in run_loop][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:91:catch][/usr/local/bundle/gems/bunny-2.3.1/lib/bunny/consumer_work_pool.rb:91:run_loop]") }
+    let(:event) { LogStash::Event.new('message' => data) }
+    it 'should decode valid logfmt data' do
+      insist { subject.resolve(event) } == true
+      insist { event.is_a? LogStash::Event }
+      insist { event.get('logfmt')['time'] } == '2016-12-27T16:15:00.108+00:00'
+      insist { event.get('logfmt')['level'] } == 'error'
+      insist { event.get('logfmt')['response_status'] } == 401
+      insist { event.get('logfmt')['status'] } == '200'
+      insist { event.get('logfmt')['response_body']['error'] } == 'Your user ID or license key could not be authenticated.'
+      insist { event.get('logfmt')['stacktrace'].is_a? Array }
+    end
+    context 'equal in valie' do
+      let(:data) { %(time=2016-12-29T12:43:31.029+00:00 level=info method=GET path=/v6/services query=position=55.80450799126121%2C37.58320759981871&selected_service_id=4feb17260c3dba1929000001 status=200 len=0 addr=194.186.99.94 duration=0.050610643 progname=null logger=Rack::Wheely::Logger) }
+      it 'should decode valid logfmt data' do
+        insist { subject.resolve(event) } == true
+        insist { event.is_a? LogStash::Event }
+        insist { event.get('logfmt')['time'] } == '2016-12-29T12:43:31.029+00:00'
+        insist { event.get('logfmt')['level'] } == 'info'
+        insist { event.get('logfmt')['path'] } == '/v6/services'
+        insist { event.get('logfmt')['query'] } == 'position=55.80450799126121%2C37.58320759981871&selected_service_id=4feb17260c3dba1929000001'
+      end
+    end
+    context 'escaped quotation in value' do
+      let(:data) { 'level=info method="GET \"DOM\""' }
+      it 'should decode valid logfmt data' do
+        insist { subject.resolve(event) } == true
+        insist { event.is_a? LogStash::Event }
+        insist { event.get('logfmt')['level'] } == 'info'
+        insist { event.get('logfmt')['method'] } == 'GET "DOM"'
+      end
+    end
+    context 'logfmt-ruby issue #9' do
+      let(:data) { 'level=error msg="Failed to confirm push notification" logger=Notifications params="{\"token\":\"3c201500-d6e7-4185-a814-9701db7bb0fa\",\"device_id\":\"52C929B2-F5A6-475D-82C5-A54815CBD5BA\"}" thread=47144021941860' }
+      it 'should decode valid logfmt data' do
+        insist { subject.resolve(event) } == true
+        insist { event.is_a? LogStash::Event }
+        insist { event.get('logfmt')['thread'] } == 47144021941860
+      end
+    end
+    context 'conver_to_json' do
+      let(:data) { 'level=error params.user_id=1 params.foo=bar' }
+      it 'should decode valid logfmt data' do
+        insist { subject.resolve(event) } == true
+        insist { event.is_a? LogStash::Event }
+        insist { event.get('logfmt')['params'] } == {user_id: 1, foo: 'bar'}.to_json
+      end
+    end
+    it 'should be fast', performance: true do
+      iterations = 5_000
+      count = 0
+      # Warmup
+      10_000.times { subject.resolve(event) {} }
+      start = Time.now
+      iterations.times do
+        subject.resolve(event) do |_event|
+          count += 1
+        end
+      end
+      duration = Time.now - start
+      insist { count } == iterations
+      puts "codecs/logfmt rate: #{'%02.0f/sec' % (iterations / duration)}, elapsed: #{duration}s"
+    end
+    context 'processing plain text' do
+      let(:data) { "something containing level word that isn't json" }
+      it 'falls back to plain text' do
+        insist { subject.resolve(event) } == nil
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,120 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-logfmt
+version: !ruby/object:Gem::Version
+  version: 0.1.12
+platform: ruby
+authors:
+- Tim Buchwaldt
+- Aleksandr Zykov
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2017-03-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash-core-plugin-api
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  name: logfmt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.0.8
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.0.0
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/plugin install logstash-filter-logfmt.
+  This gem is not a stand-alone program
+email: alexandrz@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".travis.yml"
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- lib/logstash/filters/logfmt.rb
+- logstash-filter-logfmt.gemspec
+- spec/filters/logfmt_spec.rb
+homepage: https://github.com/alexandrz/logstash-filter-logfmt/
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.8
+signing_key: 
+specification_version: 4
+summary: This filter may be used to decode Logfmt messages
+test_files:
+- spec/filters/logfmt_spec.rb