logstash-filter-multiline 3.0.2 → 3.0.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: eb4cb8c23c069b5bc3daae177cb47664149e8349
-  data.tar.gz: 6f2ee1fe6d3d19b55d83f5fc7310830e50663a8b
+  metadata.gz: cdcbc369b915588217bcd2eaec9759bd7064a007
+  data.tar.gz: 98013668b90a4f65a3cda6b6e51992c223b8f6c1
 SHA512:
-  metadata.gz: 2b5190263a357ad9e629cc48fb8134b5aca15d2b0540c96c852c37eacb377cf19898a1323feef6b64d2f81198d964b36a344445a77687e035e07fe536cc82cde
-  data.tar.gz: 78e4aa7b36b77fe37f743c84614b6b73a852d4aea554f4f79f66d6e92654c6ab3f7dd6dca999d52f3b54240a0f5684f9d3e5c0caf2578538bb31ddf3b3ab5c8c
+  metadata.gz: 76f9305fae576f24d6e4c4ff69f852fcbceae8088b0d1ac42412c9da386b16ded588d381eca0eeea865ace2b71c36968753f59a469aacb0a950647bc2f96a97c
+  data.tar.gz: 0534daed978e30f57b51191b4bee5d62b4d0eb6d51940eefb7e53aa0396de60536c33372daf2d515dc47ddf69c0d149980c6edac51762d8ff8673f35af5ce24d

data/Gemfile

@@ -1,4 +1,11 @@
 source 'https://rubygems.org'
 
-# Specify your gem's dependencies in logstash-mass_effect.gemspec
 gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/docs/index.asciidoc

@@ -0,0 +1,194 @@
+:plugin: multiline
+:type: filter
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+:version: %VERSION%
+:release_date: %RELEASE_DATE%
+:changelog_url: %CHANGELOG_URL%
+:include_path: ../../../../logstash/docs/include
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="plugins-{type}-{plugin}"]
+
+=== Multiline filter plugin
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+
+This filter will collapse multiline messages from a single source into one Logstash event.
+
+The original goal of this filter was to allow joining of multi-line messages
+from files into a single event. For example - joining java exception and
+stacktrace messages into a single event.
+
+NOTE: This filter will not work with multiple worker threads `-w 2` on the logstash command line.
+
+The config looks like this:
+[source,ruby]
+    filter {
+      multiline {
+        pattern => "pattern, a regexp"
+        negate => boolean
+        what => "previous" or "next"
+      }
+    }
+
+The `pattern` should be a regexp (<<plugins-filters-grok,grok>> patterns are
+supported) which matches what you believe to be an indicator that the field
+is part of an event consisting of multiple lines of log data.
+
+The `what` must be `previous` or `next` and indicates the relation
+to the multi-line event.
+
+The `negate` can be `true` or `false` (defaults to `false`). If `true`, a
+message not matching the pattern will constitute a match of the multiline
+filter and the `what` will be applied. (vice-versa is also true)
+
+For example, Java stack traces are multiline and usually have the message
+starting at the far-left, with each subsequent line indented. Do this:
+[source,ruby]
+    filter {
+      multiline {
+        pattern => "^\s"
+        what => "previous"
+      }
+    }
+
+This says that any line starting with whitespace belongs to the previous line.
+
+Another example is C line continuations (backslash). Here's how to do that:
+[source,ruby]
+    filter {
+      multiline {
+        pattern => "\\$"
+        what => "next"
+      }
+    }
+
+This says that any line ending with a backslash should be combined with the
+following line.
+
+
+[id="plugins-{type}s-{plugin}-options"]
+==== Multiline Filter Configuration Options
+
+This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<plugins-{type}s-{plugin}-allow_duplicates>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-max_age>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-negate>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-pattern>> |<<string,string>>|Yes
+| <<plugins-{type}s-{plugin}-patterns_dir>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-source>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-stream_identity>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-what>> |<<string,string>>, one of `["previous", "next"]`|Yes
+|=======================================================================
+
+Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
+filter plugins.
+
+&nbsp;
+
+[id="plugins-{type}s-{plugin}-allow_duplicates"]
+===== `allow_duplicates` 
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `true`
+
+Allow duplcate values on the source field.
+
+[id="plugins-{type}s-{plugin}-max_age"]
+===== `max_age` 
+
+  * Value type is <<number,number>>
+  * Default value is `5`
+
+The maximum age an event can be (in seconds) before it is automatically
+flushed.
+
+[id="plugins-{type}s-{plugin}-negate"]
+===== `negate` 
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `false`
+
+Negate the regexp pattern ('if not matched')
+
+[id="plugins-{type}s-{plugin}-pattern"]
+===== `pattern` 
+
+  * This is a required setting.
+  * Value type is <<string,string>>
+  * There is no default value for this setting.
+
+The expression to match. The same matching engine as the
+<<plugins-filters-grok,grok filter>> is used, so the expression can contain
+a plain regular expression or one that also contains grok patterns.
+
+[id="plugins-{type}s-{plugin}-patterns_dir"]
+===== `patterns_dir` 
+
+  * Value type is <<array,array>>
+  * Default value is `[]`
+
+Logstash ships by default with a bunch of patterns, so you don't
+necessarily need to define this yourself unless you are adding additional
+patterns.
+
+Pattern files are plain text with format:
+[source,ruby]
+    NAME PATTERN
+
+For example:
+[source,ruby]
+    NUMBER \d+
+
+[id="plugins-{type}s-{plugin}-source"]
+===== `source` 
+
+  * Value type is <<string,string>>
+  * Default value is `"message"`
+
+The field name to execute the pattern match on.
+
+[id="plugins-{type}s-{plugin}-stream_identity"]
+===== `stream_identity` 
+
+  * Value type is <<string,string>>
+  * Default value is `"%{host}.%{path}.%{type}"`
+
+The stream identity is how the multiline filter determines which stream an
+event belongs to. This is generally used for differentiating, say, events
+coming from multiple files in the same file input, or multiple connections
+coming from a tcp input.
+
+The default value here is usually what you want, but there are some cases
+where you want to change it. One such example is if you are using a tcp
+input with only one client connecting at any time. If that client
+reconnects (due to error or client restart), then logstash will identify
+the new connection as a new stream and break any multiline goodness that
+may have occurred between the old and new connection. To solve this use
+case, you can use `%{@source_host}.%{@type}` instead.
+
+[id="plugins-{type}s-{plugin}-what"]
+===== `what` 
+
+  * This is a required setting.
+  * Value can be any of: `previous`, `next`
+  * There is no default value for this setting.
+
+If the pattern matched, does event belong to the next or previous event?
+
+
+
+[id="plugins-{type}s-{plugin}-common-options"]
+include::{include_path}/{type}.asciidoc[]

data/logstash-filter-multiline.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-multiline'
-  s.version         = '3.0.2'
+  s.version         = '3.0.3'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "This filter will collapse multiline messages from a single source into one Logstash event."
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
   s.require_paths = ["lib"]
 
   # Files
-  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+  s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
 
   # Tests
   s.test_files = s.files.grep(%r{^(test|spec|features)/})

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-multiline
 version: !ruby/object:Gem::Version
-  version: 3.0.2
+  version: 3.0.3
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-07-14 00:00:00.000000000 Z
+date: 2017-06-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -98,6 +98,7 @@ files:
 - LICENSE
 - NOTICE.TXT
 - README.md
+- docs/index.asciidoc
 - lib/logstash/filters/multiline.rb
 - logstash-filter-multiline.gemspec
 - spec/filters/multiline_spec.rb
@@ -123,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.6.3
+rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: This filter will collapse multiline messages from a single source into one Logstash event.