logstash-filter-multiline 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: eb4cb8c23c069b5bc3daae177cb47664149e8349
4
- data.tar.gz: 6f2ee1fe6d3d19b55d83f5fc7310830e50663a8b
3
+ metadata.gz: cdcbc369b915588217bcd2eaec9759bd7064a007
4
+ data.tar.gz: 98013668b90a4f65a3cda6b6e51992c223b8f6c1
5
5
  SHA512:
6
- metadata.gz: 2b5190263a357ad9e629cc48fb8134b5aca15d2b0540c96c852c37eacb377cf19898a1323feef6b64d2f81198d964b36a344445a77687e035e07fe536cc82cde
7
- data.tar.gz: 78e4aa7b36b77fe37f743c84614b6b73a852d4aea554f4f79f66d6e92654c6ab3f7dd6dca999d52f3b54240a0f5684f9d3e5c0caf2578538bb31ddf3b3ab5c8c
6
+ metadata.gz: 76f9305fae576f24d6e4c4ff69f852fcbceae8088b0d1ac42412c9da386b16ded588d381eca0eeea865ace2b71c36968753f59a469aacb0a950647bc2f96a97c
7
+ data.tar.gz: 0534daed978e30f57b51191b4bee5d62b4d0eb6d51940eefb7e53aa0396de60536c33372daf2d515dc47ddf69c0d149980c6edac51762d8ff8673f35af5ce24d
data/Gemfile CHANGED
@@ -1,4 +1,11 @@
1
1
  source 'https://rubygems.org'
2
2
 
3
- # Specify your gem's dependencies in logstash-mass_effect.gemspec
4
3
  gemspec
4
+
5
+ logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
6
+ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
7
+
8
+ if Dir.exist?(logstash_path) && use_logstash_source
9
+ gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
10
+ gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
11
+ end
@@ -0,0 +1,194 @@
1
+ :plugin: multiline
2
+ :type: filter
3
+
4
+ ///////////////////////////////////////////
5
+ START - GENERATED VARIABLES, DO NOT EDIT!
6
+ ///////////////////////////////////////////
7
+ :version: %VERSION%
8
+ :release_date: %RELEASE_DATE%
9
+ :changelog_url: %CHANGELOG_URL%
10
+ :include_path: ../../../../logstash/docs/include
11
+ ///////////////////////////////////////////
12
+ END - GENERATED VARIABLES, DO NOT EDIT!
13
+ ///////////////////////////////////////////
14
+
15
+ [id="plugins-{type}-{plugin}"]
16
+
17
+ === Multiline filter plugin
18
+
19
+ include::{include_path}/plugin_header.asciidoc[]
20
+
21
+ ==== Description
22
+
23
+
24
+ This filter will collapse multiline messages from a single source into one Logstash event.
25
+
26
+ The original goal of this filter was to allow joining of multi-line messages
27
+ from files into a single event. For example - joining java exception and
28
+ stacktrace messages into a single event.
29
+
30
+ NOTE: This filter will not work with multiple worker threads `-w 2` on the logstash command line.
31
+
32
+ The config looks like this:
33
+ [source,ruby]
34
+ filter {
35
+ multiline {
36
+ pattern => "pattern, a regexp"
37
+ negate => boolean
38
+ what => "previous" or "next"
39
+ }
40
+ }
41
+
42
+ The `pattern` should be a regexp (<<plugins-filters-grok,grok>> patterns are
43
+ supported) which matches what you believe to be an indicator that the field
44
+ is part of an event consisting of multiple lines of log data.
45
+
46
+ The `what` must be `previous` or `next` and indicates the relation
47
+ to the multi-line event.
48
+
49
+ The `negate` can be `true` or `false` (defaults to `false`). If `true`, a
50
+ message not matching the pattern will constitute a match of the multiline
51
+ filter and the `what` will be applied. (vice-versa is also true)
52
+
53
+ For example, Java stack traces are multiline and usually have the message
54
+ starting at the far-left, with each subsequent line indented. Do this:
55
+ [source,ruby]
56
+ filter {
57
+ multiline {
58
+ pattern => "^\s"
59
+ what => "previous"
60
+ }
61
+ }
62
+
63
+ This says that any line starting with whitespace belongs to the previous line.
64
+
65
+ Another example is C line continuations (backslash). Here's how to do that:
66
+ [source,ruby]
67
+ filter {
68
+ multiline {
69
+ pattern => "\\$"
70
+ what => "next"
71
+ }
72
+ }
73
+
74
+ This says that any line ending with a backslash should be combined with the
75
+ following line.
76
+
77
+
78
+ [id="plugins-{type}s-{plugin}-options"]
79
+ ==== Multiline Filter Configuration Options
80
+
81
+ This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
82
+
83
+ [cols="<,<,<",options="header",]
84
+ |=======================================================================
85
+ |Setting |Input type|Required
86
+ | <<plugins-{type}s-{plugin}-allow_duplicates>> |<<boolean,boolean>>|No
87
+ | <<plugins-{type}s-{plugin}-max_age>> |<<number,number>>|No
88
+ | <<plugins-{type}s-{plugin}-negate>> |<<boolean,boolean>>|No
89
+ | <<plugins-{type}s-{plugin}-pattern>> |<<string,string>>|Yes
90
+ | <<plugins-{type}s-{plugin}-patterns_dir>> |<<array,array>>|No
91
+ | <<plugins-{type}s-{plugin}-source>> |<<string,string>>|No
92
+ | <<plugins-{type}s-{plugin}-stream_identity>> |<<string,string>>|No
93
+ | <<plugins-{type}s-{plugin}-what>> |<<string,string>>, one of `["previous", "next"]`|Yes
94
+ |=======================================================================
95
+
96
+ Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
97
+ filter plugins.
98
+
99
+ &nbsp;
100
+
101
+ [id="plugins-{type}s-{plugin}-allow_duplicates"]
102
+ ===== `allow_duplicates`
103
+
104
+ * Value type is <<boolean,boolean>>
105
+ * Default value is `true`
106
+
107
+ Allow duplcate values on the source field.
108
+
109
+ [id="plugins-{type}s-{plugin}-max_age"]
110
+ ===== `max_age`
111
+
112
+ * Value type is <<number,number>>
113
+ * Default value is `5`
114
+
115
+ The maximum age an event can be (in seconds) before it is automatically
116
+ flushed.
117
+
118
+ [id="plugins-{type}s-{plugin}-negate"]
119
+ ===== `negate`
120
+
121
+ * Value type is <<boolean,boolean>>
122
+ * Default value is `false`
123
+
124
+ Negate the regexp pattern ('if not matched')
125
+
126
+ [id="plugins-{type}s-{plugin}-pattern"]
127
+ ===== `pattern`
128
+
129
+ * This is a required setting.
130
+ * Value type is <<string,string>>
131
+ * There is no default value for this setting.
132
+
133
+ The expression to match. The same matching engine as the
134
+ <<plugins-filters-grok,grok filter>> is used, so the expression can contain
135
+ a plain regular expression or one that also contains grok patterns.
136
+
137
+ [id="plugins-{type}s-{plugin}-patterns_dir"]
138
+ ===== `patterns_dir`
139
+
140
+ * Value type is <<array,array>>
141
+ * Default value is `[]`
142
+
143
+ Logstash ships by default with a bunch of patterns, so you don't
144
+ necessarily need to define this yourself unless you are adding additional
145
+ patterns.
146
+
147
+ Pattern files are plain text with format:
148
+ [source,ruby]
149
+ NAME PATTERN
150
+
151
+ For example:
152
+ [source,ruby]
153
+ NUMBER \d+
154
+
155
+ [id="plugins-{type}s-{plugin}-source"]
156
+ ===== `source`
157
+
158
+ * Value type is <<string,string>>
159
+ * Default value is `"message"`
160
+
161
+ The field name to execute the pattern match on.
162
+
163
+ [id="plugins-{type}s-{plugin}-stream_identity"]
164
+ ===== `stream_identity`
165
+
166
+ * Value type is <<string,string>>
167
+ * Default value is `"%{host}.%{path}.%{type}"`
168
+
169
+ The stream identity is how the multiline filter determines which stream an
170
+ event belongs to. This is generally used for differentiating, say, events
171
+ coming from multiple files in the same file input, or multiple connections
172
+ coming from a tcp input.
173
+
174
+ The default value here is usually what you want, but there are some cases
175
+ where you want to change it. One such example is if you are using a tcp
176
+ input with only one client connecting at any time. If that client
177
+ reconnects (due to error or client restart), then logstash will identify
178
+ the new connection as a new stream and break any multiline goodness that
179
+ may have occurred between the old and new connection. To solve this use
180
+ case, you can use `%{@source_host}.%{@type}` instead.
181
+
182
+ [id="plugins-{type}s-{plugin}-what"]
183
+ ===== `what`
184
+
185
+ * This is a required setting.
186
+ * Value can be any of: `previous`, `next`
187
+ * There is no default value for this setting.
188
+
189
+ If the pattern matched, does event belong to the next or previous event?
190
+
191
+
192
+
193
+ [id="plugins-{type}s-{plugin}-common-options"]
194
+ include::{include_path}/{type}.asciidoc[]
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-multiline'
4
- s.version = '3.0.2'
4
+ s.version = '3.0.3'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "This filter will collapse multiline messages from a single source into one Logstash event."
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -11,7 +11,7 @@ Gem::Specification.new do |s|
11
11
  s.require_paths = ["lib"]
12
12
 
13
13
  # Files
14
- s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+ s.files = Dir["lib/**/*","spec/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
15
15
 
16
16
  # Tests
17
17
  s.test_files = s.files.grep(%r{^(test|spec|features)/})
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-multiline
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.0.2
4
+ version: 3.0.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-07-14 00:00:00.000000000 Z
11
+ date: 2017-06-23 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -98,6 +98,7 @@ files:
98
98
  - LICENSE
99
99
  - NOTICE.TXT
100
100
  - README.md
101
+ - docs/index.asciidoc
101
102
  - lib/logstash/filters/multiline.rb
102
103
  - logstash-filter-multiline.gemspec
103
104
  - spec/filters/multiline_spec.rb
@@ -123,7 +124,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
123
124
  version: '0'
124
125
  requirements: []
125
126
  rubyforge_project:
126
- rubygems_version: 2.6.3
127
+ rubygems_version: 2.4.8
127
128
  signing_key:
128
129
  specification_version: 4
129
130
  summary: This filter will collapse multiline messages from a single source into one Logstash event.