logstash-lib 1.3.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (419) hide show
  1. data/.gitignore +24 -0
  2. data/.tailor +8 -0
  3. data/.travis.yml +12 -0
  4. data/CHANGELOG +1185 -0
  5. data/CONTRIBUTING.md +61 -0
  6. data/CONTRIBUTORS +79 -0
  7. data/LICENSE +14 -0
  8. data/Makefile +460 -0
  9. data/README.md +120 -0
  10. data/STYLE.md +96 -0
  11. data/bin/logstash +37 -0
  12. data/bin/logstash-test +4 -0
  13. data/bin/logstash-web +4 -0
  14. data/bin/logstash.lib.sh +78 -0
  15. data/bot/check_pull_changelog.rb +89 -0
  16. data/docs/configuration.md +260 -0
  17. data/docs/docgen.rb +242 -0
  18. data/docs/extending/example-add-a-new-filter.md +121 -0
  19. data/docs/extending/index.md +91 -0
  20. data/docs/flags.md +43 -0
  21. data/docs/generate_index.rb +28 -0
  22. data/docs/index.html.erb +56 -0
  23. data/docs/learn.md +46 -0
  24. data/docs/life-of-an-event.md +109 -0
  25. data/docs/logging-tool-comparisons.md +60 -0
  26. data/docs/plugin-doc.html.erb +91 -0
  27. data/docs/plugin-milestones.md +41 -0
  28. data/docs/plugin-synopsis.html.erb +24 -0
  29. data/docs/release-engineering.md +46 -0
  30. data/docs/release-test-results.md +14 -0
  31. data/docs/repositories.md +35 -0
  32. data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
  33. data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
  34. data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
  35. data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
  36. data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
  37. data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
  38. data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
  39. data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
  40. data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
  41. data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
  42. data/docs/tutorials/getting-started-centralized.md +217 -0
  43. data/docs/tutorials/getting-started-simple.md +200 -0
  44. data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
  45. data/docs/tutorials/media/frontend-response-codes.png +0 -0
  46. data/docs/tutorials/metrics-from-logs.md +84 -0
  47. data/docs/tutorials/zeromq.md +118 -0
  48. data/extract_services.rb +29 -0
  49. data/gembag.rb +64 -0
  50. data/lib/logstash-event.rb +2 -0
  51. data/lib/logstash.rb +4 -0
  52. data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
  53. data/lib/logstash/JRUBY-6970.rb +102 -0
  54. data/lib/logstash/agent.rb +305 -0
  55. data/lib/logstash/certs/cacert.pem +3895 -0
  56. data/lib/logstash/codecs/base.rb +49 -0
  57. data/lib/logstash/codecs/compress_spooler.rb +50 -0
  58. data/lib/logstash/codecs/dots.rb +18 -0
  59. data/lib/logstash/codecs/edn.rb +28 -0
  60. data/lib/logstash/codecs/edn_lines.rb +36 -0
  61. data/lib/logstash/codecs/fluent.rb +55 -0
  62. data/lib/logstash/codecs/graphite.rb +114 -0
  63. data/lib/logstash/codecs/json.rb +41 -0
  64. data/lib/logstash/codecs/json_lines.rb +52 -0
  65. data/lib/logstash/codecs/json_spooler.rb +22 -0
  66. data/lib/logstash/codecs/line.rb +58 -0
  67. data/lib/logstash/codecs/msgpack.rb +43 -0
  68. data/lib/logstash/codecs/multiline.rb +189 -0
  69. data/lib/logstash/codecs/netflow.rb +342 -0
  70. data/lib/logstash/codecs/netflow/util.rb +212 -0
  71. data/lib/logstash/codecs/noop.rb +19 -0
  72. data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
  73. data/lib/logstash/codecs/plain.rb +48 -0
  74. data/lib/logstash/codecs/rubydebug.rb +22 -0
  75. data/lib/logstash/codecs/spool.rb +38 -0
  76. data/lib/logstash/config/Makefile +4 -0
  77. data/lib/logstash/config/config_ast.rb +380 -0
  78. data/lib/logstash/config/file.rb +39 -0
  79. data/lib/logstash/config/grammar.rb +3504 -0
  80. data/lib/logstash/config/grammar.treetop +241 -0
  81. data/lib/logstash/config/mixin.rb +464 -0
  82. data/lib/logstash/config/registry.rb +13 -0
  83. data/lib/logstash/config/test.conf +18 -0
  84. data/lib/logstash/errors.rb +10 -0
  85. data/lib/logstash/event.rb +262 -0
  86. data/lib/logstash/filters/advisor.rb +178 -0
  87. data/lib/logstash/filters/alter.rb +173 -0
  88. data/lib/logstash/filters/anonymize.rb +93 -0
  89. data/lib/logstash/filters/base.rb +190 -0
  90. data/lib/logstash/filters/checksum.rb +50 -0
  91. data/lib/logstash/filters/cidr.rb +76 -0
  92. data/lib/logstash/filters/cipher.rb +145 -0
  93. data/lib/logstash/filters/clone.rb +35 -0
  94. data/lib/logstash/filters/collate.rb +114 -0
  95. data/lib/logstash/filters/csv.rb +94 -0
  96. data/lib/logstash/filters/date.rb +244 -0
  97. data/lib/logstash/filters/dns.rb +201 -0
  98. data/lib/logstash/filters/drop.rb +32 -0
  99. data/lib/logstash/filters/elapsed.rb +256 -0
  100. data/lib/logstash/filters/elasticsearch.rb +73 -0
  101. data/lib/logstash/filters/environment.rb +27 -0
  102. data/lib/logstash/filters/extractnumbers.rb +84 -0
  103. data/lib/logstash/filters/gelfify.rb +52 -0
  104. data/lib/logstash/filters/geoip.rb +145 -0
  105. data/lib/logstash/filters/grep.rb +153 -0
  106. data/lib/logstash/filters/grok.rb +425 -0
  107. data/lib/logstash/filters/grokdiscovery.rb +75 -0
  108. data/lib/logstash/filters/i18n.rb +51 -0
  109. data/lib/logstash/filters/json.rb +90 -0
  110. data/lib/logstash/filters/json_encode.rb +52 -0
  111. data/lib/logstash/filters/kv.rb +232 -0
  112. data/lib/logstash/filters/metaevent.rb +68 -0
  113. data/lib/logstash/filters/metrics.rb +237 -0
  114. data/lib/logstash/filters/multiline.rb +241 -0
  115. data/lib/logstash/filters/mutate.rb +399 -0
  116. data/lib/logstash/filters/noop.rb +21 -0
  117. data/lib/logstash/filters/prune.rb +149 -0
  118. data/lib/logstash/filters/punct.rb +32 -0
  119. data/lib/logstash/filters/railsparallelrequest.rb +86 -0
  120. data/lib/logstash/filters/range.rb +142 -0
  121. data/lib/logstash/filters/ruby.rb +42 -0
  122. data/lib/logstash/filters/sleep.rb +111 -0
  123. data/lib/logstash/filters/split.rb +64 -0
  124. data/lib/logstash/filters/sumnumbers.rb +73 -0
  125. data/lib/logstash/filters/syslog_pri.rb +107 -0
  126. data/lib/logstash/filters/translate.rb +121 -0
  127. data/lib/logstash/filters/unique.rb +29 -0
  128. data/lib/logstash/filters/urldecode.rb +57 -0
  129. data/lib/logstash/filters/useragent.rb +112 -0
  130. data/lib/logstash/filters/uuid.rb +58 -0
  131. data/lib/logstash/filters/xml.rb +139 -0
  132. data/lib/logstash/filters/zeromq.rb +123 -0
  133. data/lib/logstash/filterworker.rb +122 -0
  134. data/lib/logstash/inputs/base.rb +125 -0
  135. data/lib/logstash/inputs/collectd.rb +306 -0
  136. data/lib/logstash/inputs/drupal_dblog.rb +323 -0
  137. data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
  138. data/lib/logstash/inputs/elasticsearch.rb +140 -0
  139. data/lib/logstash/inputs/eventlog.rb +129 -0
  140. data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
  141. data/lib/logstash/inputs/exec.rb +69 -0
  142. data/lib/logstash/inputs/file.rb +146 -0
  143. data/lib/logstash/inputs/ganglia.rb +127 -0
  144. data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
  145. data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
  146. data/lib/logstash/inputs/gelf.rb +138 -0
  147. data/lib/logstash/inputs/gemfire.rb +222 -0
  148. data/lib/logstash/inputs/generator.rb +97 -0
  149. data/lib/logstash/inputs/graphite.rb +41 -0
  150. data/lib/logstash/inputs/heroku.rb +51 -0
  151. data/lib/logstash/inputs/imap.rb +136 -0
  152. data/lib/logstash/inputs/irc.rb +84 -0
  153. data/lib/logstash/inputs/log4j.rb +136 -0
  154. data/lib/logstash/inputs/lumberjack.rb +53 -0
  155. data/lib/logstash/inputs/pipe.rb +57 -0
  156. data/lib/logstash/inputs/rabbitmq.rb +126 -0
  157. data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
  158. data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
  159. data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
  160. data/lib/logstash/inputs/redis.rb +263 -0
  161. data/lib/logstash/inputs/relp.rb +106 -0
  162. data/lib/logstash/inputs/s3.rb +279 -0
  163. data/lib/logstash/inputs/snmptrap.rb +87 -0
  164. data/lib/logstash/inputs/sqlite.rb +185 -0
  165. data/lib/logstash/inputs/sqs.rb +172 -0
  166. data/lib/logstash/inputs/stdin.rb +46 -0
  167. data/lib/logstash/inputs/stomp.rb +84 -0
  168. data/lib/logstash/inputs/syslog.rb +237 -0
  169. data/lib/logstash/inputs/tcp.rb +231 -0
  170. data/lib/logstash/inputs/threadable.rb +18 -0
  171. data/lib/logstash/inputs/twitter.rb +82 -0
  172. data/lib/logstash/inputs/udp.rb +81 -0
  173. data/lib/logstash/inputs/unix.rb +163 -0
  174. data/lib/logstash/inputs/varnishlog.rb +48 -0
  175. data/lib/logstash/inputs/websocket.rb +50 -0
  176. data/lib/logstash/inputs/wmi.rb +72 -0
  177. data/lib/logstash/inputs/xmpp.rb +81 -0
  178. data/lib/logstash/inputs/zenoss.rb +143 -0
  179. data/lib/logstash/inputs/zeromq.rb +165 -0
  180. data/lib/logstash/kibana.rb +113 -0
  181. data/lib/logstash/loadlibs.rb +9 -0
  182. data/lib/logstash/logging.rb +89 -0
  183. data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
  184. data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
  185. data/lib/logstash/monkeypatches-for-performance.rb +66 -0
  186. data/lib/logstash/multiqueue.rb +53 -0
  187. data/lib/logstash/namespace.rb +16 -0
  188. data/lib/logstash/outputs/base.rb +120 -0
  189. data/lib/logstash/outputs/boundary.rb +116 -0
  190. data/lib/logstash/outputs/circonus.rb +78 -0
  191. data/lib/logstash/outputs/cloudwatch.rb +351 -0
  192. data/lib/logstash/outputs/csv.rb +55 -0
  193. data/lib/logstash/outputs/datadog.rb +93 -0
  194. data/lib/logstash/outputs/datadog_metrics.rb +123 -0
  195. data/lib/logstash/outputs/elasticsearch.rb +332 -0
  196. data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
  197. data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
  198. data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
  199. data/lib/logstash/outputs/email.rb +299 -0
  200. data/lib/logstash/outputs/exec.rb +40 -0
  201. data/lib/logstash/outputs/file.rb +180 -0
  202. data/lib/logstash/outputs/ganglia.rb +75 -0
  203. data/lib/logstash/outputs/gelf.rb +208 -0
  204. data/lib/logstash/outputs/gemfire.rb +103 -0
  205. data/lib/logstash/outputs/google_bigquery.rb +570 -0
  206. data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
  207. data/lib/logstash/outputs/graphite.rb +143 -0
  208. data/lib/logstash/outputs/graphtastic.rb +185 -0
  209. data/lib/logstash/outputs/hipchat.rb +80 -0
  210. data/lib/logstash/outputs/http.rb +142 -0
  211. data/lib/logstash/outputs/irc.rb +80 -0
  212. data/lib/logstash/outputs/jira.rb +109 -0
  213. data/lib/logstash/outputs/juggernaut.rb +105 -0
  214. data/lib/logstash/outputs/librato.rb +146 -0
  215. data/lib/logstash/outputs/loggly.rb +93 -0
  216. data/lib/logstash/outputs/lumberjack.rb +51 -0
  217. data/lib/logstash/outputs/metriccatcher.rb +103 -0
  218. data/lib/logstash/outputs/mongodb.rb +81 -0
  219. data/lib/logstash/outputs/nagios.rb +119 -0
  220. data/lib/logstash/outputs/nagios_nsca.rb +123 -0
  221. data/lib/logstash/outputs/null.rb +18 -0
  222. data/lib/logstash/outputs/opentsdb.rb +101 -0
  223. data/lib/logstash/outputs/pagerduty.rb +79 -0
  224. data/lib/logstash/outputs/pipe.rb +132 -0
  225. data/lib/logstash/outputs/rabbitmq.rb +96 -0
  226. data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
  227. data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
  228. data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
  229. data/lib/logstash/outputs/redis.rb +245 -0
  230. data/lib/logstash/outputs/riak.rb +152 -0
  231. data/lib/logstash/outputs/riemann.rb +109 -0
  232. data/lib/logstash/outputs/s3.rb +356 -0
  233. data/lib/logstash/outputs/sns.rb +124 -0
  234. data/lib/logstash/outputs/solr_http.rb +78 -0
  235. data/lib/logstash/outputs/sqs.rb +141 -0
  236. data/lib/logstash/outputs/statsd.rb +116 -0
  237. data/lib/logstash/outputs/stdout.rb +53 -0
  238. data/lib/logstash/outputs/stomp.rb +67 -0
  239. data/lib/logstash/outputs/syslog.rb +145 -0
  240. data/lib/logstash/outputs/tcp.rb +145 -0
  241. data/lib/logstash/outputs/udp.rb +38 -0
  242. data/lib/logstash/outputs/websocket.rb +46 -0
  243. data/lib/logstash/outputs/websocket/app.rb +29 -0
  244. data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
  245. data/lib/logstash/outputs/xmpp.rb +78 -0
  246. data/lib/logstash/outputs/zabbix.rb +108 -0
  247. data/lib/logstash/outputs/zeromq.rb +125 -0
  248. data/lib/logstash/pipeline.rb +286 -0
  249. data/lib/logstash/plugin.rb +150 -0
  250. data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
  251. data/lib/logstash/program.rb +15 -0
  252. data/lib/logstash/runner.rb +238 -0
  253. data/lib/logstash/sized_queue.rb +8 -0
  254. data/lib/logstash/test.rb +183 -0
  255. data/lib/logstash/threadwatchdog.rb +37 -0
  256. data/lib/logstash/time_addon.rb +33 -0
  257. data/lib/logstash/util.rb +106 -0
  258. data/lib/logstash/util/buftok.rb +139 -0
  259. data/lib/logstash/util/charset.rb +39 -0
  260. data/lib/logstash/util/fieldreference.rb +50 -0
  261. data/lib/logstash/util/password.rb +25 -0
  262. data/lib/logstash/util/prctl.rb +11 -0
  263. data/lib/logstash/util/relp.rb +326 -0
  264. data/lib/logstash/util/require-helper.rb +18 -0
  265. data/lib/logstash/util/socket_peer.rb +7 -0
  266. data/lib/logstash/util/zenoss.rb +566 -0
  267. data/lib/logstash/util/zeromq.rb +47 -0
  268. data/lib/logstash/version.rb +6 -0
  269. data/locales/en.yml +170 -0
  270. data/logstash-event.gemspec +29 -0
  271. data/logstash.gemspec +128 -0
  272. data/patterns/firewalls +60 -0
  273. data/patterns/grok-patterns +91 -0
  274. data/patterns/haproxy +37 -0
  275. data/patterns/java +3 -0
  276. data/patterns/linux-syslog +14 -0
  277. data/patterns/mcollective +1 -0
  278. data/patterns/mcollective-patterns +4 -0
  279. data/patterns/nagios +108 -0
  280. data/patterns/postgresql +3 -0
  281. data/patterns/redis +3 -0
  282. data/patterns/ruby +2 -0
  283. data/pkg/build.sh +135 -0
  284. data/pkg/centos/after-install.sh +1 -0
  285. data/pkg/centos/before-install.sh +10 -0
  286. data/pkg/centos/before-remove.sh +11 -0
  287. data/pkg/centos/sysconfig +15 -0
  288. data/pkg/debian/after-install.sh +5 -0
  289. data/pkg/debian/before-install.sh +13 -0
  290. data/pkg/debian/before-remove.sh +13 -0
  291. data/pkg/debian/build.sh +34 -0
  292. data/pkg/debian/debian/README +6 -0
  293. data/pkg/debian/debian/changelog +17 -0
  294. data/pkg/debian/debian/compat +1 -0
  295. data/pkg/debian/debian/control +16 -0
  296. data/pkg/debian/debian/copyright +27 -0
  297. data/pkg/debian/debian/dirs +19 -0
  298. data/pkg/debian/debian/docs +0 -0
  299. data/pkg/debian/debian/logstash.default +39 -0
  300. data/pkg/debian/debian/logstash.init +201 -0
  301. data/pkg/debian/debian/logstash.install +1 -0
  302. data/pkg/debian/debian/logstash.logrotate +9 -0
  303. data/pkg/debian/debian/logstash.postinst +68 -0
  304. data/pkg/debian/debian/logstash.postrm +23 -0
  305. data/pkg/debian/debian/manpage.1.ex +59 -0
  306. data/pkg/debian/debian/preinst.ex +37 -0
  307. data/pkg/debian/debian/prerm.ex +40 -0
  308. data/pkg/debian/debian/release.conf +5 -0
  309. data/pkg/debian/debian/rules +80 -0
  310. data/pkg/debian/debian/watch.ex +22 -0
  311. data/pkg/logrotate.conf +8 -0
  312. data/pkg/logstash-web.default +41 -0
  313. data/pkg/logstash-web.sysv.debian +201 -0
  314. data/pkg/logstash-web.upstart.ubuntu +18 -0
  315. data/pkg/logstash.default +45 -0
  316. data/pkg/logstash.sysv.debian +202 -0
  317. data/pkg/logstash.sysv.redhat +158 -0
  318. data/pkg/logstash.upstart.ubuntu +20 -0
  319. data/pkg/rpm/SOURCES/logstash.conf +26 -0
  320. data/pkg/rpm/SOURCES/logstash.init +80 -0
  321. data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
  322. data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
  323. data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
  324. data/pkg/rpm/SPECS/logstash.spec +180 -0
  325. data/pkg/rpm/readme.md +4 -0
  326. data/pkg/ubuntu/after-install.sh +7 -0
  327. data/pkg/ubuntu/before-install.sh +12 -0
  328. data/pkg/ubuntu/before-remove.sh +13 -0
  329. data/pull_release_note.rb +25 -0
  330. data/require-analyze.rb +22 -0
  331. data/spec/README.md +14 -0
  332. data/spec/codecs/edn.rb +40 -0
  333. data/spec/codecs/edn_lines.rb +53 -0
  334. data/spec/codecs/graphite.rb +96 -0
  335. data/spec/codecs/json.rb +57 -0
  336. data/spec/codecs/json_lines.rb +51 -0
  337. data/spec/codecs/json_spooler.rb +43 -0
  338. data/spec/codecs/msgpack.rb +39 -0
  339. data/spec/codecs/multiline.rb +60 -0
  340. data/spec/codecs/oldlogstashjson.rb +55 -0
  341. data/spec/codecs/plain.rb +35 -0
  342. data/spec/codecs/spool.rb +35 -0
  343. data/spec/conditionals/test.rb +323 -0
  344. data/spec/config.rb +31 -0
  345. data/spec/event.rb +165 -0
  346. data/spec/examples/fail2ban.rb +28 -0
  347. data/spec/examples/graphite-input.rb +41 -0
  348. data/spec/examples/mysql-slow-query.rb +70 -0
  349. data/spec/examples/parse-apache-logs.rb +66 -0
  350. data/spec/examples/parse-haproxy-logs.rb +115 -0
  351. data/spec/examples/syslog.rb +48 -0
  352. data/spec/filters/alter.rb +96 -0
  353. data/spec/filters/anonymize.rb +189 -0
  354. data/spec/filters/checksum.rb +41 -0
  355. data/spec/filters/clone.rb +67 -0
  356. data/spec/filters/collate.rb +122 -0
  357. data/spec/filters/csv.rb +174 -0
  358. data/spec/filters/date.rb +285 -0
  359. data/spec/filters/date_performance.rb +31 -0
  360. data/spec/filters/dns.rb +159 -0
  361. data/spec/filters/drop.rb +19 -0
  362. data/spec/filters/elapsed.rb +294 -0
  363. data/spec/filters/environment.rb +43 -0
  364. data/spec/filters/geoip.rb +62 -0
  365. data/spec/filters/grep.rb +342 -0
  366. data/spec/filters/grok.rb +473 -0
  367. data/spec/filters/grok/timeout2.rb +56 -0
  368. data/spec/filters/grok/timeouts.rb +39 -0
  369. data/spec/filters/i18n.rb +25 -0
  370. data/spec/filters/json.rb +72 -0
  371. data/spec/filters/json_encode.rb +37 -0
  372. data/spec/filters/kv.rb +403 -0
  373. data/spec/filters/metrics.rb +212 -0
  374. data/spec/filters/multiline.rb +119 -0
  375. data/spec/filters/mutate.rb +180 -0
  376. data/spec/filters/noop.rb +221 -0
  377. data/spec/filters/prune.rb +441 -0
  378. data/spec/filters/punct.rb +18 -0
  379. data/spec/filters/railsparallelrequest.rb +112 -0
  380. data/spec/filters/range.rb +169 -0
  381. data/spec/filters/split.rb +58 -0
  382. data/spec/filters/translate.rb +70 -0
  383. data/spec/filters/unique.rb +25 -0
  384. data/spec/filters/useragent.rb +42 -0
  385. data/spec/filters/xml.rb +157 -0
  386. data/spec/inputs/file.rb +107 -0
  387. data/spec/inputs/gelf.rb +52 -0
  388. data/spec/inputs/generator.rb +30 -0
  389. data/spec/inputs/imap.rb +60 -0
  390. data/spec/inputs/redis.rb +63 -0
  391. data/spec/inputs/relp.rb +70 -0
  392. data/spec/inputs/tcp.rb +101 -0
  393. data/spec/jar.rb +21 -0
  394. data/spec/outputs/csv.rb +266 -0
  395. data/spec/outputs/elasticsearch.rb +161 -0
  396. data/spec/outputs/elasticsearch_http.rb +240 -0
  397. data/spec/outputs/email.rb +173 -0
  398. data/spec/outputs/file.rb +82 -0
  399. data/spec/outputs/graphite.rb +236 -0
  400. data/spec/outputs/redis.rb +127 -0
  401. data/spec/speed.rb +20 -0
  402. data/spec/sqlite-test.rb +81 -0
  403. data/spec/support/LOGSTASH-733.rb +21 -0
  404. data/spec/support/LOGSTASH-820.rb +25 -0
  405. data/spec/support/akamai-grok.rb +26 -0
  406. data/spec/support/date-http.rb +17 -0
  407. data/spec/support/postwait1.rb +26 -0
  408. data/spec/support/pull375.rb +21 -0
  409. data/spec/test_utils.rb +125 -0
  410. data/spec/util/fieldeval_spec.rb +44 -0
  411. data/test/jenkins/config.xml.erb +74 -0
  412. data/test/jenkins/create-jobs.rb +23 -0
  413. data/test/jenkins/generatorjob.config.xml +66 -0
  414. data/tools/Gemfile +14 -0
  415. data/tools/Gemfile.jruby-1.9.lock +322 -0
  416. data/tools/Gemfile.rbx-2.1.lock +516 -0
  417. data/tools/Gemfile.ruby-1.9.1.lock +310 -0
  418. data/tools/Gemfile.ruby-2.0.0.lock +310 -0
  419. metadata +629 -0
@@ -0,0 +1,24 @@
1
+ .*.swp
2
+ *.gem
3
+ pkg/*.deb
4
+ pkg/*.rpm
5
+ *.class
6
+ .rbx
7
+ Gemfile.lock
8
+ .rbx
9
+ *.tar.gz
10
+ *.jar
11
+ .bundle
12
+ build
13
+ local
14
+ test/setup/elasticsearch/elasticsearch-*
15
+ vendor
16
+ .sass-cache
17
+ data
18
+ .buildpath
19
+ .project
20
+ .DS_Store
21
+ *.pyc
22
+ etc/jira-output.conf
23
+ coverage/*
24
+ .VERSION.mk
data/.tailor ADDED
@@ -0,0 +1,8 @@
1
+ Tailor.config do |config|
2
+ config.file_set '*.rb' do |style|
3
+ style.indentation_spaces 2, :level => :off
4
+ style.max_line_length 80, :level => :off
5
+ style.allow_trailing_line_spaces true, :level => :off
6
+ style.spaces_after_comma false, :level => :off
7
+ end
8
+ end
@@ -0,0 +1,12 @@
1
+ language: ruby
2
+ rvm:
3
+ - jruby-19mode
4
+ jdk:
5
+ - oraclejdk7
6
+ - openjdk7
7
+
8
+ script:
9
+ - JRUBY_OPTS=--debug COVERAGE=true GEM_HOME=./vendor/bundle/jruby/1.9 GEM_PATH= ./vendor/bundle/jruby/1.9/bin/rspec spec/support/*.rb spec/filters/*.rb spec/examples/*.rb spec/codecs/*.rb spec/conditionals/*.rb spec/event.rb
10
+ install:
11
+ - ruby gembag.rb
12
+ - make vendor-geoip
@@ -0,0 +1,1185 @@
1
+ 1.3.2 (December 23, 2013)
2
+ # upgrade notes
3
+ - Users of logstash 1.3.0 or 1.3.1 should set 'template_overwrite => true' in
4
+ your elasticsearch (or elasticsearch_http) outputs before upgrading to this
5
+ version to ensure you receive the fixed index template.
6
+
7
+ # general
8
+ - web: don't crash if an invalid http request was sent
9
+ (#878, LOGSTASH-704; Jordan Sissel)
10
+ - Ships with Elasticsearch 0.90.9
11
+ - logstash will now try to make sure the @timestamp field is of the
12
+ correct format.
13
+ - Fix a bug in 1.3.1/1.3.0's elasticsearch index template causing phrase
14
+ searching to not work. Added tests to ensure search behavior works as
15
+ expected with this template. (Aaron Mildenstein, Jordan Sissel)
16
+ - Update README.md to be consistent with Makefile use of JRuby 1.7.8
17
+
18
+ # outputs
19
+ - new: csv: write csv format to files output. (Matt Gray)
20
+ (This output will become a codec usable with file output in the next
21
+ major version!)
22
+
23
+ 1.3.1 (December 11, 2013)
24
+ # general
25
+ - Fix path to the built-in elasticsearch index template
26
+
27
+ 1.3.0 (December 11, 2013)
28
+ # general
29
+ - oops: The --help flag now reports help again, instead of barfing an "I need
30
+ help" exception (LOGSTASH-1436, LOGSTASH-1392; Jordan Sissel)
31
+ - Resolved encoding errors caused by environmental configurations, such as
32
+ 'InvalidByteSequenceError ... on US-ASCII' (LOGSTASH-1595, #842;
33
+ Jordan Sissel)
34
+ - Fix bug causing "no such file to load -- base64" (LOGSTASH-1310,
35
+ LOGSTASH-1519, LOGSTASH-1325, LOGSTASH-1522, #834; Jordan Sissel)
36
+ - Elasticsearch version 0.90.7
37
+ - Bug fixes galore!
38
+
39
+ ## inputs
40
+ - new: collectd: receive metrics from collectd's network protocol
41
+ (#785, Aaron Mildenstein)
42
+ - bugfix: gelf: handle chunked gelf message properly (#718, Thomas De Smedt)
43
+ - bugfix: s3: fix bug in region endpoint setting (#740, Andrea Ascari)
44
+ - bugfix: pipe: restart the command when it finishes (#754, Jonathan Van
45
+ Eenwyk)
46
+ - bugfix: redis: if redis fails, reconnect. (#767, LOGSTASH-1475; Jordan Sissel)
47
+ - feature: imap: add 'content_type' setting for multipart messages and
48
+ choosing the part that becomes the event message. (#784, Brad Fritz)
49
+ - bugfix: zeromq: don't override the 'host' field if the event already
50
+ has one. (Jordan Sissel)
51
+ - bugfix: ganglia: fix regressions; plugin should work again (LOGSTASH-1655,
52
+ #818; Jordan Sissel)
53
+ - bugfix: Fix missing library in sqs input (#775, LOGSTASH-1294; Toby
54
+ Collier)
55
+
56
+ ## filters
57
+ - new: unique: removes duplicate values from a given field in an event.
58
+ (#676, Adam Tucker)
59
+ - new: elapsed: time duration between two tagged events. (#713, Andrea Forni)
60
+ - new: i18n: currently supports 'transliterate' which does best-effort
61
+ conversion of text to "plain" letters. Like 'ó' to 'o'. (#671,
62
+ Juarez Bochi)
63
+ - bugfix: restore filter flushing thread (LOGSTASH-1284, #689; Bernd Ahlers)
64
+ - new: elasticsearch: query elasticsearch and update your event based on the
65
+ results. (#707, Jonathan Van Eenwyk)
66
+ - new: sumnumbers: finds all numbers in a message and sums them (#752, Avleen
67
+ Vig)
68
+ - feature: geoip: new field 'location' is GeoJSON derived from the lon/lat
69
+ coordinates for use with elasticsearch, kibana, and anything else that
70
+ understands GeoJSON (#763, Aaron Mildenstein)
71
+ - new: punct: Removes all text except punctuation and stores it in another
72
+ field. Useful for as a means for fingerprinting events. (#813, Guixing Bai)
73
+ - feature: metrics: Make percentiles configurable. Also make rates (1, 5,
74
+ 15-minute) optional. (#817, Juarez Bochi)
75
+
76
+ ## codecs
77
+ - new: compressed_spooler: batches events and sends/receives them in
78
+ compressed form. Useful over high latency links or with transports
79
+ with higher-than-desired transmission costs. (Avleen Vig)
80
+ - new: fluent: receive data serialized using the Fluent::Logger for easier
81
+ migration away from fluentd or for folks who simply like the logger
82
+ library (#759, Jordan Sissel)
83
+ - new: edn: encode and decode the EDN serialization format. Commonly used
84
+ in Clojure. For more details, see: https://github.com/edn-format/edn
85
+ (#778, Lee Hinman)
86
+ - bugfix: oldlogstashjson: Fix encoding to work correctly. (#788, #795;
87
+ Brad Fritz)
88
+ - bugfix: oldlogstashjson: Fallback to plain text on invalid JSON
89
+ (LOGSTASH-1534, #850; Jordan Sissel)
90
+
91
+ ## outputs
92
+ - feature: elasticsearch and elasticsearch_http now will apply a default
93
+ index mapping template (included) which has the settings recommended by
94
+ Elasticsearch for Logstash specifically.
95
+ Configuration options allow disabling this feature and providing a path
96
+ to your own template. (#826, #839; Aaron Mildenstein)
97
+ - feature: elasticsearch_http: optional 'user' and 'password' settings to
98
+ make use of http authentication (LOGSTASH-902, #684; Ian Neubert)
99
+ - new: google_bigquery: upload logs to bigquery for analysis later (Rodrigo
100
+ De Castro)
101
+ - bugfix: datadog_metrics: fix validation bug (#789, Ian Paredes)
102
+ - feature: elasticsearch: new 'transport' setting letting you tell logstash
103
+ to act as a cluster node (default, prior behavior) or as a 'transport
104
+ client'. With the new 'transport' mode, your firewall rules may be simpler
105
+ (unicast, one direction) and transport clients do not show up in your
106
+ cluster node list. (LOGSTASH-102, #841; Jordan Sissel)
107
+ - feature: elasticsearch: new 'bind_port setting for 'node' protocol which
108
+ lets you chose the local port to bind on (#841, Jordan Sissel)
109
+ - bugfix: Fix missing library in sqs input (#775, LOGSTASH-1294; Toby
110
+ Collier)
111
+
112
+ 1.2.2 (October 22, 2013)
113
+ # general
114
+ - new 'worker' setting for outputs. This helps improve throughput on
115
+ request-oriented outputs such as redis, rabbitmq, elasticsearch,
116
+ elasticsearch_http, etc. Workers run in separate threads each handling
117
+ events as they come in. This allows you to linearly scale up outputs across
118
+ cores or as blocking-io permits.
119
+ - grok performance is up 600%
120
+ - lots of bug fixes
121
+ - bugfixes to conditionals (#682, Matt Dainty)
122
+ - rabbitmq now replaces the old deprecated amqp plugins. amqp plugins are
123
+ removed.
124
+ - inputs will now do their best to handle text which is encoded differently
125
+ than the charset you have specified (LOGSTASH-1443, Jordan Sissel)
126
+
127
+ ## inputs
128
+ - bugfix: udp: respects teardown requests via SIGINT, etc (LOGSTASH-1290,
129
+ Jordan Sissel)
130
+ - bugfix: rabbitmq: disable automatic connection recovery (LOGSTASH-1350,
131
+ #641, #642; Michael Klishin)
132
+ - bugfix: twitter: works again (#640, Bernd Ahlers)
133
+ - compatibility: Restored the old 'format' setting behavior. It is still
134
+ deprecated, but was accidentally removed in 1.2.0. It will be removed
135
+ later, but is restored as part of our backwards-compat promise (Jordan
136
+ Sissel)
137
+ - bugfix: s3: fix LOGSTASH-1321 and LOGSTASH-1319 (Richard Pijnenburg)
138
+ - bugfix: log4j: fix typo (Jordan Sissel)
139
+ - bugfix: rabbitmq: disable automatic connection recover because logstash
140
+ will handle it (LOGSTASH-1350, Michael Klishin)
141
+ - bugfix: heroku: works again (LOGSTASH-1347, #643; Bernd Ahlers)
142
+ - bugfix: tcp: improve detection of closed connections to reduce lost events
143
+ (Jordan Sissel)
144
+ - bugfix: elasticsearch: now works correctly (#670, Richard Pijnenburg)
145
+ - improvement: elasticsearch: make size and scroll time configurable (#670,
146
+ Richard Pijnenburg)
147
+ - improvement: elasticsearch: tunable search type (#670, Richard Pijnenburg)
148
+ - compatibility: restore 'format' setting which was accidentally removed in
149
+ 1.2.0. This feature is still deprecated, but it has been restored
150
+ temporarily as part of our backwards compatibility promise. (#706, Jordan
151
+ Sissel)
152
+ - bugfix: syslog: fix socket leakage (#704, Bernd Ahlers)
153
+ - improvement: all aws-related plugins: Add proxy_uri setting (#714, Malthe
154
+ Borch)
155
+ - bugfix: unix: fix variable name crash (#720, Nikolay Bryskin)
156
+
157
+ ## codecs
158
+ - new: graphite: parse graphite formated events (Nick Ethier)
159
+ - new: json_lines: parse streams that are lines of json objects (#731, Nick
160
+ Ethier)
161
+ - bugfix: multiline: time is now correctly in UTC. (Jordan Sissel)
162
+ - bugfix: oldlogstashjson: improved conversion of old logstash json to the
163
+ new schema (#654, Jordan Sissel)
164
+ - bugfix: oldlogstashjson: fix typo breaking encoding (#665, Tom Howe)
165
+ - bugfix: json: now assumes json delimited by newline character
166
+ (LOGSTASH-1332, #710; Nick Ethier)
167
+ - improvements: netflow: new target and versions settings (#686, Matt Dainty)
168
+
169
+ ## filters
170
+ - performance: grok: 6.3x performance improvement (#681, Jordan Sissel)
171
+ - bugfix: geoip: empty values (nil, empty string) are not put into the event
172
+ anymore. (Jordan Sissel)
173
+ - bugfix: geoip: allow using Maxmind's ASN database (LOGSTASH-1394, #694;
174
+ Bernd Ahlers)
175
+ - improvement: kv: target will now overwrite any existing fields, including
176
+ the source (Jordan Sissel).
177
+ - improvement: Kv: 'prefix' setting now respects sprintf (LOGSTASH-913,
178
+ #647; Richard Pijnenburg)
179
+ - checksum: sha128 was not a valid digest, removed from list
180
+ - feature: metrics: added clear_interval and flush_interval parameters for
181
+ setting flush rates and when to clear metrics (#545)
182
+ - new: collate: group events by time and/or count into a single event. (#609,
183
+ Neway Liu)
184
+ - feature: date: now supports a 'target' field for writing the timestamp into
185
+ a field other than @timestamp. (#625, Jonathan Van Eenwyk)
186
+ - bugfix: riemann: event tagging works again (#631, Marc Fournier)
187
+ - improvement: grok: IPV6 pattern (#623, Matt Dainty)
188
+ - improvement: metrics: add clear_interval and flush_interval settings (#545,
189
+ Juarez Bochi)
190
+ - improvement: useragent: include operating system details (#656, Philip
191
+ Kubat)
192
+ - improvement: csv: new quote_char setting (#725, Alex Markham)
193
+
194
+ ## outputs
195
+ - feature: all outputs have a 'worker' setting now that allows you to
196
+ perform more work at the same time. This is useful for plugins like
197
+ elasticsearch_http, redis, etc, which can bottleneck on waiting for
198
+ requests to complete but would otherwise be happy processing more
199
+ simultaneous requests. (#708, Jordan Sissel)
200
+ - bugfix: elasticsearch: requests are now synchronous. This avoid overloading
201
+ the client and server with unlimited in-flight requests. (#688, Jordan
202
+ Sissel)
203
+ - bugfix: elasticsearch_http: fix bug when sending multibyte utf-8 events
204
+ (LOGSTASH-1328, #678, #679, #695; Steve Merrill, Christian Winther,
205
+ NickEthier, Jordan Sissel)
206
+ - performance: elasticsearch_http: http client library uses TCP_NODELAY now
207
+ which dramatically improves performance. (#696, Jordan Sissel)
208
+ - feature: elasticsearch_http now supports a 'replication' setting to
209
+ allow you to choose how you wait for the response. THe default is 'sync'
210
+ which waits for all replica shards to be written. If you set it to 'async'
211
+ then all index requests will respond once only the primary shards have been
212
+ written and the replica shards will be written later. This can improve
213
+ throughput. (#700, Nick Ethier, Jordan Sissel)
214
+ - bugfix: elasticsearch: the default port range is now 9300-9305; the older
215
+ range up to 9400 was unnecessary and could cause problems for the
216
+ elasticsearch cluster in some cases.
217
+ - improvement: aws-based outputs (e.g. cloudwatch) now support proxy uri.
218
+ - bugfix: rabbitmq: disable automatic connection recovery (LOGSTASH-1350)
219
+ (#642)
220
+ - bugfix: riemann: fixed tagging of riemann events (#631)
221
+ - bugfix: s3: fix LOGSTASH-1321 and LOGSTASH-1319 (#636, #645; Richard
222
+ Pijnenburg)
223
+ - bugfix: mongodb: Fix mongodb auth (LOGSTASH-1371, #659; bitsofinfo)
224
+ - bugfix: datadog: Fix time conversion (LOGSTASH-1427, #690; Bernd Ahlers)
225
+ - bugfix: statsd: Permit plain floating point values correctly in the
226
+ config. Example: sample_rate => 0.5 (LOGSTASH-1441, #705; Jordan Sissel)
227
+ - bugfix: syslog: Fix timestamp date formation. 'timestamp' setting is now
228
+ deprecated and the format of the time depends on your rfc selection.
229
+ (LOGSTASH-1423, #692, #739; Jordan Sissel, Bernd Ahlers)
230
+
231
+ ## patterns
232
+ - improvement: added IPV6 suppot to IP pattern (#623)
233
+
234
+ 1.2.1 (September 7, 2013)
235
+ # general
236
+ - This is primarily a bugfix/stability release based on feedback from 1.2.0
237
+ - web: kibana's default dashboard now works with the new logstash 1.2 schema.
238
+ - docs: updated the tutorials to work in logstash 1.2.x
239
+ - agent: Restored the --configtest flag (unintentionally removed from 1.2.0)
240
+ - deprecation: Using deprecated plugin settings can now advise you on a
241
+ corrective path to take. One example is the 'type' setting on filters and
242
+ outputs will now advise you to use conditionals and give an example.
243
+ - conditionals: The "not in" operator is now supported.
244
+
245
+ ## inputs
246
+ - bugfix: pipe: reopen the pipe and retry on any error. (#619, Jonathan Van
247
+ Eenwyk)
248
+ - bugfix: syslog: 'message' field no longer appears as an array.
249
+ - bugfix: rabbitmq: can now bind the queue to the exchange (#624, #628,
250
+ LOGSTASH-1300, patches by Jonathan Tron and Jonathan Van Eenwyk)
251
+
252
+ ## codecs
253
+ - compatibility: json: if data given is not valid as json will now be used as
254
+ the "message" of an event . This restores the older behavior when using
255
+ 1.1.13's "format => json" feature on inputs. (LOGSTASH-1299)
256
+ - new: netflow: process netflow data (#580, patches by Nikolay Bryskin and
257
+ Matt Dainty)
258
+
259
+ ## filters
260
+ - bugfix: multiline: the multiline filter returns! It was unintentionally
261
+ removed from the previous (1.2.0) release.
262
+ - bugfix: json_encode: fix a syntax error in the code. (LOGSTASH-1296)
263
+ - feature: kv: now captures duplicate field names as a list, so 'foo=bar
264
+ foo=baz' becomes the field 'foo' with value ['bar', 'baz'] (an array).
265
+ (#622, patch by Matt Dainty)
266
+
267
+ ## outputs
268
+ - new: google_cloud_storage: archive logs to Google Cloud Storage (#572,
269
+ Rodrigo De Castro)
270
+ - bugfix: fixed bug with 'tags' and 'exclude_tags' on outputs that would
271
+ crash if the event had no tags. (LOGSTASH-1286)
272
+
273
+ 1.2.0 (September 3, 2013)
274
+ # general
275
+ - The logstash json schema has changed. (LOGSTASH-675)
276
+ For prior logstash users, you will be impacted one of several ways:
277
+ * You should check your elasticsearch templates and update them accordingly.
278
+ * If you want to reindex old data from elasticsearch with the new schema,
279
+ you should be able to do this with the elasticsearch input. Just make
280
+ sure you set 'codec => oldlogstashjson' in your elasticsearch input.
281
+ - The old logstash web ui has been replaced by Kibana 3. Kibana is a far
282
+ superior search and analytics interface.
283
+ - New feature: conditionals! You can now make "if this, then ..." decisions
284
+ in your filters or outputs. See the docs here:
285
+ http://logstash.net/docs/latest/configuration#conditionals
286
+ - A new syntax exists for referencing fields (LOGSTASH-1153). This replaces
287
+ the prior and undocumented syntax for field access (was 'foo.bar' and is
288
+ now '[foo][bar]'). Learn more about this here:
289
+ http://logstash.net/docs/latest/configuration#fieldreferences
290
+ - A saner hash syntax in the logstash config is now supported. It uses the
291
+ perl/ruby hash-rocket syntax: { "key" => "value", ... } (LOGSTASH-728)
292
+ - ElasticSearch version 0.90.3 is included. (#486, Gang Chen)
293
+ - The elasticsearch plugin now uses the bulk index api which should result
294
+ in lower cpu usage as well as higher performance than the previous
295
+ logstash version.
296
+ - Many deprecated features have been removed. If your config caused
297
+ deprecation warnings on startup in logstash v1.1.13, there is a good
298
+ chance that these deprecated settings are now absent.
299
+ - 'type' is no longer a required setting on inputs.
300
+ - New plugin type: codec. Used to implement decoding of events for inputs and
301
+ encoding of events for outputs. Codecs allow us to separate transport (like
302
+ tcp, redis, rabbitmq) from serialization (gzip text, json, msgpack, etc).
303
+ - Improved error messages that try to be helpful. If you see bad or confusing
304
+ error messages, it is a bug, so let us know! (Patch by Nick Ethier)
305
+ - The old 'plugin status' concept has been replaced by 'milestones'
306
+ (LOGSTASH-1137)
307
+ - SIGHUP should cause logstash to reopen it's logfile if you are using the
308
+ --log flag
309
+
310
+ ## inputs
311
+ - new: s3: reads files from s3 (#537, patch by Mathieu Guillaume)
312
+ - feature: imap: now marks emails as read (#542, Raffael Schmid)
313
+ - feature: imap: lets you delete read email (#591, Jonathan Van Eenwyk)
314
+ - feature: rabbitmq: now well-supported again (patches by Michael Klishin)
315
+ - bugfix: gelf: work around gelf parser errors (#476, patch by Chris McCoy)
316
+ - broken: the twitter input is disabled because the twitter stream v1 api is
317
+ no longer supported and I couldn't find a replacement library that works
318
+ under JRuby.
319
+ - new: sqlite input (#484, patch by Evan Livingston)
320
+ - improvement: snmptrap: new 'yamlmibdir' setting for specifying an external
321
+ source for MIB definitions. (#477, patch by Dick Davies)
322
+ - improvement: stomp: vhost support (#490, patch by Matt Dainty)
323
+ - new: unix: unix socket input (#496, patch by Nikolay Bryskin)
324
+ - new: wmi: for querying wmi (windows). (#497, patch by Philip Seidel)
325
+ - improvement: sqs: new id_field and md5_field settings (LOGSTASH-1118, Louis
326
+ Zuckerman)
327
+
328
+ ## filters
329
+ - feature: grok: 'singles' now defaults to true.
330
+ - bugfix: grep: allow repeating a field in the hash config (LOGSTASH-919)
331
+ - feature: specify timezone in date filter (#470, patch by Philippe Weber)
332
+ - feature: grok setting 'overwrite' now lets you overwrite fields instead
333
+ of appending to them.
334
+ - feature: the useragent filter now defaults to writing results to the top
335
+ level of the event instead of "ua"
336
+ - feature: grok now defaults 'singles' to true, meaning captured fields are
337
+ stored as single values in most cases instead of the old behavior of being
338
+ captured as an array of values.
339
+ - new: json_encoder filter (#554, patch by Ralph Meijer)
340
+ - new: cipher: gives you many options for encrypting fields (#493, patch by
341
+ saez0pub)
342
+ - feature: kv: new settings include_fields and exclude_fields. (patch by
343
+ Piavlo)
344
+ - feature: geoip: new 'target' setting for where to write geoip results.
345
+ (#491, patch by Richard Pijnenburg)
346
+ - feature: dns: now accepts custom nameservers to query (#495, patch by
347
+ Nikolay Bryskin)
348
+ - feature: dns: now accepts a timeout setting (#507, patch by Jay Luker)
349
+ - bugfix: ruby: multiple ruby filter instances now work (#501, patch by
350
+ Nikolay Bryskin)
351
+ - feature: uuid: new filter to add a uuid to each event (#531, Tomas Doran)
352
+ - feature: useragent: added 'prefix' setting to prefix field names created
353
+ by this filter. (#524, patch by Jay Luker)
354
+ - bugfix: mutate: strip works now (#590, Jonathan Van Eenwyk)
355
+ - new: extractnumbers: extract all numbers from a message (#579, patch by
356
+ Pablo Barrera)
357
+
358
+ ## outputs
359
+ - new: jira: create jira tickets from an event (#536, patch by Martin Cleaver)
360
+ - feature: rabbitmq: now well-supported again (patches by Michael Klishin)
361
+ - improvement: stomp: vhost support (Patch by Matt Dainty)
362
+ - feature: elasticsearch: now uses the bulk index api and supports
363
+ a tunable bulk flushing size.
364
+ - feature: elasticsearch_http: will now flush when idle instead of always
365
+ waiting for a full buffer. This helps in slow-sender situations such
366
+ as testing by hand.
367
+ - feature: irc: add messages_per_second tunable (LOGSTASH-962)
368
+ - bugfix: email: restored initial really useful documentation
369
+ - improvement: emails: allow @message, @source, @... in match (LOGSTASH-826,
370
+ LOGSTASH-823)
371
+ - feature: email: can now set Reply-To (#540, Tim Meighen)
372
+ - feature: mongodb: replica sets are supported (#389, patch by Mathias Gug)
373
+ - new: s3: New plugin to write to amazon S3 (#439, patch by Mattia Peterle)
374
+ - feature: statsd: now supports 'set' metrics (#513, patch by David Warden)
375
+ - feature: sqs: now supports batching (#522, patch by AaronTheApe)
376
+ - feature: ganglia: add slope and group settings (#583, patch by divanikus)
377
+
378
+ 1.1.13 (May 28, 2013)
379
+ ## general
380
+ - fixed bug in static file serving for logstash web (LOGSTASH-1067)
381
+
382
+ ## outputs
383
+ - feature: irc: add messages_per_second tunable (LOGSTASH-962)
384
+
385
+ 1.1.12 (May 7, 2013)
386
+ ## filters
387
+ - bugfix: useragent filter now works correctly with the built-in regexes.yaml
388
+ - bugfix: mail output with smtp now works again
389
+
390
+ 1.1.11 (May 7, 2013)
391
+ ## general
392
+ - This release is primarily a bugfix release for bugs introduced by the
393
+ previous release.
394
+ - Support for Rubinius and MRI exists once again.
395
+
396
+ ## inputs
397
+ - bugfix: lumberjack now respects field data again (lumberjack --field foo=bar)
398
+ - bugfix: rabbitmq was broken by the previous release (LOGSTASH-1003,
399
+ LOGSTASH-1038; Patch by Jason Koppe)
400
+ - bugfix: relp: allow multiple client socket connections to RELP input
401
+ (LOGSTASH-707, LOGSTASH-736, LOGSTASH-921)
402
+
403
+ ## filters
404
+ - bugfix: geoip was broken by the previous release (LOGSTASH-1013)
405
+ - feature: sleep now accepts an 'every' setting which causes it to
406
+ sleep every N events. Example; sleep every 10 events: every => 10.
407
+ - feature: grok now permits dashes and dots in captures, such as
408
+ %{WORD:foo-bar}.
409
+ - bugfix: useragent filter now ships with a default regexes.yaml file
410
+ that is used by default unless you otherwise specify (LOGSTASH-1051)
411
+ - bugfix: add_field now correctly sets top-level fields like @message
412
+ - bugfix: mutate 'replace' now sets a field regardless of whether or not
413
+ it exists.
414
+ - feature: new mutate 'update' setting to change a field's value but
415
+ only if that field exists already.
416
+
417
+ ## outputs
418
+ - feature: irc output now supports 'secure' setting to use ssl (LOGSTASH-139)
419
+ - feature: nagios_nsca has new setting 'message_format'
420
+ - bugfix: fix graphite plugin broken in 1.1.10 (LOGSTASH-968)
421
+ - bugfix: elasticsearch_http was broken in 1.1.10 (LOGSTASH-1004)
422
+ - bugfix: rabbitmq was broken by the previous release (LOGSTASH-1003,
423
+ LOGSTASH-1038; Patch by Jason Koppe)
424
+ - feature: hipchat 'notify' setting now called 'trigger_notify' (#467, patch
425
+ by Richard Pijnenburg)
426
+
427
+ 1.1.10 (April 16, 2013)
428
+ ## general
429
+ - On linux, all threads will set their process names so you can identify
430
+ threads in tools like top(1).
431
+ - Java 5 is no longer supported (You must use Java 6 or newer).
432
+ - Windows line terminators (CRLF) are now accepted in config files.
433
+ - All AWS-related plugins now have the same configuration options:
434
+ region, access_key_id, secret_access_key, use_ssl, and
435
+ aws_credentials_file. Affected plugins: cloudwatch output,
436
+ sns output, sqs output, sqs input. (LOGSTASH-805)
437
+ - Lots of documentation fixes (James Turnbull, et al)
438
+ - The amqp plugins are now named 'rabbitmq' because it *only* works
439
+ with rabbitmq. The old 'amqp' name should still work, but it will
440
+ be removed soon while 'rabbitmq' will stay. (Patches by Michael Zaccari)
441
+ - New flag '--configtest' to test config and exit. (Patch by Darren Patterson)
442
+ - Improved error feedback logstash gives to you as a user.
443
+
444
+ ## inputs
445
+ - new: elasticsearch: this input allows you to stream search results from
446
+ elasticsearch; it uses the Scroll API.
447
+ - new: websocket. Currently supports acting as a websocket client.
448
+ - new: snmptrap, to receive SNMP traps (patch by Paul Czar)
449
+ - new: varnishlog input to read from the Varnish Cache server's shared memory
450
+ log (LOGSTASH-978, #422; Louis Zuckerman)
451
+ - new: graphite input. Supports the plain text carbon tcp protocol.
452
+ - new: imap input. Read mail!
453
+ - feature: twitter: supports http proxying now (#276, patch by Richard
454
+ Pijnenburg)
455
+ - feature: loggly: supports http proxying now (#276, patch by Richard
456
+ Pijnenburg)
457
+ - feature: tcp: ssl now supported! (#318, patch by Matthew Richardson)
458
+ - feature: redis: now supports 'batch_count' option for doing bulk fetches
459
+ from redis lists. Requires Redis 2.6.0 or higher. (#320, patch by Piavlo)
460
+ - feature: irc: will use ssl if you set 'secure' (#393, patch by Tomas Doran)
461
+ - bugfix: log4j: respect add_fields (LOGSTASH-904, #358)
462
+ - bugfix: eventlog: input should now work
463
+ - bugfix: irc: passwords now work (#412, Nick Ethier)
464
+
465
+ ## filters
466
+ - new: useragent: parses user agent strings in to structured data based on
467
+ BrowserScope data (#347, patch by Dan Everton)
468
+ - new: sleep: sleeps a given amount of time before passing the event.
469
+ Useful for rate limiting or replay simulation.
470
+ - new: ruby: experimental ruby plugin that lets you call custom ruby code
471
+ on every event.
472
+ - new: translate: for mapping values (#335, patch by Paul Czar)
473
+ - new: clone: creates a copy of the event.
474
+ - feature: grok: Adds tag_on_failure setting so you can prevent grok from
475
+ tagging events on failure. (#328, patch by Neil Prosser)
476
+ - deprecated: grok: deprecated the --grok-patterns-path flag (LOGSTASH-803)
477
+ - feature: date: nested field access is allowed now
478
+ - feature: csv, xml, kv, json, geoip: new common settings!
479
+ (LOGSTASH-756, #310, #311, #312, #383, #396; patches by Richard Pijnenburg)
480
+ source - what field the text comes from
481
+ target - where to store the parse result.
482
+ - feature: csv: new setting: columns - labels for each column parsed.
483
+ - bugfix: geoip: The built-in geoip database should work now (#326, patch
484
+ by Vincent Batts)
485
+ - bugfix: kv filter now respects add_tag, etc (LOGSTASH-935)
486
+
487
+ ## outputs
488
+ - new: hipchat output (#428, Cameron Stokes)
489
+ - bugfix: mongo would fail to load bson_java support (LOGSTASH-849)
490
+ - bugfix: tags support to gelf output. Returns tags as _tags field
491
+ (LOGSTASH-880, patch by James Turnbull)
492
+ - bugfix: elasticsearch: Fix a race condition. (#340, patch by Raymond Feng)
493
+ - improvement: http: now supports a custom 'message' format for building your
494
+ own http bodies from an event. (#319, patch by Christian S)
495
+ - bugfix: Fix opentsdb output (LOGSTASH-689, #317; patch by Emmet Murphy)
496
+ - improvement: http output now supports a custom message format with
497
+ the 'message' setting (Patch by Christian Schröder)
498
+ - graphite output now lets you ship the whole (or part) of an event's fields
499
+ to graphite as metric updates. (#350, patch by Piavlo)
500
+ - email output now correctly defaults to not using authentication
501
+ (LOGSTASH-559, #365; patch by Stian Mathiassen)
502
+ - bugfix: file output now works correctly on fifos
503
+ - bugfix: irc passwords now work (#412, Nick Ethier)
504
+ - improvement: redis output now supports congestion detection. If
505
+ it appears nothing is consuming from redis, the output will stall
506
+ until that problem is resolved. This helps prevent a dead reader
507
+ from letting redis fill up memory. (Piavlo)
508
+ - feature: boundary: New 'auto' setting. (#413, Alden Jole)
509
+
510
+ 1.1.9 (January 10, 2013)
511
+ ## inputs
512
+ - bugfix: all inputs: fix bug where some @source values were not valid urls
513
+
514
+ ## filters
515
+ - bugfix: mutate: skip missing fields in 'convert' (#244, patch by Ralph Meijer)
516
+
517
+ ## outputs
518
+ - improvement: gelf: new tunable 'ignore_metadata' flag to set which fields
519
+ to ignore if ship_metadata is set. (#244, patch by Ralph Meijer)
520
+ - improvement: gelf: make short_message's field name tunable (#244, patch by
521
+ Ralph Meijer)
522
+
523
+ 1.1.8 (January 10, 2013)
524
+ ## general
525
+ - patched another work around for JRUBY-6970 (LOGSTASH-801)
526
+
527
+ ## inputs
528
+ - bugfix: tcp: 'Address in use' errors now report the host/port involved.
529
+ (LOGSTASH-831)
530
+ - bugfix: zeromq: fix bug where an invalid url could be given as a source
531
+ (LOGSTASH-821, #306)
532
+
533
+ ## outputs
534
+ - bugfix: elasticsearch_river: it now resolves evaluates %{} variables in
535
+ index and index_type settings. (LOGSTASH-819)
536
+
537
+ 1.1.7 (January 3, 2013)
538
+ ## inputs
539
+ - fix bug where @source_host was set to 'false' in many cases.
540
+
541
+ ## outputs
542
+ - improvement: redis: shuffle_hosts is now enabled by default
543
+
544
+ 1.1.6 (January 2, 2013)
545
+ ## Overview of this release:
546
+ - new inputs: drupal_dblog.
547
+ - new filters: anonymize, metrics.
548
+ - new outputs: syslog, cloudwatch.
549
+ - new 'charset' setting for all inputs. This should resolve all known encoding
550
+ problems. The default charset is UTF-8.
551
+ - grok now captures (?<somename>...) regexp into 'somename' field
552
+ - Elasticsearch 0.20.2 is included. This means you are required to upgrade
553
+ your elasticsearch cluster to 0.20.2. If you wish to continue using an old
554
+ version of elasticsearch, you should use the elasticsearch_http plugin
555
+ instead of the elasticsearch one.
556
+
557
+ ## general
558
+ - fixed internal dependency versioning on 'addressable' gem (LOGSTASH-694)
559
+ - fixed another case of 'watchdog timeout' (LOGSTASH-701)
560
+ - plugin flags are now deprecated. The grok filter (--grok-pattern-path) was
561
+ the only plugin to make use of this.
562
+ - the grok filter has improved documentation
563
+ - lots of documentation fixes (James Turnbull, Louis Zuckerman)
564
+ - lots of testing improvements (Philippe Weber, Laust Rud Jacobsen)
565
+ - all 'name' settings have been deprecated in favor of more descriptive
566
+ settings (LOGSTASH-755)
567
+ - JRuby upgraded to 1.7.1
568
+ - removed use of bundler
569
+ - Fixed timestamp parsing in MRI (patch by Rene Lengwinat)
570
+
571
+ ## inputs
572
+ - All inputs now have a 'charset' setting to help you inform logstash of the
573
+ text encoding of the input. This is useful if you have Shift_JIS or CP1251
574
+ encoded log files. This should help resolve the many UTF-8 bugs that were
575
+ reported recently. The default charset is UTF-8.
576
+ - new: drupal_dblog: read events from a DBLog-enabled Drupal. (#251, Patch by
577
+ theduke)
578
+ - bugfix: zeromq: 'topology' is now a required setting
579
+ - bugfix: lumberjack: client connection closing is now handled properly.
580
+ (Patch by Nick Ethier)
581
+ - misc: lumberjack: jls-lumberjack gem updated to 0.0.7
582
+ - bugfix: stomp: fix startup problems causing early termination (#226
583
+ - bugfix: tcp: the 'source host' for events is now the client ip:port that
584
+ sent it, instead of the listen address that received it. (LOGSTASH-796)
585
+ - improvement: tcp: the default data_timeout is now -1 (never timeout).
586
+ This change was made because read timeouts were causing data loss, and
587
+ logstash should avoid losing events by default.
588
+ - improvement: amqp: the 'name' setting is now called 'queue' (#274)
589
+ - improvement: eventlog: the 'name' setting is now called 'logfile' (#274)
590
+ - bugfix: log4j: fix stacktrace reading (#253, patch by Alex Arutyunyants)
591
+
592
+ ## filters
593
+ - new: anonymize: supports many hash mechanisms (murmur3, sha1, md5, etc) as
594
+ well as IP address anonymization (#280, #261; patches by Richard Pijnenburg
595
+ and Avishai Ish-Shalom)
596
+ - new: metrics: allows you to aggregate metrics from events and emit them
597
+ periodically. Think of this like 'statsd' but implemented as a logstash
598
+ filter instead of an external service.
599
+ - feature: date: now accepts 'match' as a setting. Use of this is preferable
600
+ to the old syntax. Where you previously had 'date { somefield =>
601
+ "somepattern" }' you should now do: 'date { match => [ "somefield",
602
+ "somepattern" ] }'. (#248, LOGSTASH-734, Patch by Louis Zuckerman)
603
+ - feature: grok: now accepts (?<foo>...) named captures. This lets you
604
+ compose a pattern in the grok config without needing to define it in a
605
+ patterns file. Example: (?<hostport>%{HOST}:%{POSINT}) to capture 'hostport'
606
+ - improvement: grok: allow '$' in JAVACLASS pattern (#241, patch by Corry
607
+ Haines)
608
+ - improvement: grok: can now match against number types. Example, if you're
609
+ sending a json format event with { "status": 403 } you can now grok that
610
+ field. The number is represented as a string "403" before pattern matching.
611
+ - bugfix: date: Fix a bug that would crash the pipeline if no date pattern
612
+ matched. (LOGSTASH-705)
613
+ - feature: kv: Adds field_split, value_split, prefix, and container
614
+ settings. (#225, patch by Alex Wheeler)
615
+ - bugfix: mutate: rename on a nonexistant field now does nothing as expected.
616
+ (LOGSTASH-757)
617
+ - bugfix: grok: don't tag an event with _grokparsefailure if it's already so
618
+ (#248, patch by Greg Brockman)
619
+ - feature: mutate: new settings - split, join, strip. "split" splits a field
620
+ into an array. "join" merges an array into a string. "strip" strips leading and
621
+ trailing whitespace. (Patch by Avishai Ish-Shalom)
622
+
623
+ ## outputs
624
+ - new: syslog output supporting both RFC3164 and RFC5424 (#180, patch by
625
+ Rui Alves)
626
+ - new: cloudwatch output to emit metrics and other events to Amazon CloudWatch.
627
+ (LOGSTASH-461, patch by Louis Zuckerman)
628
+ - feature: stdout: added 'message' setting for configuring the output message
629
+ format. The default is same behavior as before this feature.
630
+ - feature: http: added 'format' option to select 'json' or form-encoded
631
+ request body to send with each request.
632
+ - feature: http: added 'content_Type' option set the Content-Type header.
633
+ This defaults to "application/json" if the 'format' is 'json'. Will default
634
+ to 'application/x-www-form-urlencoded' if the 'format' is 'form'
635
+ - bugfix: zeromq: 'topology' is now a required setting
636
+ - feature: mongodb: new setting 'isodate' that, when true, stores the
637
+ @timestamp field as a mongodb date instead of a string. (#224, patch by
638
+ Kevin Amorin)
639
+ - improvement: gelf: Allow full_message gelf property to be overridden (#245,
640
+ patch by Sébastien Masset)
641
+ - misc: lumberjack: jls-lumberjack gem updated to 0.0.6
642
+ - feature: nagios: New 'nagios_level' setting to let you change the level
643
+ of the passive check result sent to nagios. (#298, Patch by James Turnbull)
644
+ - feature: elasticsearch, elasticsearch_http, elasticsearch_river: new setting
645
+ 'document_id' for explicitly setting the document id in each write to
646
+ elasticsearch. This is useful for overwriting existing documents.
647
+ - improvement: elasticsearch_river: 'name' is now 'queue' (#274)
648
+ - improvement: amqp: 'name' is now 'exchange' (#274)
649
+ - bugfix: the websocket output works again (supports RFC6455)
650
+
651
+ 1.1.5 (November 10, 2012)
652
+ ## Overview of this release:
653
+ * New inputs: zenoss, gemfire
654
+ * New outputs: lumberjack, gemfire
655
+ * Many UTF-8 crashing bugs were resolved
656
+
657
+ ## general
658
+ - new runner command 'rspec' - lets you run rspec tests from the jar
659
+ This means you should now be able to write external tests that execute your
660
+ logstash configs and verify functionality.
661
+ - "file not found" errors related to paths that had "jar:" prefixes should
662
+ now work. (Fixes LOGSTASH-649, LOGSTASH-642, LOGSTASH-655)
663
+ - several plugins received UTF-8-related fixes (file, lumberjack, etc)
664
+ File bugs if you see any UTF-8 related crashes.
665
+ - 'json_event' format inputs will now respect 'tags' (#239, patch by
666
+ Tim Laszlo)
667
+ - logstash no longer uses nor recommends bundler (see 'gembag.rb'). The
668
+ Gemfile will be purged in the near future.
669
+ - amqp plugins are now marked 'unsupported' as there is no active maintainer
670
+ nor is there source of active support in the community. If you're interested
671
+ in maintainership, please email the mailling list or contact Jordan!
672
+
673
+ ## inputs
674
+ - irc: now stores irc nick
675
+ - new: zenoss (#232, patch by Chet Luther)
676
+ - new: gemfire (#235, patch by Andrea Campi)
677
+ - bugfix: udp: skip close() call if we're already closed (#238, patch by kcrayon)
678
+
679
+ ## filters
680
+ - bugfix: fix for zeromq filter initializer (#237, patch by Tom Howe)
681
+
682
+ ## outputs
683
+ - new: lumberjack output (patch by Nick Ethier)
684
+ - new: gemfire output (#234, patch by Andrea Campi)
685
+ - improved: nagios_ncsa (patch by Tomas Doran)
686
+ - improved: elasticsearch: permit setting 'host' even if embedded. Also set the
687
+ host default to 'localhost' when using embedded. These fixes should help resolve
688
+ issues new users have when their distros surprisingly block multicast by
689
+ default.
690
+ - improved: elasticsearch: failed index attempts will be retried
691
+ - improved: irc: new 'password' setting (#283, patch by theduke)
692
+
693
+ 1.1.4 (October 28, 2012)
694
+ ## Overview of this release:
695
+ - bug fixes mostly
696
+
697
+ ## filters
698
+ - date: Fix crashing on date filter failures. Wrote test to cover this case.
699
+ (LOGSTASH-641)
700
+ - grok: Improve QUOTEDSTRING pattern to avoid some more 'watchdog timeout' problems
701
+
702
+ ## outputs
703
+ - nagios_nsca: Allow check status to be set from the event (#228, patch by
704
+ Tomas Doran)
705
+ - elasticsearch_http: Fix OpenSSL::X509::StoreError (LOGSTASH-642)
706
+
707
+ 1.1.3 (October 22, 2012)
708
+ - rebuilt 1.1.2 for java 5 and 6
709
+
710
+ 1.1.2 (October 22, 2012)
711
+ ## Overview of this release:
712
+ * New input plugins: lumberjack, sqs, relp
713
+ * New output plugins: exec, sqs
714
+ * New filter plugins: kv, geoip, urldecode, alter
715
+ * file input supports backfill via 'start_position'
716
+ * filter watchdog timer set to 10 seconds (was 2 seconds)
717
+
718
+ ## general
719
+ - Stopped using 'Gemfile' for dependencies, the logstash.gemspec has returned.
720
+ (Patch by Grant Rogers)
721
+ - New 'logstash-event.gemspec' for generating logstash events in your own
722
+ ruby programs (Patch by Garry Shutler)
723
+ - Wildcard config files are now sorted properly (agent -f
724
+ /etc/logstash/*.conf)
725
+ - The old '-vvv' setting ruby's internal $DEBUG is now gone. It was causing
726
+ too much confusion for users due to noise.
727
+ - Improved 'logstash event' creation speed by 3.5x
728
+ - Now uses JRuby 1.7.0
729
+ - Now ships with Elasticsearch 0.19.10
730
+
731
+ ## inputs
732
+ - bugfix: redis: [LOGSTASH-526] fix bug with password passing
733
+ - new: lumberjack: for use with the lumberjack log shipper
734
+ (https://github.com/jordansissel/lumberjack)
735
+ - new: sqs: Amazon SQS input (Patch by Sean Laurent, #211)
736
+ - new: relp: RELP (rsyslog) plugin (Patch by Mike Worth, #177)
737
+ - file input: sincedb path is now automatically generated if not specified.
738
+ This helps work around a problem where two file inputs don't specify a
739
+ sincedb_path would clobber eachother (LOGSTASH-554)
740
+ - file input: no longer crashes if HOME is not set in env (LOGSTASH-458)
741
+ - log4j input: now supports MDC 'event properties' which are stored as fields
742
+ in the logstash event. (#216, #179. Patches by Charles Robertson and Jurjan
743
+ Woltman)
744
+ - pipe input: should work now.
745
+
746
+ ## filters
747
+ - new: kv: useful for parsing log formats taht use 'foo=bar baz=fizz' and
748
+ similar key-value-like things.
749
+ - new: urldecode: a filter for urldecoding fields in your event. (Patch by
750
+ Joey Imbasciano, LOGSTASH-612)
751
+ - new: geoip: query a local geoip database for location information (Patch by
752
+ Avishai Ish-Shalom, #208)
753
+ - improvement: zeromq: an empty reply is now considered as a 'cancel this
754
+ event' operation (LOGSTASH-574)
755
+ - bugfix: mutate: fix bug in uppercase and lowercase feature that would
756
+ prevent it from actually doing the uppercasing/lowercasing.
757
+ - improvement: mutate: do the 'remove' action last (LOGSTASH-543)
758
+ - feature: grok: new 'singles' config option which, when true, stores
759
+ single-value fields simply as a single value rather than as an array, like
760
+ [value]. (LOGSTASH-185)
761
+ - grok patterns: the URIPARAM pattern now includes pipe '|' as a valid
762
+ character. (Patch by Chris Mague)
763
+ - grok patterns: improve haproxy log patterns (Patch by Kevin Nuckolls)
764
+ - grok patterns: include 'FATAL' as a valid LOGLEVEL match
765
+ (patch by Corry Haines)
766
+ - grok patterns: 'ZONE' is no longer captured by name in the HTTPDATE pattern
767
+ - new: alter: adds some conditional field modification as well as a
768
+ 'coalesce' feature which sets the value of a field to the first non-null
769
+ value given in a list. (Patch by Francesco Salbaroli)
770
+ - improvement: date: add TAI64N support
771
+ - improvement: date: subsecond precision on UNIX timestamps is retained on
772
+ conversion (#213, Patch by Ralph Meijer)
773
+ - improvement: date: Add locale setting; useful for day/month name parsing.
774
+ (#100, Patch by Christian Schröder)
775
+
776
+ ## outputs
777
+ - new: exec: run arbitrary commands based on an event.
778
+ - new: sqs: Amazon SQS output (Patch by Sean Laurent, #211)
779
+ - bugfix: redis: [LOGSTASH-526] fix bug with password passing
780
+ - improvement: redis: [LOGSTASH-573] retry on failure even in batch-mode. This
781
+ also fixes a prior bug where an exception in batch mode would cause logstash
782
+ to crash. (Patch by Alex Dean)
783
+ - improvement: riemann: metric and ttl values in riemann_event now support
784
+ sprintf %{foo} values. (pull #174)
785
+ - improvement: stdout: new 'dots' debug_format value emits one dot per event
786
+ useful for tracking event rates.
787
+ - gelf output: correct severity level mappings (patch by Jason Koppe)
788
+ - xmpp output: users and rooms are separate config settings now (patch by
789
+ Parker DeBardelaben)
790
+ - improvement: redis: 'host' setting now accepts a list of hosts for failover
791
+ of writes should the current host go down. (#222, patch by Corry Haines)
792
+
793
+ 1.1.1 (July 14, 2012)
794
+ ## Overview of this release:
795
+ * New input plugins: generator, heroku, pipe, ganglia, irc
796
+ * New output plugins: juggernaut, metricscatcher, nagios_ncsa, pipe,
797
+ opentsdb, pagerduty, irc
798
+ * New filter plugins: zeromq, environment, xml, csv, syslog_pri
799
+ * Fixes for gelf output
800
+ * Support for more than 1 filter worker (agent argument "-w")
801
+
802
+ ## IMPORTANT CHANGES FOR UPGRADES FROM 1.1.0
803
+ - zeromq input and output rewritten
804
+ The previous zeromq support was an MVP. It has now been rewritten into
805
+ something more flexible. The configuration options have changed entirely.
806
+ While this is still listed as `experimental`, we don't predict any more
807
+ configuration syntax changes. The next release will bump this to beta.
808
+ - unix_timestamp
809
+ Previously, several plugins did not work as expected on MRI due to the
810
+ usage of the JRuby-only Jodatime library. We now have a contributed fix
811
+ for a slower parser on MRI/CRuby!
812
+ - elasticsearch version is now 0.19.8
813
+ This means your elasticsearch cluster must be running 0.19.x for
814
+ compatibility reasons.
815
+ - grok pattern %{POSINT} used to match '0' -- now it does not. If you want
816
+ to match non-negative integers, there is now a %{NONNEGINT} pattern.
817
+ - bug in file input fixed that led to an extra leading slash in @source_path.
818
+ Previously, file input would have @source = 'file://host//var/log/foo' and
819
+ @source_path = '//var/log/foo'; now @source = 'file://host/var/log/foo'
820
+ and @source_path = '/var/log/foo'. [LOGSTASH-501]
821
+ - file input now rejects relative paths. [LOGSTASH-503]
822
+ - event sprintf can now look inside structured field data. %{foo.bar} will
823
+ look in the event field "foo" (if it is a hash) for "bar". To preserve
824
+ compatibility, we first look for a top-level key that matches exactly
825
+ (so %{foo.bar} will first look for a field named "foo.bar", then look for
826
+ "bar" under "foo").
827
+
828
+ ## general
829
+ - NOTE: gemspec removed; deploying logstash as a gem hasn't been supported
830
+ for a while.
831
+ - feature: logstash sub-commands "irb" and "pry" for an interactive debug
832
+ console, useful to debug jruby when running from the monolithic jar
833
+ - misc: newer cabin gem for logging
834
+ - misc: initial support for reporting internal metrics (currently outputs
835
+ to INFO log; eventually will be an internal event type)
836
+ - misc: added a "thread watchdog" to detect hanging filter workers, and
837
+ crash logstash w/an informational message
838
+ - misc: jar is built with jruby 1.6.7.2
839
+ - misc: better shutdown behavior when there are no inputs/plugins running
840
+ - feature: logstash web now uses relative URLs; useful if you want to
841
+ reverseproxy with a path other than "/"
842
+
843
+ ## inputs
844
+ - bugfix: stdin: exit plugin gracefully on EOF
845
+ - feature: [LOGSTASH-410] - inputs can now be duplicated with the
846
+ 'threads' parameter (where supported)
847
+ - bugfix: [LOGSTASH-490] - include cacert.pem in jar for twitter input
848
+ - feature: [LOGSTASH-139] - support for IRC
849
+
850
+ ## filters
851
+ - feature: all filters support 'remove_tag' (remove tags on success)
852
+ - feature: all filters support 'exclude_tags' (inverse of 'tags')
853
+ - bugfix: [LOGSTASH-300] - bump grok pattern replace limit to 1000,
854
+ fixes "deep recursion pattern compilation" problems
855
+ - bugfix: [LOGSTASH-375] - fix bug in grep: don't drop when field is nil
856
+ and negate is true
857
+ - bugfix: [LOGSTASH-386] - fix some grok patterns for haproxy
858
+ - bugfix: [LOGSTASH-446] - fix grok %{QUOTEDSTRING} pattern, should fix
859
+ some grok filter hangs
860
+ - bugfix: some enhancements to grok pattern %{COMBINEDAPACHELOG}
861
+ - bugfix: grok: %{URIPATH} and %{URIPARAM} enhancements
862
+ - feature: grok: add %{UUID} pattern
863
+ - bugfix: grok: better error message when expanding unknown %{pattern}
864
+ - feature: mutate: now supports a 'gsub' operation for applying a regexp
865
+ substitution on event fields
866
+
867
+ ## outputs
868
+ - bugfix: [LOGSTASH-351] - fix file input on windows
869
+ - feature: [LOGSTASH-356] - make file output flush intervals configurable
870
+ - feature: [LOGSTASH-392] - add 'field' attribute to restrict which fields
871
+ get sent to an output
872
+ - feature: [LOGSTASH-374] - add gzip support to file output
873
+ - bugfix: elastic search river now respects exchange_type and queue_name
874
+ - bugfix: ganglia plugin now respects metric_type
875
+ - bugfix: GELF output facility fixes; now defaults to 'logstash-gelf'
876
+ - feature: [LOGSTASH-139] - support for IRC
877
+ - bugfix: es_river: check river status after creation to verify status
878
+ - feature: es: allow setting node_name
879
+ - feature: redis: output batching for list mode
880
+
881
+ 1.1.0.1 (January 30, 2012)
882
+ ## Overview of this release:
883
+ * date filter bugfix: [LOGSTASH-438] - update joda-time to properly
884
+ handle leap days
885
+
886
+ 1.1.0 (January 30, 2012)
887
+ ## Overview of this release:
888
+ * New input plugins: zeromq, gelf
889
+ * New filter plugins: mutate, dns, json
890
+ * New output plugins: zeromq, file
891
+ * The logstash agent now runs also in MRI 1.9.2 and above
892
+
893
+ This is a large release due to the longevity of the 1.1.0 betas.
894
+ We don't like long releases and will try to avoid this in the future.
895
+
896
+ ## IMPORTANT CHANGES FOR UPGRADES FROM 1.0.x
897
+ - grok filter: named_captures_only now defaults to true
898
+ This means simple patterns %{NUMBER} without any other name will
899
+ now not be included in the field set. You can revert to the old
900
+ behavior by setting 'named_captures_only => false' in your grok
901
+ filter config.
902
+ - grok filter: now uses Ruby's regular expression engine
903
+ The previous engine was PCRE. It is now Oniguruma (Ruby). Their
904
+ syntaxes are quite similar, but it is something to be aware of.
905
+ - elasticsearch library upgraded to 0.18.7
906
+ This means you will need to upgrade your elasticsearch servers,
907
+ if any, to the this version: 0.18.7
908
+ - AMQP parameters and usage have changed for the better. You might
909
+ find that your old (1.0.x) AMQP logstash configs do not work.
910
+ If so, please consult the documentation for that plugin to find
911
+ the new names of the parameters.
912
+
913
+ ## general
914
+ - feature: [LOGSTASH-158] - MRI-1.9 compatible (except for some
915
+ plugins/functions which will throw a compatibility exception) This means
916
+ you can use most of the logstash agent under standard ruby.
917
+ - feature: [LOGSTASH-118] - logstash version output (--version or -V for
918
+ agent)
919
+ - feature: all plugins now have a 'plugin status' indicating the expectation
920
+ of stability, successful deployment, and rate of code change. If you
921
+ use an unstable plugin, you will now see a warning message on startup.
922
+ - bugfix: AMQP overhaul (input & output), please see docs for updated
923
+ config parameters.
924
+ - bugfix: [LOGSTASH-162,177,196] make sure plugin-contained global actions
925
+ happen serially across all plugins (with a mutex)
926
+ - bugfix: [LOGSTASH-286] - logstash agent should not truncate logfile on
927
+ startup
928
+ - misc: [LOGSTASH-160] - now use gnu make instead of rake.
929
+ - misc: now using cabin library for all internal logging
930
+ - test: use minitest
931
+ - upgrade: now using jruby in 1.9 mode
932
+
933
+ ## inputs
934
+ - feature: zeromq input. Requires you have libzmq installed on your system.
935
+ - feature, bugfix: [LOGSTASH-40,65,234,296]: much smarter file watching for
936
+ file inputs. now supports globs, keeps state between runs, can handle
937
+ truncate, log rotation, etc. no more inotify is required, either (file
938
+ input now works on all platforms)
939
+ - feature: [LOGSTASH-172,201] - syslog input accepts ISO8601 timestamps
940
+ - feature: [LOGSTASH-159] - TCP input lets you configure what identifies
941
+ an input stream to the multiline filter (unique per host, or connection)
942
+ - feature: [LOGSTASH-168] - add new GELF input plugin
943
+ - bugfix: [LOGSTASH-8,233] - fix stomp input
944
+ - bugfix: [LOGSTASH-136,142] - file input should behave better with log rotations
945
+ - bugfix: [LOGSTASH-249] - Input syslog force facility type to be an integer
946
+ - bugfix: [LOGSTASH-317] - fix file input not to crash when a file
947
+ is unreadable
948
+
949
+ ## filters
950
+ - feature: [LOGSTASH-66,150]: libgrok re-written in pure ruby (no more
951
+ FFI / external libgrok.so dependency!)
952
+ - feature: [LOGSTASH-292,316] - Filters should run on all events if no condition
953
+ is applied (type, etc).
954
+ - feature: [LOGSTASH-292,316] - Filters can now act on specific tags (or sets
955
+ of tags).
956
+ - bugfix: [LOGSTASH-285] - for grok, add 'keep_empty_captures' setting to
957
+ allow dropping of empty captures. This is true by default.
958
+ - feature: [LOGSTASH-219] - support parsing unix epoch times
959
+ - feature: [LOGSTASH-207] - new filter to parse a field as json merging it
960
+ into the event.
961
+ - feature: [LOGSTASH-267,254] - add DNS filter for doing forward or
962
+ reverse DNS on an event field
963
+ - feature: [LOGSTASH-57] - add mutate filter to help with manipulating
964
+ event field content and type
965
+
966
+ ## outputs
967
+ - feature: zeromq output. Requires you have libzmq installed on your system.
968
+ - feature: new file output plugin
969
+ - bugfix: [LOGSTASH-307] embedded elasticsearch now acts as a full ES server;
970
+ previously embedded was only accessible from within the logstash process.
971
+ - bugfix: [LOGSTASH-302] - logstash's log level (-v, -vv flags) now control
972
+ the log output from the elasticsearch client via log4j.
973
+ - bugfix: many gelf output enhancements and bugfixes
974
+ - feature: [LOGSTASH-281] - add https support to loggly output
975
+ - bugfix: [LOGSTASH-167] - limit number of in-flight requests to the
976
+ elasticsearch node to avoid creating too many threads (one thread per
977
+ pending write request)
978
+ - bugfix: [LOGSTASH-181] - output/statsd: set sender properly
979
+ - bugfix: [LOGSTASH-173] - GELF output can throw an exception during gelf notify
980
+ - bugfix: [LOGSTASH-182] - grep filter should act on all events if no type is
981
+ specified.
982
+ - bugfix: [LOGSTASH-309] - file output can now write to named pipes (fifo)
983
+
984
+
985
+ 1.0.17 (Aug 12, 2011)
986
+ - Bugs fixed
987
+ - [LOGSTASH-147] - grok filter incorrectly adding fields when a match failed
988
+ - [LOGSTASH-151] - Fix bug in routing keys on AMQP
989
+ - [LOGSTASH-156] - amqp issue with 1.0.16?
990
+
991
+ - Improvement
992
+ - [LOGSTASH-148] - AMQP input should allow queue name to be specified separately from exchange name
993
+ - [LOGSTASH-157] - Plugin doc generator should make regexp config names more readable
994
+
995
+ - New Feature
996
+ - [LOGSTASH-153] - syslog input: make timestamp an optional field
997
+ - [LOGSTASH-154] - Make error reporting show up in the web UI
998
+
999
+ 1.0.16 (Aug 18, 2011)
1000
+ - Fix elasticsearch client problem with 1.0.15 - jruby-elasticsearch gem
1001
+ version required is now 0.0.10 (to work with elasticsearch 0.17.6)
1002
+
1003
+ 1.0.15 (Aug 18, 2011)
1004
+ - IMPORTANT: Upgraded to ElasticSearch 0.17.6 - this brings a number of bug
1005
+ fixes including an OOM error caused during high index rates in some
1006
+ conditions.
1007
+ NOTE: You *must* use same main version of elasticsearch as logstash does,
1008
+ so if you are still using elasticsearch server 0.16.x - you need to upgrade
1009
+ your server before the elasticsearch output will work. If you are using
1010
+ the 'embedded' elasticsearch feature of logstash, you do not need to make
1011
+ any changes.
1012
+ - feature: tcp input and output plugins can now operate in either client
1013
+ (connect) or server (listen) modes.
1014
+ - feature: new output plugin "statsd" which lets you increment or record
1015
+ timings from your logs to a statsd agent
1016
+ - feature: new redis 'pattern_channel' input support for PSUBSCRIBE
1017
+ - feature: new output plugin "graphite" for taking metrics from events and
1018
+ shipping them off to your graphite/carbon server.
1019
+ - feature: new output plugin "ganglia" for shipping metrics to ganglia
1020
+ gmond server.
1021
+ - feature: new output plugin "xmpp" for shipping events over jabber/xmpp
1022
+ - feature: new input plugin "xmpp" for receiving events over jabber/xmpp
1023
+ - feature: amqp input now supports routing keys.
1024
+ https://logstash.jira.com/browse/LOGSTASH-122
1025
+ - feature: amqp output now supports setting routing key dynamically.
1026
+ https://logstash.jira.com/browse/LOGSTASH-122
1027
+ - feature: amqp input/output both now support SSL.
1028
+ https://logstash.jira.com/browse/LOGSTASH-131
1029
+ - feature: new input plugin "exec" for taking events from executed commands
1030
+ like shell scripts or other tools.
1031
+ - feature: new filter plugin "split" for splitting one event into multiple.
1032
+ It was written primarily for the new "exec" input to allow you to split
1033
+ the output of a single command run by line into multiple events.
1034
+ - misc: upgraded jar releases to use JRuby 1.6.3
1035
+ - bugfix: syslog input shouldn't crash anymore on weird network behaviors
1036
+ like portscanning, etc.
1037
+ https://logstash.jira.com/browse/LOGSTASH-130
1038
+
1039
+ 1.0.14 (Jul 1, 2011)
1040
+ - feature: new output plugin "loggly" which lets you ship logs to loggly.com
1041
+ - feature: new output plugin "zabbix" - similar to the nagios output, but
1042
+ works with the Zabbix monitoring system. Contributed by Johan at
1043
+ Mach Technology.
1044
+ - feature: New agent '-e' flag which lets you specify a config in a string.
1045
+ If you specify no 'input' plugins, default is stdin { type => stdin }
1046
+ If you specify no 'output' plugins, default is stdout { debug => true }
1047
+ This is intended to be used for hacking with or debugging filters, but
1048
+ you can specify an entire config here if you choose.
1049
+ - feature: Agent '-f' flag now supports directories and globs. If you specify
1050
+ a directory, all files in that directory will be loaded as a single config.
1051
+ If you specify a glob, all files matching that glob will be loaded as a
1052
+ single config.
1053
+ - feature: gelf output now allows you to override the 'sender'. This defaults
1054
+ to the source host originating the event, but can be set to anything now.
1055
+ It supports dynamic values, so you can use fields from your event as the
1056
+ sender. Contributed by John Vincent
1057
+ Issue: https://github.com/logstash/logstash/pull/30
1058
+ - feature: added new feature to libgrok that allows you to define patterns
1059
+ in-line, like "%{FOO=\d+}" defines 'FOO' match \d+ and captures as such.
1060
+ To use this new feature, you must upgrade libgrok to at least 1.20110630
1061
+ Issue: https://logstash.jira.com/browse/LOGSTASH-94
1062
+ - feature: grok filter now supports 'break_on_match' defaulting to true
1063
+ (this was the original behavior). If you set it to false, it will attempt
1064
+ to match all patterns and create new fields as normal. If left default
1065
+ (true), it will break after the first successful match.
1066
+ - feature: grok filter now supports parsing any field. You can do either of
1067
+ these: grok { match => [ "fieldname", "pattern" ] }
1068
+ or this: grok { fieldname => "pattern" }
1069
+ The older 'pattern' attribute still means the same thing, and is equivalent
1070
+ to this: grok { match => [ "@message", "pattern" ] }
1071
+ Issue: https://logstash.jira.com/browse/LOGSTASH-101
1072
+ - feature: elasticsearch - when embedded is true, you can now set the
1073
+ 'embedded_http_port' to configure which port the embedded elasticsearch
1074
+ server listens on. This is only valid for the embedded elasticsearch
1075
+ configuration. https://logstash.jira.com/browse/LOGSTASH-117
1076
+ - bugfix: amqp input now reconnects properly when the amqp broker restarts.
1077
+ - bugfix: Fix bug in gelf output when a fields were not arrays but numbers.
1078
+ Issue: https://logstash.jira.com/browse/LOGSTASH-113
1079
+ - bugfix: Fix a bug in syslog udp input due to misfeatures in Ruby's URI
1080
+ class. https://logstash.jira.com/browse/LOGSTASH-115
1081
+ - misc: jquery and jquery ui now ship with logstash; previously they were
1082
+ loaded externally
1083
+ - testing: fixed some bugs in the elasticsearch test itself, all green now.
1084
+ - testing: fixed logstash-test to now run properly
1085
+
1086
+ 1.0.12 (Jun 9, 2011)
1087
+ - misc: clean up some excess debugging output
1088
+ - feature: for tcp input, allow 'data_timeout => -1' to mean "never time out"
1089
+
1090
+ 1.0.11 (Jun 9, 2011)
1091
+ - deprecated: The redis 'name' and 'queue' options for both input and output
1092
+ are now deprecated. They will be removed in a future version.
1093
+ - feature: The redis input and output now supports both lists and channels.
1094
+ - feature: Refactor runner to allow you to run multiple things in a single
1095
+ process. You can end each instance with '--' flag. For example, to run one
1096
+ agent and one web instance:
1097
+ % java -jar logstash-blah.jar agent -f myconfig -- web
1098
+ - feature: Add 'embedded' option to the elasticsearch output:
1099
+ elasticsearch { embedded => true }
1100
+ Default is false. If true, logstash will run an elasticsearch server
1101
+ in the same process as logstash. This is really useful if you are just
1102
+ starting out or only need one one elasticsearch server.
1103
+ - feature: Added a logstash web backend feature for elasticsearch that tells
1104
+ logstash to use the 'local' (in process) elasticsearch:
1105
+ --backend elasticsearch:///?local
1106
+ - feature: Added 'named_captures_only' option to grok filter. This will have
1107
+ logstash only keep the captures you give names to - for example %{NUMBER}
1108
+ won't be kept, but %{NUMBER:bytes} will be.
1109
+ - feature: Add 'bind_host' option to elasticsearch output. This lets you choose the
1110
+ address ElasticSearch client uses to bind to - useful if you have a
1111
+ multihomed server.
1112
+ - feature: The mongodb output now supports authentication
1113
+ - bugfix: Fix bug in GELF output that caused the gelf short_message to be set as an
1114
+ array if it came from a grok value. The short_message field should only
1115
+ now be a string properly.
1116
+ - bugfix: Fix bug in grep filter that would drop/cancel events if you had
1117
+ more than one event type flowing through filters and didn't have a grep
1118
+ filter defined for each type.
1119
+ - misc: Updated gem dependencies (tests still pass)
1120
+ - misc: With the above two points, you can now run a single logstash process
1121
+ that includes elasticsearch server, logstash agent, and logstash web.
1122
+
1123
+ 1.0.10 (May 23, 2011)
1124
+ - Fix tcp input bug (LOGSTASH-88) that would drop connections.
1125
+ - Grok patterns_dir (filter config) and --grok-patterns-dir (cmdline opt)
1126
+ are now working.
1127
+ - GELF output now properly sends extra fields from the log event (prefixed
1128
+ with a "_") and sets timestamp to seconds-since-epoch (millisecond
1129
+ precision and time zone information is lost, but this is the format GELF
1130
+ asks for).
1131
+ - Inputs support specifying the format of input data (see "format" and
1132
+ "message_format" input config parameters).
1133
+ - Grok filter no longer incorrectly tags _grokparsefailure when more than
1134
+ one grok filter is enabled (for multiple types) or when an event has
1135
+ no grok configuration for it's type.
1136
+ - Fix bug where an invalid HTTP Referer: would break grok parsing of the
1137
+ log line (used to expect %{URI}). Since Referer: is not sanitized in
1138
+ the HTTP layer, we cannot assume it will be a well formed %{URI}.
1139
+
1140
+ 1.0.9 (May 18, 2011)
1141
+ - Fix crash bug caused by refactoring that left 'break' calls in code
1142
+ that no longer used loops.
1143
+
1144
+ 1.0.8 (May 17, 2011)
1145
+ - Remove beanstalk support because the library (beanstalk-client) is GPL3. I
1146
+ am not a lawyer, but I'm not waiting around to have someone complain about
1147
+ license incompatibilities.
1148
+ - fix bug in jar build
1149
+
1150
+ 1.0.7 (May 16, 2011)
1151
+ - logstash 'web' now allows you to specify the elasticsearch clustername;
1152
+ --backend elasticsearch://[host[:port]]/[clustername]
1153
+ - GELF output now supports dynamic strings for level and facility
1154
+ https://logstash.jira.com/browse/LOGSTASH-83
1155
+ - 'amqp' output supports persistent messages over AMQP, now. Tunable.
1156
+ https://logstash.jira.com/browse/LOGSTASH-81
1157
+ - Redis input and output are now supported. (Contributed by dokipen)
1158
+ - Add shutdown processing. Shutdown starts when all inputs finish (like
1159
+ stdin) The sequence progresses using the same pipeline as the
1160
+ inputs/filters/outputs, so all in-flight events should finish getting
1161
+ processed before the final shutdown event makes it's way to the outputs.
1162
+ - Add retries to unhandled input exceptions (LOGSTASH-84)
1163
+
1164
+ 1.0.6 (May 11, 2011)
1165
+ * Remove 'sigar' from monolithic jar packaging. This removes a boatload of
1166
+ unnecessary warning messages on startup whenever you use elasticsearch
1167
+ output or logstash-web.
1168
+ Issue: https://logstash.jira.com/browse/LOGSTASH-79
1169
+
1170
+ 1.0.5 (May 10, 2011)
1171
+ * fix queues when durable is set to true
1172
+
1173
+ 1.0.4 (May 9, 2011)
1174
+ * Fix bugs in syslog input
1175
+
1176
+ 1.0.2 (May 8, 2011)
1177
+ * Fix default-value handling for configs when the validation type is
1178
+ 'password'
1179
+
1180
+ 1.0.1 (May 7, 2011)
1181
+ * Fix password auth for amqp and stomp (Reported by Luke Macken)
1182
+ * Fix default elasticsearch target for logstash-web (Reported by Donald Gordon)
1183
+
1184
+ 1.0.0 (May 6, 2011)
1185
+ * First major release.