RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/checksum.rb ADDED

@@ -0,0 +1,50 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "yaml"
+# This filter let's you create a checksum based on various parts
+# of the logstash event.
+# This can be useful for deduplication of messages or simply to provide
+# a custom unique identifier.
+#
+# This is VERY experimental and is largely a proof-of-concept
+class LogStash::Filters::Checksum < LogStash::Filters::Base
+  config_name "checksum"
+  milestone 1
+  ALGORITHMS = ["md5", "sha", "sha1", "sha256", "sha384",]
+  # A list of keys to use in creating the string to checksum
+  # Keys will be sorted before building the string
+  # keys and values will then be concatenated with pipe delimeters
+  # and checksummed
+  config :keys, :validate => :array, :default => ["message", "@timestamp", "type"]
+  config :algorithm, :validate => ALGORITHMS, :default => "sha256"
+  public
+  def register
+    require 'openssl'
+    @to_checksum = ""
+  end
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running checksum filter", :event => event)
+    @keys.sort.each do |k|
+      @logger.debug("Adding key to string", :current_key => k)
+      @to_checksum << "|#{k}|#{event[k]}"
+    end
+    @to_checksum << "|"
+    @logger.debug("Final string built", :to_checksum => @to_checksum)
+    digested_string = OpenSSL::Digest.hexdigest(@algorithm, @to_checksum)
+    @logger.debug("Digested string", :digested_string => digested_string)
+    event['logstash_checksum'] = digested_string
+  end
+end # class LogStash::Filters::Checksum

data/lib/logstash/filters/cidr.rb ADDED

@@ -0,0 +1,76 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "ipaddr"
+# The CIDR filter is for checking IP addresses in events against a list of
+# network blocks that might contain it. Multiple addresses can be checked
+# against multiple networks, any match succeeds. Upon success additional tags
+# and/or fields can be added to the event.
+class LogStash::Filters::CIDR < LogStash::Filters::Base
+  config_name "cidr"
+  milestone 1
+  # The IP address(es) to check with. Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         add_tag => [ "testnet" ]
+  #         address => [ "%{src_ip}", "%{dst_ip}" ]
+  #         network => [ "192.0.2.0/24" ]
+  #       }
+  #     }
+  config :address, :validate => :array, :default => []
+  # The IP network(s) to check against. Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         add_tag => [ "linklocal" ]
+  #         address => [ "%{clientip}" ]
+  #         network => [ "169.254.0.0/16", "fe80::/64" ]
+  #       }
+  #     }
+  config :network, :validate => :array, :default => []
+  public
+  def register
+    # Nothing
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    address = @address.collect do |a|
+      begin
+        IPAddr.new(event.sprintf(a))
+      rescue ArgumentError => e
+        @logger.warn("Invalid IP address, skipping", :address => a, :event => event)
+        nil
+      end
+    end
+    address.compact!
+    network = @network.collect do |n|
+      begin
+        IPAddr.new(event.sprintf(n))
+      rescue ArgumentError => e
+        @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
+        nil
+      end
+    end
+    network.compact!
+    # Try every combination of address and network, first match wins
+    address.product(network).each do |a, n|
+      @logger.debug("Checking IP inclusion", :address => a, :network => n)
+      if n.include?(a)
+        filter_matched(event)
+        return
+      end
+    end
+  end # def filter
+end # class LogStash::Filters::CIDR

data/lib/logstash/filters/cipher.rb ADDED

@@ -0,0 +1,145 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# This filter parses a source and apply a cipher or decipher before
+# storing it in the target.
+#
+class LogStash::Filters::Cipher < LogStash::Filters::Base
+  config_name "cipher"
+  milestone 1
+  # The field to perform filter
+  #
+  # Example, to use the @message field (default) :
+  #
+  #     filter { cipher { source => "message" } }
+  config :source, :validate => :string, :default => "message"
+  # The name of the container to put the result
+  #
+  # Example, to place the result into crypt :
+  #
+  #     filter { cipher { target => "crypt" } }
+  config :target, :validate => :string, :default => "message"
+  # Do we have to perform a base64 decode or encode?
+  #
+  # If we are decrypting, base64 decode will be done before.
+  # If we are encrypting, base64 will be done after.
+  #
+  config :base64, :validate => :boolean, :default => true
+  # The key to use
+  config :key, :validate => :string
+  # The key size to pad
+  #
+  # It depends of the cipher algorythm.I your key don't need
+  # padding, don't set this parameter
+  #
+  # Example, for AES-256, we must have 32 char long key
+  #     filter { cipher { key_size => 32 }
+  #
+  config :key_size, :validate => :number, :default => 32
+  # The character used to pad the key
+  config :key_pad, :default => "\0"
+  # The cipher algorythm
+  #
+  # A list of supported algorithms can be obtained by
+  #
+  #     puts OpenSSL::Cipher.ciphers
+  config :algorithm, :validate => :string, :required => true
+  # Encrypting or decrypting some data
+  #
+  # Valid values are encrypt or decrypt
+  config :mode, :validate => :string, :required => true
+  # Cypher padding to use. Enables or disables padding.
+  #
+  # By default encryption operations are padded using standard block padding
+  # and the padding is checked and removed when decrypting. If the pad
+  # parameter is zero then no padding is performed, the total amount of data
+  # encrypted or decrypted must then be a multiple of the block size or an
+  # error will occur.
+  #
+  # See EVP_CIPHER_CTX_set_padding for further information.
+  #
+  # We are using Openssl jRuby which uses default padding to PKCS5Padding
+  # If you want to change it, set this parameter. If you want to disable
+  # it, Set this parameter to 0
+  #     filter { cipher { padding => 0 }}
+  config :cipher_padding, :validate => :string
+  # The initialization vector to use
+  #
+  # The cipher modes CBC, CFB, OFB and CTR all need an "initialization
+  # vector", or short, IV. ECB mode is the only mode that does not require
+  # an IV, but there is almost no legitimate use case for this mode
+  # because of the fact that it does not sufficiently hide plaintext patterns.
+  config :iv, :validate => :string
+  def register
+    require 'base64' if @base64
+    init_cipher
+  end # def register
+  def filter(event)
+    return unless filter?(event)
+    #If decrypt or encrypt fails, we keep it it intact.
+    begin
+      #@logger.debug("Event to filter", :event => event)
+      data = event[@source]
+      if @mode == "decrypt"
+        data =  Base64.decode64(data) if @base64 == true
+      end
+      result = @cipher.update(data) + @cipher.final
+      if @mode == "encrypt"
+        data =  Base64.encode64(data) if @base64 == true
+      end
+    rescue => e
+      @logger.warn("Exception catch on cipher filter", :event => event, :error => e)
+    else
+      event[@target]= result
+      #Is it necessary to add 'if !result.nil?' ? exception have been already catched.
+      #In doubt, I keep it.
+      filter_matched(event) if !result.nil?
+      #Too much bad result can be a problem, reinit cipher prevent this.
+      init_cipher
+    end
+  end # def filter
+  def init_cipher
+    @cipher = OpenSSL::Cipher.new(@algorithm)
+    if @mode == "encrypt"
+      @cipher.encrypt
+    elsif @mode == "decrypt"
+      @cipher.decrypt
+    else
+      @logger.error("Invalid cipher mode. Valid values are \"encrypt\" or \"decrypt\"", :mode => @mode)
+      raise "Bad configuration, aborting."
+    end
+    if @key.length != @key_size
+      @logger.debug("key length is " + @key.length.to_s + ", padding it to " + @key_size.to_s + " with '" + @key_pad.to_s + "'")
+      @key = @key[0,@key_size].ljust(@key_size,@key_pad)
+    end
+    @cipher.key = @key
+    @cipher.iv = @iv if @iv
+    @cipher.padding = @cipher_padding if @cipher_padding
+    @logger.debug("Cipher initialisation done", :mode => @mode, :key => @key, :iv => @iv, :cipher_padding => @cipher_padding)
+  end # def init_cipher
+end # class LogStash::Filters::Cipher

data/lib/logstash/filters/clone.rb ADDED

@@ -0,0 +1,35 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The clone filter is for duplicating events.
+# A clone will be made for each type in the clone list.
+# The original event is left unchanged.
+class LogStash::Filters::Clone < LogStash::Filters::Base
+  config_name "clone"
+  milestone 2
+  # A new clone will be created with the given type for each type in this list.
+  config :clones, :validate => :array, :default => []
+  public
+  def register
+    # Nothing to do
+  end
+  public
+  def filter(event)
+    return unless filter?(event)
+    @clones.each do |type|
+      clone = event.clone
+      clone["type"] = type
+      filter_matched(clone)
+      @logger.debug("Cloned event", :clone => clone, :event => event)
+      # Push this new event onto the stack at the LogStash::FilterWorker
+      yield clone
+    end
+  end
+end # class LogStash::Filters::Clone

data/lib/logstash/filters/collate.rb ADDED

@@ -0,0 +1,114 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Collate events by time or count.
+#
+# The original goal of this filter was to merge the logs from different sources
+# by the time of log, for example, in real-time log collection, logs can be
+# collated by amount of 3000 logs or can be collated in 30 seconds.
+#
+# The config looks like this:
+#
+#     filter {
+#       collate {
+#         size => 3000
+#         interval => "30s"
+#         order => "ascending"
+#       }
+#     }
+class LogStash::Filters::Collate < LogStash::Filters::Base
+  config_name "collate"
+  milestone 1
+  # How many logs should be collated.
+  config :count, :validate => :number, :default => 1000
+  # The 'interval' is the time window which how long the logs should be collated. (default 1m)
+  config :interval, :validate => :string, :default => "1m"
+  # The 'order' collated events should appear in.
+  config :order, :validate => ["ascending", "descending"], :default => "ascending"
+  public
+  def register
+    require "thread"
+    require "rufus/scheduler"
+    @mutex = Mutex.new
+    @collatingDone = false
+    @collatingArray = Array.new
+    @scheduler = Rufus::Scheduler.start_new
+    @job = @scheduler.every @interval do
+      @logger.info("Scheduler Activated")
+      @mutex.synchronize{
+        collate
+      }
+    end
+  end # def register
+  public
+  def filter(event)
+    @logger.info("do collate filter")
+    if event == LogStash::SHUTDOWN
+      @job.trigger()
+      @job.unschedule()
+      @logger.info("collate filter thread shutdown.")
+      return
+    end
+    # if the event is collated, a "collated" tag will be marked, so for those uncollated event, cancel them first.
+    if event["tags"].nil? || !event.tags.include?("collated")
+      event.cancel
+    else
+      return
+    end
+    @mutex.synchronize{
+      @collatingArray.push(event.clone)
+      if (@collatingArray.length == @count)
+        collate
+      end
+      if (@collatingDone)
+        while collatedEvent = @collatingArray.pop
+          collatedEvent["tags"] = Array.new if collatedEvent["tags"].nil?
+          collatedEvent["tags"] << "collated"
+          filter_matched(collatedEvent)
+          yield collatedEvent
+        end # while @collatingArray.pop
+        # reset collatingDone flag
+        @collatingDone = false
+      end
+    }
+  end # def filter
+  private
+  def collate
+    if (@order == "ascending")
+      @collatingArray.sort! { |eventA, eventB| eventB.timestamp <=> eventA.timestamp }
+    else
+      @collatingArray.sort! { |eventA, eventB| eventA.timestamp <=> eventB.timestamp }
+    end
+    @collatingDone = true
+  end # def collate
+  # Flush any pending messages.
+  public
+  def flush
+    events = []
+    if (@collatingDone)
+      @mutex.synchronize{
+        while collatedEvent = @collatingArray.pop
+          collatedEvent["tags"] << "collated"
+          events << collatedEvent
+        end # while @collatingArray.pop
+      }
+      # reset collatingDone flag.
+      @collatingDone = false
+    end
+    return events
+  end # def flush
+end #

data/lib/logstash/filters/csv.rb ADDED

@@ -0,0 +1,94 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "csv"
+# CSV filter. Takes an event field containing CSV data, parses it,
+# and stores it as individual fields (can optionally specify the names).
+class LogStash::Filters::CSV < LogStash::Filters::Base
+  config_name "csv"
+  milestone 2
+  # The CSV data in the value of the source field will be expanded into a
+  # datastructure.
+  config :source, :validate => :string, :default => "message"
+  # Define a list of column names (in the order they appear in the CSV,
+  # as if it were a header line). If this is not specified or there
+  # are not enough columns specified, the default column name is "columnX"
+  # (where X is the field number, starting from 1).
+  config :columns, :validate => :array, :default => []
+  # Define the column separator value. If this is not specified the default
+  # is a comma ','.
+  # Optional.
+  config :separator, :validate => :string, :default => ","
+  # Define the character used to quote CSV fields. If this is not specified
+  # the default is a double quote '"'.
+  # Optional.
+  config :quote_char, :validate => :string, :default => '"'
+  # Define target for placing the data.
+  # Defaults to writing to the root of the event.
+  config :target, :validate => :string
+  public
+  def register
+    # Nothing to do here
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running csv filter", :event => event)
+    matches = 0
+    if event[@source]
+      if event[@source].is_a?(String)
+        event[@source] = [event[@source]]
+      end
+      if event[@source].length > 1
+        @logger.warn("csv filter only works on fields of length 1",
+                     :source => @source, :value => event[@source],
+                     :event => event)
+        return
+      end
+      raw = event[@source].first
+      begin
+        values = CSV.parse_line(raw, :col_sep => @separator, :quote_char => @quote_char)
+        if @target.nil?
+          # Default is to write to the root of the event.
+          dest = event
+        else
+          dest = event[@target] ||= {}
+        end
+        values.each_index do |i|
+          field_name = @columns[i] || "column#{i+1}"
+          dest[field_name] = values[i]
+        end
+        filter_matched(event)
+      rescue => e
+        event.tag "_csvparsefailure"
+        @logger.warn("Trouble parsing csv", :source => @source, :raw => raw,
+                      :exception => e)
+        return
+      end # begin
+    end # if event
+    @logger.debug("Event after csv filter", :event => event)
+  end # def filter
+end # class LogStash::Filters::Csv