RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/checksum.rb ADDED

@@ -0,0 +1,50 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "yaml"
+# This filter let's you create a checksum based on various parts
+# of the logstash event.
+# This can be useful for deduplication of messages or simply to provide
+# a custom unique identifier.
+#
+# This is VERY experimental and is largely a proof-of-concept
+class LogStash::Filters::Checksum < LogStash::Filters::Base
+  config_name "checksum"
+  milestone 1
+  ALGORITHMS = ["md5", "sha", "sha1", "sha256", "sha384",]
+  # A list of keys to use in creating the string to checksum
+  # Keys will be sorted before building the string
+  # keys and values will then be concatenated with pipe delimeters
+  # and checksummed
+  config :keys, :validate => :array, :default => ["message", "@timestamp", "type"]
+  config :algorithm, :validate => ALGORITHMS, :default => "sha256"
+  public
+  def register
+    require 'openssl'
+    @to_checksum = ""
+  end
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running checksum filter", :event => event)
+    @keys.sort.each do |k|
+      @logger.debug("Adding key to string", :current_key => k)
+      @to_checksum << "|#{k}|#{event[k]}"
+    end
+    @to_checksum << "|"
+    @logger.debug("Final string built", :to_checksum => @to_checksum)
+    digested_string = OpenSSL::Digest.hexdigest(@algorithm, @to_checksum)
+    @logger.debug("Digested string", :digested_string => digested_string)
+    event['logstash_checksum'] = digested_string
+  end
+end # class LogStash::Filters::Checksum

data/lib/logstash/filters/cidr.rb ADDED

@@ -0,0 +1,76 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "ipaddr"
+# The CIDR filter is for checking IP addresses in events against a list of
+# network blocks that might contain it. Multiple addresses can be checked
+# against multiple networks, any match succeeds. Upon success additional tags
+# and/or fields can be added to the event.
+class LogStash::Filters::CIDR < LogStash::Filters::Base
+  config_name "cidr"
+  milestone 1
+  # The IP address(es) to check with. Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         add_tag => [ "testnet" ]
+  #         address => [ "%{src_ip}", "%{dst_ip}" ]
+  #         network => [ "192.0.2.0/24" ]
+  #       }
+  #     }
+  config :address, :validate => :array, :default => []
+  # The IP network(s) to check against. Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         add_tag => [ "linklocal" ]
+  #         address => [ "%{clientip}" ]
+  #         network => [ "169.254.0.0/16", "fe80::/64" ]
+  #       }
+  #     }
+  config :network, :validate => :array, :default => []
+  public
+  def register
+    # Nothing
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    address = @address.collect do |a|
+      begin
+        IPAddr.new(event.sprintf(a))
+      rescue ArgumentError => e
+        @logger.warn("Invalid IP address, skipping", :address => a, :event => event)
+        nil
+      end
+    end
+    address.compact!
+    network = @network.collect do |n|
+      begin
+        IPAddr.new(event.sprintf(n))
+      rescue ArgumentError => e
+        @logger.warn("Invalid IP network, skipping", :network => n, :event => event)
+        nil
+      end
+    end
+    network.compact!
+    # Try every combination of address and network, first match wins
+    address.product(network).each do |a, n|
+      @logger.debug("Checking IP inclusion", :address => a, :network => n)
+      if n.include?(a)
+        filter_matched(event)
+        return
+      end
+    end
+  end # def filter
+end # class LogStash::Filters::CIDR

data/lib/logstash/filters/cipher.rb ADDED

@@ -0,0 +1,145 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# This filter parses a source and apply a cipher or decipher before
+# storing it in the target.
+#
+class LogStash::Filters::Cipher < LogStash::Filters::Base
+  config_name "cipher"
+  milestone 1
+  # The field to perform filter
+  #
+  # Example, to use the @message field (default) :
+  #
+  #     filter { cipher { source => "message" } }
+  config :source, :validate => :string, :default => "message"
+  # The name of the container to put the result
+  #
+  # Example, to place the result into crypt :
+  #
+  #     filter { cipher { target => "crypt" } }
+  config :target, :validate => :string, :default => "message"
+  # Do we have to perform a base64 decode or encode?
+  #
+  # If we are decrypting, base64 decode will be done before.
+  # If we are encrypting, base64 will be done after.
+  #
+  config :base64, :validate => :boolean, :default => true
+  # The key to use
+  config :key, :validate => :string
+  # The key size to pad
+  #
+  # It depends of the cipher algorythm.I your key don't need
+  # padding, don't set this parameter
+  #
+  # Example, for AES-256, we must have 32 char long key
+  #     filter { cipher { key_size => 32 }
+  #
+  config :key_size, :validate => :number, :default => 32
+  # The character used to pad the key
+  config :key_pad, :default => "\0"
+  # The cipher algorythm
+  #
+  # A list of supported algorithms can be obtained by
+  #
+  #     puts OpenSSL::Cipher.ciphers
+  config :algorithm, :validate => :string, :required => true
+  # Encrypting or decrypting some data
+  #
+  # Valid values are encrypt or decrypt
+  config :mode, :validate => :string, :required => true
+  # Cypher padding to use. Enables or disables padding.
+  #
+  # By default encryption operations are padded using standard block padding
+  # and the padding is checked and removed when decrypting. If the pad
+  # parameter is zero then no padding is performed, the total amount of data
+  # encrypted or decrypted must then be a multiple of the block size or an
+  # error will occur.
+  #
+  # See EVP_CIPHER_CTX_set_padding for further information.
+  #
+  # We are using Openssl jRuby which uses default padding to PKCS5Padding
+  # If you want to change it, set this parameter. If you want to disable
+  # it, Set this parameter to 0
+  #     filter { cipher { padding => 0 }}
+  config :cipher_padding, :validate => :string
+  # The initialization vector to use
+  #
+  # The cipher modes CBC, CFB, OFB and CTR all need an "initialization
+  # vector", or short, IV. ECB mode is the only mode that does not require
+  # an IV, but there is almost no legitimate use case for this mode
+  # because of the fact that it does not sufficiently hide plaintext patterns.
+  config :iv, :validate => :string
+  def register
+    require 'base64' if @base64
+    init_cipher
+  end # def register
+  def filter(event)
+    return unless filter?(event)
+    #If decrypt or encrypt fails, we keep it it intact.
+    begin
+      #@logger.debug("Event to filter", :event => event)
+      data = event[@source]
+      if @mode == "decrypt"
+        data =  Base64.decode64(data) if @base64 == true
+      end
+      result = @cipher.update(data) + @cipher.final
+      if @mode == "encrypt"
+        data =  Base64.encode64(data) if @base64 == true
+      end
+    rescue => e
+      @logger.warn("Exception catch on cipher filter", :event => event, :error => e)
+    else
+      event[@target]= result
+      #Is it necessary to add 'if !result.nil?' ? exception have been already catched.
+      #In doubt, I keep it.
+      filter_matched(event) if !result.nil?
+      #Too much bad result can be a problem, reinit cipher prevent this.
+      init_cipher
+    end
+  end # def filter
+  def init_cipher
+    @cipher = OpenSSL::Cipher.new(@algorithm)
+    if @mode == "encrypt"
+      @cipher.encrypt
+    elsif @mode == "decrypt"
+      @cipher.decrypt
+    else
+      @logger.error("Invalid cipher mode. Valid values are \"encrypt\" or \"decrypt\"", :mode => @mode)
+      raise "Bad configuration, aborting."
+    end
+    if @key.length != @key_size
+      @logger.debug("key length is " + @key.length.to_s + ", padding it to " + @key_size.to_s + " with '" + @key_pad.to_s + "'")
+      @key = @key[0,@key_size].ljust(@key_size,@key_pad)
+    end
+    @cipher.key = @key
+    @cipher.iv = @iv if @iv
+    @cipher.padding = @cipher_padding if @cipher_padding
+    @logger.debug("Cipher initialisation done", :mode => @mode, :key => @key, :iv => @iv, :cipher_padding => @cipher_padding)
+  end # def init_cipher
+end # class LogStash::Filters::Cipher

data/lib/logstash/filters/clone.rb ADDED

@@ -0,0 +1,35 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The clone filter is for duplicating events.
+# A clone will be made for each type in the clone list.
+# The original event is left unchanged.
+class LogStash::Filters::Clone < LogStash::Filters::Base
+  config_name "clone"
+  milestone 2
+  # A new clone will be created with the given type for each type in this list.
+  config :clones, :validate => :array, :default => []
+  public
+  def register
+    # Nothing to do
+  end
+  public
+  def filter(event)
+    return unless filter?(event)
+    @clones.each do |type|
+      clone = event.clone
+      clone["type"] = type
+      filter_matched(clone)
+      @logger.debug("Cloned event", :clone => clone, :event => event)
+      # Push this new event onto the stack at the LogStash::FilterWorker
+      yield clone
+    end
+  end
+end # class LogStash::Filters::Clone

data/lib/logstash/filters/collate.rb ADDED

@@ -0,0 +1,114 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Collate events by time or count.
+#
+# The original goal of this filter was to merge the logs from different sources
+# by the time of log, for example, in real-time log collection, logs can be
+# collated by amount of 3000 logs or can be collated in 30 seconds.
+#
+# The config looks like this:
+#
+#     filter {
+#       collate {
+#         size => 3000
+#         interval => "30s"
+#         order => "ascending"
+#       }
+#     }
+class LogStash::Filters::Collate < LogStash::Filters::Base
+  config_name "collate"
+  milestone 1
+  # How many logs should be collated.
+  config :count, :validate => :number, :default => 1000
+  # The 'interval' is the time window which how long the logs should be collated. (default 1m)
+  config :interval, :validate => :string, :default => "1m"
+  # The 'order' collated events should appear in.
+  config :order, :validate => ["ascending", "descending"], :default => "ascending"
+  public
+  def register
+    require "thread"
+    require "rufus/scheduler"
+    @mutex = Mutex.new
+    @collatingDone = false
+    @collatingArray = Array.new
+    @scheduler = Rufus::Scheduler.start_new
+    @job = @scheduler.every @interval do
+      @logger.info("Scheduler Activated")
+      @mutex.synchronize{
+        collate
+      }
+    end
+  end # def register
+  public
+  def filter(event)
+    @logger.info("do collate filter")
+    if event == LogStash::SHUTDOWN
+      @job.trigger()
+      @job.unschedule()
+      @logger.info("collate filter thread shutdown.")
+      return
+    end
+    # if the event is collated, a "collated" tag will be marked, so for those uncollated event, cancel them first.
+    if event["tags"].nil? || !event.tags.include?("collated")
+      event.cancel
+    else
+      return
+    end
+    @mutex.synchronize{
+      @collatingArray.push(event.clone)
+      if (@collatingArray.length == @count)
+        collate
+      end
+      if (@collatingDone)
+        while collatedEvent = @collatingArray.pop
+          collatedEvent["tags"] = Array.new if collatedEvent["tags"].nil?
+          collatedEvent["tags"] << "collated"
+          filter_matched(collatedEvent)
+          yield collatedEvent
+        end # while @collatingArray.pop
+        # reset collatingDone flag
+        @collatingDone = false
+      end
+    }
+  end # def filter
+  private
+  def collate
+    if (@order == "ascending")
+      @collatingArray.sort! { |eventA, eventB| eventB.timestamp <=> eventA.timestamp }
+    else
+      @collatingArray.sort! { |eventA, eventB| eventA.timestamp <=> eventB.timestamp }
+    end
+    @collatingDone = true
+  end # def collate
+  # Flush any pending messages.
+  public
+  def flush
+    events = []
+    if (@collatingDone)
+      @mutex.synchronize{
+        while collatedEvent = @collatingArray.pop
+          collatedEvent["tags"] << "collated"
+          events << collatedEvent
+        end # while @collatingArray.pop
+      }
+      # reset collatingDone flag.
+      @collatingDone = false
+    end
+    return events
+  end # def flush
+end #

data/lib/logstash/filters/csv.rb ADDED

@@ -0,0 +1,94 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "csv"
+# CSV filter. Takes an event field containing CSV data, parses it,
+# and stores it as individual fields (can optionally specify the names).
+class LogStash::Filters::CSV < LogStash::Filters::Base
+  config_name "csv"
+  milestone 2
+  # The CSV data in the value of the source field will be expanded into a
+  # datastructure.
+  config :source, :validate => :string, :default => "message"
+  # Define a list of column names (in the order they appear in the CSV,
+  # as if it were a header line). If this is not specified or there
+  # are not enough columns specified, the default column name is "columnX"
+  # (where X is the field number, starting from 1).
+  config :columns, :validate => :array, :default => []
+  # Define the column separator value. If this is not specified the default
+  # is a comma ','.
+  # Optional.
+  config :separator, :validate => :string, :default => ","
+  # Define the character used to quote CSV fields. If this is not specified
+  # the default is a double quote '"'.
+  # Optional.
+  config :quote_char, :validate => :string, :default => '"'
+  # Define target for placing the data.
+  # Defaults to writing to the root of the event.
+  config :target, :validate => :string
+  public
+  def register
+    # Nothing to do here
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running csv filter", :event => event)
+    matches = 0
+    if event[@source]
+      if event[@source].is_a?(String)
+        event[@source] = [event[@source]]
+      end
+      if event[@source].length > 1
+        @logger.warn("csv filter only works on fields of length 1",
+                     :source => @source, :value => event[@source],
+                     :event => event)
+        return
+      end
+      raw = event[@source].first
+      begin
+        values = CSV.parse_line(raw, :col_sep => @separator, :quote_char => @quote_char)
+        if @target.nil?
+          # Default is to write to the root of the event.
+          dest = event
+        else
+          dest = event[@target] ||= {}
+        end
+        values.each_index do |i|
+          field_name = @columns[i] || "column#{i+1}"
+          dest[field_name] = values[i]
+        end
+        filter_matched(event)
+      rescue => e
+        event.tag "_csvparsefailure"
+        @logger.warn("Trouble parsing csv", :source => @source, :raw => raw,
+                      :exception => e)
+        return
+      end # begin
+    end # if event
+    @logger.debug("Event after csv filter", :event => event)
+  end # def filter
+end # class LogStash::Filters::Csv