RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/date.rb ADDED

@@ -0,0 +1,244 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The date filter is used for parsing dates from fields and using that
+# date or timestamp as the timestamp for the event.
+#
+# For example, syslog events usually have timestamps like this:
+#
+#     "Apr 17 09:32:01"
+#
+# You would use the date format "MMM dd HH:mm:ss" to parse this.
+#
+# The date filter is especially important for sorting events and for
+# backfilling old data. If you don't get the date correct in your
+# event, then searching for them later will likely sort out of order.
+#
+# In the absence of this filter, logstash will choose a timestamp based on the
+# first time it sees the event (at input time), if the timestamp is not already
+# set in the event. For example, with file input, the timestamp is set to the
+# time of each read.
+class LogStash::Filters::Date < LogStash::Filters::Base
+  if RUBY_ENGINE == "jruby"
+    JavaException = java.lang.Exception
+    UTC = org.joda.time.DateTimeZone.forID("UTC")
+  end
+  config_name "date"
+  milestone 3
+  # Specify a timezone canonical ID to be used for date parsing.
+  # The valid ID are listed on http://joda-time.sourceforge.net/timezones.html
+  # Useful in case the timezone cannot be extracted from the value,
+  # and is not the platform default.
+  # If this is not specified the platform default will be used.
+  # Canonical ID is good as it takes care of daylight saving time for you
+  # For example, America/Los_Angeles or Europe/France are valid IDs.
+  config :timezone, :validate => :string
+  # specify a locale to be used for date parsing. If this is not specified the
+  # platform default will be used
+  #
+  # The locale is mostly necessary to be set for parsing month names and
+  # weekday names
+  #
+  config :locale, :validate => :string
+  # The date formats allowed are anything allowed by Joda-Time (java time
+  # library): You can see the docs for this format here:
+  #
+  # [joda.time.format.DateTimeFormat](http://joda-time.sourceforge.net/apidocs/org/joda/time/format/DateTimeFormat.html)
+  #
+  # An array with field name first, and format patterns following, `[ field,
+  # formats... ]`
+  #
+  # If your time field has multiple possible formats, you can do this:
+  #
+  #     match => [ "logdate", "MMM dd YYY HH:mm:ss",
+  #               "MMM  d YYY HH:mm:ss", "ISO8601" ]
+  #
+  # The above will match a syslog (rfc3164) or iso8601 timestamp.
+  #
+  # There are a few special exceptions, the following format literals exist
+  # to help you save time and ensure correctness of date parsing.
+  #
+  # * "ISO8601" - should parse any valid ISO8601 timestamp, such as
+  #   2011-04-19T03:44:01.103Z
+  # * "UNIX" - will parse unix time in seconds since epoch
+  # * "UNIX_MS" - will parse unix time in milliseconds since epoch
+  # * "TAI64N" - will parse tai64n time values
+  #
+  # For example, if you have a field 'logdate' and with a value that looks like
+  # 'Aug 13 2010 00:03:44', you would use this configuration:
+  #
+  #     filter {
+  #       date {
+  #         match => [ "logdate", "MMM dd YYYY HH:mm:ss" ]
+  #       }
+  #     }
+  #
+  # If your field is nested in your structure, you can use the nested
+  # syntax [foo][bar] to match its value. For more information, please refer to
+  # http://logstash.net/docs/latest/configuration#fieldreferences
+  config :match, :validate => :array, :default => []
+  # Store the matching timestamp into the given target field.  If not provided,
+  # default to updating the @timestamp field of the event.
+  config :target, :validate => :string, :default => "@timestamp"
+  # LOGSTASH-34
+  DATEPATTERNS = %w{ y d H m s S }
+  # The 'date' filter will take a value from your event and use it as the
+  # event timestamp. This is useful for parsing logs generated on remote
+  # servers or for importing old logs.
+  #
+  # The config looks like this:
+  #
+  #     filter {
+  #       date {
+  #         type => "typename"
+  #         filename => fieldformat
+  #         # Example:
+  #         timestamp => "mmm DD HH:mm:ss"
+  #       }
+  #     }
+  #
+  # The format is whatever is supported by Joda; generally:
+  # http://download.oracle.com/javase/1.4.2/docs/api/java/text/SimpleDateFormat.html
+  #
+  # TODO(sissel): Support 'seconds since epoch' parsing (nagios uses this)
+  public
+  def initialize(config = {})
+    super
+    @parsers = Hash.new { |h,k| h[k] = [] }
+  end # def initialize
+  private
+  def parseLocale(localeString)
+    return nil if localeString == nil
+    matches = localeString.match(/(?<lang>.+?)(?:_(?<country>.+?))?(?:_(?<variant>.+))?/)
+    lang = matches['lang'] == nil ? "" : matches['lang'].strip()
+    country = matches['country'] == nil ? "" : matches['country'].strip()
+    variant = matches['variant'] == nil ? "" : matches['variant'].strip()
+    return lang.length > 0 ? java.util.Locale.new(lang, country, variant) : nil
+  end
+  public
+  def register
+    require "java"
+    if @match.length < 2
+      raise LogStash::ConfigurationError, I18n.t("logstash.agent.configuration.invalid_plugin_register",
+        :plugin => "filter", :type => "date",
+        :error => "The match setting should contains first a field name and at least one date format, current value is #{@match}")
+    end
+    # TODO(sissel): Need a way of capturing regexp configs better.
+    locale = parseLocale(@config["locale"][0]) if @config["locale"] != nil and @config["locale"][0] != nil
+    setupMatcher(@config["match"].shift, locale, @config["match"] )
+  end
+  def setupMatcher(field, locale, value)
+    value.each do |format|
+      case format
+        when "ISO8601"
+          joda_parser = org.joda.time.format.ISODateTimeFormat.dateTimeParser
+          if @timezone
+            joda_parser = joda_parser.withZone(org.joda.time.DateTimeZone.forID(@timezone))
+          else
+            joda_parser = joda_parser.withOffsetParsed
+          end
+          parser = lambda { |date| joda_parser.parseMillis(date) }
+        when "UNIX" # unix epoch
+          joda_instant = org.joda.time.Instant.java_class.constructor(Java::long).method(:new_instance)
+          #parser = lambda { |date| joda_instant.call((date.to_f * 1000).to_i).to_java.toDateTime }
+          parser = lambda { |date| (date.to_f * 1000).to_i }
+        when "UNIX_MS" # unix epoch in ms
+          joda_instant = org.joda.time.Instant.java_class.constructor(Java::long).method(:new_instance)
+          parser = lambda do |date|
+            #return joda_instant.call(date.to_i).to_java.toDateTime
+            return date.to_i
+          end
+        when "TAI64N" # TAI64 with nanoseconds, -10000 accounts for leap seconds
+          joda_instant = org.joda.time.Instant.java_class.constructor(Java::long).method(:new_instance)
+          parser = lambda do |date|
+            # Skip leading "@" if it is present (common in tai64n times)
+            date = date[1..-1] if date[0, 1] == "@"
+            #return joda_instant.call((date[1..15].hex * 1000 - 10000)+(date[16..23].hex/1000000)).to_java.toDateTime
+            return (date[1..15].hex * 1000 - 10000)+(date[16..23].hex/1000000)
+          end
+        else
+          joda_parser = org.joda.time.format.DateTimeFormat.forPattern(format).withDefaultYear(Time.new.year)
+          if @timezone
+            joda_parser = joda_parser.withZone(org.joda.time.DateTimeZone.forID(@timezone))
+          else
+            joda_parser = joda_parser.withOffsetParsed
+          end
+          if (locale != nil)
+            joda_parser = joda_parser.withLocale(locale)
+          end
+          parser = lambda { |date| joda_parser.parseMillis(date) }
+      end
+      @logger.debug("Adding type with date config", :type => @type,
+                    :field => field, :format => format)
+      @parsers[field] << {
+        :parser => parser,
+        :format => format
+      }
+    end
+  end
+  # def register
+  public
+  def filter(event)
+    @logger.debug? && @logger.debug("Date filter: received event", :type => event["type"])
+    return unless filter?(event)
+    @parsers.each do |field, fieldparsers|
+      @logger.debug? && @logger.debug("Date filter looking for field",
+                                      :type => event["type"], :field => field)
+      next unless event.include?(field)
+      fieldvalues = event[field]
+      fieldvalues = [fieldvalues] if !fieldvalues.is_a?(Array)
+      fieldvalues.each do |value|
+        next if value.nil?
+        begin
+          epochmillis = nil
+          success = false
+          last_exception = RuntimeError.new "Unknown"
+          fieldparsers.each do |parserconfig|
+            parser = parserconfig[:parser]
+            begin
+              epochmillis = parser.call(value)
+              success = true
+              break # success
+            rescue StandardError, JavaException => e
+              last_exception = e
+            end
+          end # fieldparsers.each
+          raise last_exception unless success
+          # Convert joda DateTime to a ruby Time
+          event[@target] = Time.at(epochmillis / 1000, (epochmillis % 1000) * 1000)
+          #event[@target] = Time.at(epochmillis / 1000.0).utc
+          @logger.debug? && @logger.debug("Date parsing done", :value => value, :timestamp => event[@target])
+        rescue StandardError, JavaException => e
+          @logger.warn("Failed parsing date from field", :field => field,
+                       :value => value, :exception => e)
+          # Raising here will bubble all the way up and cause an exit.
+          # TODO(sissel): Maybe we shouldn't raise?
+          # TODO(sissel): What do we do on a failure? Tag it like grok does?
+          #raise e
+        end # begin
+      end # fieldvalue.each
+    end # @parsers.each
+    filter_matched(event) if !event.cancelled?
+    return event
+  end # def filter
+end # class LogStash::Filters::Date

data/lib/logstash/filters/dns.rb ADDED

@@ -0,0 +1,201 @@
+# encoding: utf-8
+# DNS Filter
+#
+# This filter will resolve any IP addresses from a field of your choosing.
+#
+require "logstash/filters/base"
+require "logstash/namespace"
+# The DNS filter performs a lookup (either an A record/CNAME record lookup
+# or a reverse lookup at the PTR record) on records specified under the
+# "reverse" and "resolve" arrays.
+#
+# The config should look like this:
+#
+#     filter {
+#       dns {
+#         type => 'type'
+#         reverse => [ "source_host", "field_with_address" ]
+#         resolve => [ "field_with_fqdn" ]
+#         action => "replace"
+#       }
+#     }
+#
+# Caveats: at the moment, there's no way to tune the timeout with the 'resolv'
+# core library.  It does seem to be fixed in here:
+#
+#   http://redmine.ruby-lang.org/issues/5100
+#
+# but isn't currently in JRuby.
+class LogStash::Filters::DNS < LogStash::Filters::Base
+  config_name "dns"
+  milestone 2
+  # Reverse resolve one or more fields.
+  config :reverse, :validate => :array
+  # Forward resolve one or more fields.
+  config :resolve, :validate => :array
+  # Determine what action to do: append or replace the values in the fields
+  # specified under "reverse" and "resolve."
+  config :action, :validate => [ "append", "replace" ], :default => "append"
+  # Use custom nameserver.
+  config :nameserver, :validate => :string
+  # TODO(sissel): make 'action' required? This was always the intent, but it
+  # due to a typo it was never enforced. Thus the default behavior in past
+  # versions was 'append' by accident.
+  # resolv calls will be wrapped in a timeout instance
+  config :timeout, :validate => :number, :default => 2
+  public
+  def register
+    require "resolv"
+    require "timeout"
+    if @nameserver.nil?
+      @resolv = Resolv.new
+    else
+      @resolv = Resolv.new(resolvers=[::Resolv::Hosts.new, ::Resolv::DNS.new(:nameserver => [@nameserver], :search => [], :ndots => 1)])
+    end
+    @ip_validator = Resolv::AddressRegex
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    if @resolve
+      begin
+        status = Timeout::timeout(@timeout) {
+          resolve(event)
+        }
+      rescue Timeout::Error
+        @logger.debug("DNS: resolve action timed out")
+        return
+      end
+    end
+    if @reverse
+      begin
+        status = Timeout::timeout(@timeout) {
+          reverse(event)
+        }
+      rescue Timeout::Error
+        @logger.debug("DNS: reverse action timed out")
+        return
+      end
+    end
+    filter_matched(event)
+  end
+  private
+  def resolve(event)
+    @resolve.each do |field|
+      is_array = false
+      raw = event[field]
+      if raw.is_a?(Array)
+        is_array = true
+        if raw.length > 1
+          @logger.warn("DNS: skipping resolve, can't deal with multiple values", :field => field, :value => raw)
+          return
+        end
+        raw = raw.first
+      end
+      begin
+        address = @resolv.getaddress(raw)
+      rescue Resolv::ResolvError
+        @logger.debug("DNS: couldn't resolve the hostname.",
+                      :field => field, :value => raw)
+        return
+      rescue Resolv::ResolvTimeout
+        @logger.debug("DNS: timeout on resolving the hostname.",
+                      :field => field, :value => raw)
+        return
+      rescue SocketError => e
+        @logger.debug("DNS: Encountered SocketError.",
+                      :field => field, :value => raw)
+        return
+      rescue NoMethodError => e
+        # see JRUBY-5647
+        @logger.debug("DNS: couldn't resolve the hostname.",
+                      :field => field, :value => raw,
+                      :extra => "NameError instead of ResolvError")
+        return
+      end
+      if @action == "replace"
+        if is_array
+          event[field] = [address]
+        else
+          event[field] = address
+        end
+      else
+        if !is_array
+          event[field] = [event[field], address]
+        else
+          event[field] << address
+        end
+      end
+    end
+  end
+  private
+  def reverse(event)
+    @reverse.each do |field|
+      raw = event[field]
+      is_array = false
+      if raw.is_a?(Array)
+          is_array = true
+          if raw.length > 1
+            @logger.warn("DNS: skipping reverse, can't deal with multiple values", :field => field, :value => raw)
+            return
+          end
+          raw = raw.first
+      end
+      if ! @ip_validator.match(raw)
+        @logger.debug("DNS: not an address",
+                      :field => field, :value => event[field])
+        return
+      end
+      begin
+        hostname = @resolv.getname(raw)
+      rescue Resolv::ResolvError
+        @logger.debug("DNS: couldn't resolve the address.",
+                      :field => field, :value => raw)
+        return
+      rescue Resolv::ResolvTimeout
+        @logger.debug("DNS: timeout on resolving address.",
+                      :field => field, :value => raw)
+        return
+      rescue SocketError => e
+        @logger.debug("DNS: Encountered SocketError.",
+                      :field => field, :value => raw)
+        return
+      end
+      if @action == "replace"
+        if is_array
+          event[field] = [hostname]
+        else
+          event[field] = hostname
+        end
+      else
+        if !is_array
+          event[field] = [event[field], hostname]
+        else
+          event[field] << hostname
+        end
+      end
+    end
+  end
+end # class LogStash::Filters::DNS

data/lib/logstash/filters/drop.rb ADDED

@@ -0,0 +1,32 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Drop filter.
+#
+# Drops everything that gets to this filter.
+#
+# This is best used in combination with conditionals, for example:
+#
+#     filter {
+#       if [loglevel] == "debug" {
+#         drop { }
+#       }
+#     }
+#
+# The above will only pass events to the drop filter if the loglevel field is
+# "debug". This will cause all events matching to be dropped.
+class LogStash::Filters::Drop < LogStash::Filters::Base
+  config_name "drop"
+  milestone 3
+  public
+  def register
+    # nothing to do.
+  end
+  public
+  def filter(event)
+    event.cancel
+  end # def filter
+end # class LogStash::Filters::Drop