RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/elapsed.rb ADDED

@@ -0,0 +1,256 @@
+# elapsed filter
+#
+# This filter tracks a pair of start/end events and calculates the elapsed
+# time between them.
+require "logstash/filters/base"
+require "logstash/namespace"
+require 'thread'
+# The elapsed filter tracks a pair of start/end events and uses their
+# timestamps to calculate the elapsed time between them.
+#
+# The filter has been developed to track the execution time of processes and
+# other long tasks.
+#
+# The configuration looks like this:
+#
+#     filter {
+#       elapsed {
+#         start_tag => "start event tag"
+#         end_tag => "end event tag"
+#         unique_id_field => "id field name"
+#         timeout => seconds
+#         new_event_on_match => true/false
+#       }
+#     }
+#
+# The events managed by this filter must have some particular properties.
+# The event describing the start of the task (the "start event") must contain
+# a tag equal to 'start_tag'. On the other side, the event describing the end
+# of the task (the "end event") must contain a tag equal to 'end_tag'. Both
+# these two kinds of event need to own an ID field which identify uniquely that
+# particular task. The name of this field is stored in 'unique_id_field'.
+#
+# You can use a Grok filter to prepare the events for the elapsed filter.
+# An example of configuration can be:
+#
+#     filter {
+#       grok {
+#         match => ["message", "%{TIMESTAMP_ISO8601} START id: (?<task_id>.*)"]
+#         add_tag => [ "taskStarted" ]
+#       }
+#
+#       grok {
+#         match => ["message", "%{TIMESTAMP_ISO8601} END id: (?<task_id>.*)"]
+#         add_tag => [ "taskTerminated"]
+#       }
+#
+#       elapsed {
+#         start_tag => "taskStarted"
+#         end_tag => "taskTerminated"
+#         unique_id_field => "task_id"
+#       }
+#     }
+#
+# The elapsed filter collects all the "start events". If two, or more, "start
+# events" have the same ID, only the first one is recorded, the others are
+# discarded.
+#
+# When an "end event" matching a previously collected "start event" is
+# received, there is a match. The configuration property 'new_event_on_match'
+# tells where to insert the elapsed information: they can be added to the
+# "end event" or a new "match event" can be created. Both events store the
+# following information:
+# - the tags "elapsed" and "elapsed.match"
+# - the field "elapsed.time" with the difference, in seconds, between
+#   the two events timestamps
+# - an ID filed with the task ID
+# - the field "elapsed.timestamp_start" with the timestamp of the "start event"
+#
+# If the "end event" does not arrive before "timeout" seconds, the
+# "start event" is discarded and an "expired event" is generated. This event
+# contains:
+# - the tags "elapsed" and "elapsed.expired_error"
+# - a field called "elapsed.time" with the age, in seconds, of the
+#   "start event"
+# - an ID filed with the task ID
+# - the field "elapsed.timestamp_start" with the timestamp of the "start event"
+#
+class LogStash::Filters::Elapsed < LogStash::Filters::Base
+  PREFIX = "elapsed."
+  ELAPSED_FIELD = PREFIX + "time"
+  TIMESTAMP_START_EVENT_FIELD = PREFIX + "timestamp_start"
+  HOST_FIELD = "host"
+  ELAPSED_TAG = "elapsed"
+  EXPIRED_ERROR_TAG = PREFIX + "expired_error"
+  END_WITHOUT_START_TAG = PREFIX + "end_wtihout_start"
+  MATCH_TAG = PREFIX + "match"
+  config_name "elapsed"
+  milestone 1
+  # The name of the tag identifying the "start event"
+  config :start_tag, :validate => :string, :required => true
+  # The name of the tag identifying the "end event"
+  config :end_tag, :validate => :string, :required => true
+  # The name of the field containing the task ID.
+  # This value must uniquely identify the task in the system, otherwise
+  # it's impossible to match the couple of events.
+  config :unique_id_field, :validate => :string, :required => true
+  # The amount of seconds after an "end event" can be considered lost.
+  # The corresponding "start event" is discarded and an "expired event"
+  # is generated. The default value is 30 minutes (1800 seconds).
+  config :timeout, :validate => :number, :required => false, :default => 1800
+  # This property manage what to do when an "end event" matches a "start event".
+  # If it's set to 'false' (default value), the elapsed information are added
+  # to the "end event"; if it's set to 'true' a new "match event" is created.
+  config :new_event_on_match, :validate => :boolean, :required => false, :default => false
+  public
+  def register
+    @mutex = Mutex.new
+    # This is the state of the filter. The keys are the "unique_id_field",
+    # the values are couples of values: <start event, age>
+    @start_events = {}
+    @logger.info("Elapsed, timeout: #{@timeout} seconds")
+  end
+  # Getter method used for the tests
+  def start_events
+    @start_events
+  end
+  def filter(event)
+    return unless filter?(event)
+    unique_id = event[@unique_id_field]
+    return if unique_id.nil?
+    if(start_event?(event))
+      filter_matched(event)
+      @logger.info("Elapsed, 'start event' received", start_tag: @start_tag, unique_id_field: @unique_id_field)
+      @mutex.synchronize do
+        unless(@start_events.has_key?(unique_id))
+          @start_events[unique_id] = LogStash::Filters::Elapsed::Element.new(event)
+        end
+      end
+    elsif(end_event?(event))
+      filter_matched(event)
+      @logger.info("Elapsed, 'end event' received", end_tag: @end_tag, unique_id_field: @unique_id_field)
+      @mutex.lock
+      if(@start_events.has_key?(unique_id))
+        start_event = @start_events.delete(unique_id).event
+        @mutex.unlock
+        elapsed = event["@timestamp"] - start_event["@timestamp"]
+        if(@new_event_on_match)
+          elapsed_event = new_elapsed_event(elapsed, unique_id, start_event["@timestamp"])
+          filter_matched(elapsed_event)
+          yield elapsed_event if block_given?
+        else
+          return add_elapsed_info(event, elapsed, unique_id, start_event["@timestamp"])
+        end
+      else
+        @mutex.unlock
+        # The "start event" did not arrive.
+        event.tag(END_WITHOUT_START_TAG)
+      end
+    end
+  end # def filter
+  # The method is invoked by LogStash every 5 seconds.
+  def flush()
+    expired_elements = []
+    @mutex.synchronize do
+      increment_age_by(5)
+      expired_elements = remove_expired_elements()
+    end
+    return create_expired_events_from(expired_elements)
+  end
+  private
+  def increment_age_by(seconds)
+    @start_events.each_pair do |key, element|
+      element.age += seconds
+    end
+  end
+  # Remove the expired "start events" from the internal
+  # buffer and return them.
+  def remove_expired_elements()
+    expired = []
+    @start_events.delete_if do |key, element|
+      if(element.age >= @timeout)
+        expired << element
+        next true
+      end
+      next false
+    end
+    return expired
+  end
+  def create_expired_events_from(expired_elements)
+    events = []
+    expired_elements.each do |element|
+      error_event = LogStash::Event.new
+      error_event.tag(ELAPSED_TAG)
+      error_event.tag(EXPIRED_ERROR_TAG)
+      error_event[HOST_FIELD] = Socket.gethostname
+      error_event[@unique_id_field] = element.event[@unique_id_field]
+      error_event[ELAPSED_FIELD] = element.age
+      error_event[TIMESTAMP_START_EVENT_FIELD] = element.event["@timestamp"]
+      events << error_event
+      filter_matched(error_event)
+    end
+    return events
+  end
+  def start_event?(event)
+    return (event["tags"] != nil && event["tags"].include?(@start_tag))
+  end
+  def end_event?(event)
+    return (event["tags"] != nil && event["tags"].include?(@end_tag))
+  end
+  def new_elapsed_event(elapsed_time, unique_id, timestamp_start_event)
+      new_event = LogStash::Event.new
+      new_event[HOST_FIELD] = Socket.gethostname
+      return add_elapsed_info(new_event, elapsed_time, unique_id, timestamp_start_event)
+  end
+  def add_elapsed_info(event, elapsed_time, unique_id, timestamp_start_event)
+      event.tag(ELAPSED_TAG)
+      event.tag(MATCH_TAG)
+      event[ELAPSED_FIELD] = elapsed_time
+      event[@unique_id_field] = unique_id
+      event[TIMESTAMP_START_EVENT_FIELD] = timestamp_start_event
+      return event
+  end
+end # class LogStash::Filters::Elapsed
+class LogStash::Filters::Elapsed::Element
+  attr_accessor :event, :age
+  def initialize(event)
+    @event = event
+    @age = 0
+  end
+end

data/lib/logstash/filters/elasticsearch.rb ADDED

@@ -0,0 +1,73 @@
+require "logstash/filters/base"
+require "logstash/namespace"
+require "logstash/util/fieldreference"
+# Search elasticsearch for a previous log event and copy some fields from it
+# into the current event.  Below is a complete example of how this filter might
+# be used.  Whenever logstash receives an "end" event, it uses this elasticsearch
+# filter to find the matching "start" event based on some operation identifier.
+# Then it copies the @timestamp field from the "start" event into a new field on
+# the "end" event.  Finally, using a combination of the "date" filter and the
+# "ruby" filter, we calculate the time duration in hours between the two events.
+#
+#       if [type] == "end" {
+#          elasticsearch {
+#             hosts => ["es-server"]
+#             query => "type:start AND operation:%{[opid]}"
+#             fields => ["@timestamp", "started"]
+#          }
+#
+#          date {
+#             match => ["[started]", "ISO8601"]
+#             target => "[started]"
+#          }
+#
+#          ruby {
+#             code => "event['duration_hrs'] = (event['@timestamp'] - event['started']) / 3600 rescue nil"
+#          }
+#       }
+#
+class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
+  config_name "elasticsearch"
+  milestone 1
+  # List of elasticsearch hosts to use for querying.
+  config :hosts, :validate => :array
+  # Elasticsearch query string
+  config :query, :validate => :string
+  # Comma-delimited list of <field>:<direction> pairs that define the sort order
+  config :sort, :validate => :string, :default => "@timestamp:desc"
+  # Hash of fields to copy from old event (found via elasticsearch) into new event
+  config :fields, :validate => :hash, :default => {}
+  public
+  def register
+    require "elasticsearch"
+    @logger.info("New ElasticSearch filter", :hosts => @hosts)
+    @client = Elasticsearch::Client.new hosts: @hosts
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    begin
+      query_str = event.sprintf(@query)
+      results = @client.search q: query_str, sort: @sort, size: 1
+      @fields.each do |old, new|
+        event[new] = results['hits']['hits'][0]['_source'][old]
+      end
+      filter_matched(event)
+    rescue => e
+      @logger.warn("Failed to query elasticsearch for previous event",
+                   :query => query_str, :event => event, :error => e)
+    end
+  end # def filter
+end # class LogStash::Filters::Elasticsearch

data/lib/logstash/filters/environment.rb ADDED

@@ -0,0 +1,27 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Set fields from environment variables
+class LogStash::Filters::Environment < LogStash::Filters::Base
+  config_name "environment"
+  milestone 1
+  # Specify a hash of fields to the environment variable
+  # A hash of matches of field => environment variable
+  config :add_field_from_env, :validate => :hash, :default => {}
+  public
+  def register
+    # Nothing
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @add_field_from_env.each do |field, env|
+      event[field] = ENV[env]
+    end
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Environment

data/lib/logstash/filters/extractnumbers.rb ADDED

@@ -0,0 +1,84 @@
+# encoding: utf-8
+require 'logstash/namespace'
+require 'logstash/filters/base'
+# This filter automatically extracts all numbers found inside a string
+#
+# This is useful when you have lines that don't match a grok pattern
+# or use json but you still need to extract numbers.
+#
+# Each numbers is returned in a @fields.intX or @fields.floatX field
+# where X indicates the position in the string.
+#
+# The fields produced by this filter are extra useful used in combination
+# with kibana number plotting features.
+class LogStash::Filters::ExtractNumbers < LogStash::Filters::Base
+  config_name 'extractnumbers'
+  milestone 1
+  # The source field for the data. By default is message.
+  config :source, :validate => :string, :default => 'message'
+  public
+  def register
+  end
+  public
+  def filter(event)
+    integers = nil
+    floats = nil
+    msg = event[@source]
+    if not msg
+      return
+    end
+    # If for some reason the field is an array of values, take the first only.
+    msg = msg.first if msg.is_a?(Array)
+    fields = msg.split
+    for elem in fields
+      int = str_as_integer(elem)
+      if int != nil
+        if not integers
+          integers = Array.new
+        end
+        integers.push(int)
+        next
+      end
+      f = str_as_float(elem)
+      if f != nil
+        if not floats
+          floats = Array.new
+        end
+        floats.push(f)
+      end
+    end
+    if integers
+      index = 0
+      for i in integers
+        index += 1
+        event["int" + index.to_s] = i
+      end
+    end
+    if floats
+      index = 0
+      for f in floats
+        index += 1
+        event["float" + index.to_s] = f
+      end
+    end
+  end
+  def str_as_integer(str)
+    Integer(str) rescue nil
+  end
+  def str_as_float(str)
+    Float(str) rescue nil
+  end
+end # class LogStash::Filters::ExtractNumbers

data/lib/logstash/filters/gelfify.rb ADDED

@@ -0,0 +1,52 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The GELFify filter parses RFC3164 severity levels to
+# corresponding GELF levels.
+class LogStash::Filters::Gelfify < LogStash::Filters::Base
+  config_name "gelfify"
+  milestone 2
+  SYSLOG_LEVEL_MAP = {
+    0 => 3, # Emergency => FATAL
+    1 => 5, # Alert     => WARN
+    2 => 3, # Critical  => FATAL
+    3 => 4, # Error     => ERROR
+    4 => 5, # Warning   => WARN
+    5 => 6, # Notice    => INFO
+    6 => 6, # Informat. => INFO
+    7 => 7  # Debug     => DEBUG
+  }
+  public
+  def register
+    # nothing
+  end # def register
+  public
+  def filter(event)
+    return unless event["type"] == @type
+    @logger.debug("GELFIFY FILTER: received event of type #{event["type"]}")
+    if event.include?("severity")
+      sev = event["severity"].to_i rescue nil
+      if sev.to_s != event["severity"].to_s
+        # severity isn't convertable to an integer.
+        # "foo".to_i => 0, which would default to EMERG.
+        @logger.debug("GELFIFY FILTER: existing severity field is not an int")
+      elsif SYSLOG_LEVEL_MAP[sev]
+        @logger.debug("GELFIFY FILTER: Severity level successfully mapped")
+        event["GELF_severity"] = SYSLOG_LEVEL_MAP[sev]
+      else
+        @logger.debug("GELFIFY FILTER: unknown severity #{sev}")
+      end
+    else
+      @logger.debug("GELFIFY FILTER: No 'severity' field found")
+    end
+    if !event.cancelled?
+      filter_matched(event)
+    end
+  end # def filter
+end # class LogStash::Filters::Gelfify