RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/grokdiscovery.rb ADDED

@@ -0,0 +1,75 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# TODO(sissel): This is not supported yet. There is a bug in grok discovery
+# that causes segfaults in libgrok.
+class LogStash::Filters::Grokdiscovery < LogStash::Filters::Base
+  config_name "grokdiscovery"
+  milestone 1
+  public
+  def initialize(config = {})
+    super
+    @discover_fields = {}
+  end # def initialize
+  public
+  def register
+    gem "jls-grok", ">=0.4.3"
+    require "grok" # rubygem 'jls-grok'
+    # TODO(sissel): Make patterns files come from the config
+    @config.each do |type, typeconfig|
+      @logger.debug("Registering type with grok: #{type}")
+      @grok = Grok.new
+      Dir.glob("patterns/*").each do |path|
+        @grok.add_patterns_from_file(path)
+      end
+      @discover_fields[type] = typeconfig
+      @logger.debug(["Enabling discovery", { :type => type, :fields => typeconfig }])
+      @logger.warn(@discover_fields)
+    end # @config.each
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    # parse it with grok
+    message = event["message"]
+    match = false
+    if event.type and @discover_fields.include?(event.type)
+      discover = @discover_fields[event.type] & event.to_hash.keys
+      discover.each do |field|
+        value = event[field]
+        value = [value] if value.is_a?(String)
+        value.each do |v|
+          pattern = @grok.discover(v)
+          @logger.warn("Trying #{v} => #{pattern}")
+          @grok.compile(pattern)
+          match = @grok.match(v)
+          if match
+            @logger.warn(["Match", match.captures])
+            event.to_hash.merge!(match.captures) do |key, oldval, newval|
+              @logger.warn(["Merging #{key}", oldval, newval])
+              oldval + newval # should both be arrays...
+            end
+          else
+            @logger.warn(["Discovery produced something not matchable?", { :input => v }])
+          end
+        end # value.each
+      end # discover.each
+    else
+      @logger.info("Unknown type for #{event.source} (type: #{event.type})")
+      @logger.debug(event.to_hash)
+    end
+    @logger.debug(["Event now: ", event.to_hash])
+    filter_matched(event) if !event.cancelled?
+  end # def filter
+end # class LogStash::Filters::Grokdiscovery

data/lib/logstash/filters/i18n.rb ADDED

@@ -0,0 +1,51 @@
+# encoding: utf-8
+require "i18n"
+require "logstash/filters/base"
+require "logstash/namespace"
+# The i18n filter allows you to remove special characters from
+# from a field
+class LogStash::Filters::I18n < LogStash::Filters::Base
+  config_name "i18n"
+  milestone 0
+  # Replaces non-ASCII characters with an ASCII approximation, or
+  # if none exists, a replacement character which defaults to “?”
+  #
+  # Example:
+  #
+  #     filter {
+  #       i18n {
+  #          transliterate => ["field1", "field2"]
+  #       }
+  #     }
+  config :transliterate, :validate => :array
+  public
+  def register
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    transliterate(event) if @transliterate
+    filter_matched(event)
+  end # def filter
+  private
+  def transliterate(event)
+    @transliterate.each do |field|
+      if event[field].is_a?(Array)
+        event[field].map! { |v| I18n.transliterate(v).encode('UTF-8') }
+      elsif event[field].is_a?(String)
+        event[field] = I18n.transliterate(event[field].encode('UTF-8'))
+      else
+        @logger.debug("Can't transliterate something that isn't a string",
+                      :field => field, :value => event[field])
+      end
+    end
+  end # def transliterate
+end # class LogStash::Filters::I18n

data/lib/logstash/filters/json.rb ADDED

@@ -0,0 +1,90 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# JSON filter. Takes a field that contains JSON and expands it into
+# an actual datastructure.
+class LogStash::Filters::Json < LogStash::Filters::Base
+  config_name "json"
+  milestone 2
+  # Config for json is:
+  #
+  #     source => source_field
+  #
+  # For example, if you have json data in the @message field:
+  #
+  #     filter {
+  #       json {
+  #         source => "message"
+  #       }
+  #     }
+  #
+  # The above would parse the json from the @message field
+  config :source, :validate => :string, :required => true
+  # Define target for placing the data. If this setting is omitted,
+  # the json data will be stored at the root of the event.
+  #
+  # For example if you want the data to be put in the 'doc' field:
+  #
+  #     filter {
+  #       json {
+  #         target => "doc"
+  #       }
+  #     }
+  #
+  # json in the value of the source field will be expanded into a
+  # datastructure in the "target" field.
+  #
+  # Note: if the "target" field already exists, it will be overwritten.
+  config :target, :validate => :string
+  public
+  def register
+    # Nothing to do here
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running json filter", :event => event)
+    return unless event.include?(@source)
+    if @target.nil?
+      # Default is to write to the root of the event.
+      dest = event.to_hash
+    else
+      dest = event[@target] ||= {}
+    end
+    begin
+      # TODO(sissel): Note, this will not successfully handle json lists
+      # like your text is '[ 1,2,3 ]' JSON.parse gives you an array (correctly)
+      # which won't merge into a hash. If someone needs this, we can fix it
+      # later.
+      dest.merge!(JSON.parse(event[@source]))
+      # This is a hack to help folks who are mucking with @timestamp during
+      # their json filter. You aren't supposed to do anything with "@timestamp"
+      # outside of the date filter, but nobody listens... ;)
+      if event["@timestamp"].is_a?(String)
+        event["@timestamp"] = Time.parse(event["@timestamp"]).gmtime
+      end
+      filter_matched(event)
+    rescue => e
+      event.tag("_jsonparsefailure")
+      @logger.warn("Trouble parsing json", :source => @source,
+                   :raw => event[@source], :exception => e)
+      return
+    end
+    @logger.debug("Event after json filter", :event => event)
+  end # def filter
+end # class LogStash::Filters::Json

data/lib/logstash/filters/json_encode.rb ADDED

@@ -0,0 +1,52 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# JSON encode filter. Takes a field and serializes it into JSON
+#
+# If no target is specified, the source field is overwritten with the JSON
+# text.
+#
+# For example, if you have a field named 'foo', and you want to store the
+# JSON encoded string in 'bar', do this:
+#
+#     filter {
+#       json_encode {
+#         source => "foo"
+#         target => "bar"
+#       }
+#     }
+class LogStash::Filters::JSONEncode < LogStash::Filters::Base
+  config_name "json_encode"
+  milestone 2
+  # The field to convert to JSON.
+  config :source, :validate => :string, :required => true
+  # The field to write the JSON into. If not specified, the source
+  # field will be overwritten.
+  config :target, :validate => :string
+  public
+  def register
+    @target = @source if @target.nil?
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @logger.debug("Running JSON encoder", :event => event)
+    begin
+      event[@target] = JSON.pretty_generate(event[@source])
+      filter_matched(event)
+    rescue => e
+      event.tag "_jsongeneratefailure"
+      @logger.warn("Trouble encoding JSON", :source => @source, :raw => event[@source].inspect, :exception => e)
+    end
+    @logger.debug? && @logger.debug("Event after JSON encoder", :event => event)
+  end # def filter
+end # class LogStash::Filters::JSONEncode

data/lib/logstash/filters/kv.rb ADDED

@@ -0,0 +1,232 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# This filter helps automatically parse messages which are of the 'foo=bar'
+# variety.
+#
+# For example, if you have a log message which contains 'ip=1.2.3.4
+# error=REFUSED', you can parse those automatically by doing:
+#
+#     filter {
+#       kv { }
+#     }
+#
+# The above will result in a message of "ip=1.2.3.4 error=REFUSED" having
+# the fields:
+#
+# * ip: 1.2.3.4
+# * error: REFUSED
+#
+# This is great for postfix, iptables, and other types of logs that
+# tend towards 'key=value' syntax.
+#
+# Further, this can often be used to parse query parameters like
+# 'foo=bar&baz=fizz' by setting the field_split to "&"
+class LogStash::Filters::KV < LogStash::Filters::Base
+  config_name "kv"
+  milestone 2
+  # A string of characters to trim from the value. This is useful if your
+  # values are wrapped in brackets or are terminated by comma (like postfix
+  # logs)
+  #
+  # These characters form a regex character class and thus you must escape special regex
+  # characters like [ or ] using \.
+  #
+  # Example, to strip '<' '>' '[' ']' and ',' characters from values:
+  #
+  #     filter {
+  #       kv {
+  #         trim => "<>\[\],"
+  #       }
+  #     }
+  config :trim, :validate => :string
+  # A string of characters to trim from the key. This is useful if your
+  # key are wrapped in brackets or starts with space
+  #
+  # These characters form a regex character class and thus you must escape special regex
+  # characters like [ or ] using \.
+  #
+  # Example, to strip '<' '>' '[' ']' and ',' characters from keys:
+  #
+  #     filter {
+  #       kv {
+  #         trimkey => "<>\[\],"
+  #       }
+  #     }
+  config :trimkey, :validate => :string
+  # A string of characters to use as delimiters for parsing out key-value pairs.
+  #
+  # These characters form a regex character class and thus you must escape special regex
+  # characters like [ or ] using \.
+  #
+  # #### Example with URL Query Strings
+  #
+  # Example, to split out the args from a url query string such as
+  # '?pin=12345~0&d=123&e=foo@bar.com&oq=bobo&ss=12345':
+  #
+  #     filter {
+  #       kv {
+  #         field_split => "&?"
+  #       }
+  #     }
+  #
+  # The above splits on both "&" and "?" characters, giving you the following
+  # fields:
+  #
+  # * pin: 12345~0
+  # * d: 123
+  # * e: foo@bar.com
+  # * oq: bobo
+  # * ss: 12345
+  config :field_split, :validate => :string, :default => ' '
+  # A string of characters to use as delimiters for identifying key-value relations.
+  #
+  # These characters form a regex character class and thus you must escape special regex
+  # characters like [ or ] using \.
+  #
+  # Example, to identify key-values such as
+  # 'key1:value1 key2:value2':
+  #
+  #     filter { kv { value_split => ":" } }
+  config :value_split, :validate => :string, :default => '='
+  # A string to prepend to all of the extracted keys
+  #
+  # Example, to prepend arg_ to all keys:
+  #
+  #     filter { kv { prefix => "arg_" } }
+  config :prefix, :validate => :string, :default => ''
+  # The fields to perform 'key=value' searching on
+  #
+  # Example, to use the message field:
+  #
+  #     filter { kv { source => "message" } }
+  config :source, :validate => :string, :default => "message"
+  # The name of the container to put all of the key-value pairs into
+  #
+  # If this setting is omitted, fields will be written to the root of the
+  # event.
+  #
+  # Example, to place all keys into field kv:
+  #
+  #     filter { kv { target => "kv" } }
+  config :target, :validate => :string
+  # An array that specifies the parsed keys which should be added to event.
+  # By default all keys will be added.
+  #
+  # Example, to include only "from" and "to" from a source like "Hey, from=<abc>, to=def foo=bar"
+  # while "foo" key will not be added to event.
+  #
+  #     filter {
+  #       kv {
+  #         include_keys = [ "from", "to" ]
+  #       }
+  #     }
+  config :include_keys, :validate => :array, :default => []
+  # An array that specifies the parsed keys which should not be added to event.
+  # By default no keys will be excluded.
+  #
+  # Example, to exclude "from" and "to" from a source like "Hey, from=<abc>, to=def foo=bar"
+  # while "foo" key will be added to event.
+  #
+  #     filter {
+  #       kv {
+  #         exclude_keys = [ "from", "to" ]
+  #       }
+  #     }
+  config :exclude_keys, :validate => :array, :default => []
+  # A hash that specifies the default keys and their values that should be added to event
+  # in case these keys do no exist in the source field being parsed.
+  #
+  #     filter {
+  #       kv {
+  #         default_keys = [ "from", "logstash@example.com",
+  #                          "to", "default@dev.null" ]
+  #       }
+  #     }
+  config :default_keys, :validate => :hash, :default => {}
+  def register
+    @trim_re = Regexp.new("[#{@trim}]") if !@trim.nil?
+    @trimkey_re = Regexp.new("[#{@trimkey}]") if !@trimkey.nil?
+    @scan_re = Regexp.new("((?:\\\\ |[^"+@field_split+@value_split+"])+)["+@value_split+"](?:\"([^\"]+)\"|'([^']+)'|((?:\\\\ |[^"+@field_split+"])+))")
+  end # def register
+  def filter(event)
+    return unless filter?(event)
+    kv = Hash.new
+    value = event[@source]
+    case value
+      when nil; # Nothing to do
+      when String; kv = parse(value, event, kv)
+      when Array; value.each { |v| kv = parse(v, event, kv) }
+      else
+        @logger.warn("kv filter has no support for this type of data",
+                     :type => value.class, :value => value)
+    end # case value
+    # Add default key-values for missing keys
+    kv = @default_keys.merge(kv)
+    # If we have any keys, create/append the hash
+    if kv.length > 0
+      if @target.nil?
+        # Default is to write to the root of the event.
+        dest = event.to_hash
+      else
+        if !event[@target].is_a?(Hash)
+          @logger.debug("Overwriting existing target field", :target => @target)
+          dest = event[@target] = {}
+        else
+          dest = event[@target]
+        end
+      end
+      dest.merge!(kv)
+      filter_matched(event)
+    end
+  end # def filter
+  private
+  def parse(text, event, kv_keys)
+    if !event =~ /[@field_split]/
+      return kv_keys
+    end
+    text.scan(@scan_re) do |key, v1, v2, v3|
+      value = v1 || v2 || v3
+      key = @trimkey.nil? ? key : key.gsub(@trimkey_re, "")
+      # Bail out as per the values of @include_keys and @exclude_keys
+      next if not @include_keys.empty? and not @include_keys.include?(key)
+      next if @exclude_keys.include?(key)
+      key = event.sprintf(@prefix) + key
+      value = @trim.nil? ? value : value.gsub(@trim_re, "")
+      if kv_keys.has_key?(key)
+        if kv_keys[key].is_a? Array
+          kv_keys[key].push(value)
+        else
+          kv_keys[key] = [kv_keys[key], value]
+        end
+      else
+        kv_keys[key] = value
+      end
+    end
+    return kv_keys
+  end
+end # class LogStash::Filters::KV