RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/mutate.rb ADDED

@@ -0,0 +1,399 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The mutate filter allows you to do general mutations to fields. You
+# can rename, remove, replace, and modify fields in your events.
+#
+# TODO(sissel): Support regexp replacements like String#gsub ?
+class LogStash::Filters::Mutate < LogStash::Filters::Base
+  config_name "mutate"
+  milestone 3
+  # Rename one or more fields.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         # Renames the 'HOSTORIP' field to 'client_ip'
+  #         rename => [ "HOSTORIP", "client_ip" ]
+  #       }
+  #     }
+  config :rename, :validate => :hash
+  # Remove one or more fields.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         remove => [ "client" ]  # Removes the 'client' field
+  #       }
+  #     }
+  #
+  # This option is deprecated, instead use remove_field option available in all
+  # filters.
+  config :remove, :validate => :array, :deprecated => true
+  # Replace a field with a new value. The new value can include %{foo} strings
+  # to help you build a new value from other parts of the event.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         replace => [ "message", "%{source_host}: My new message" ]
+  #       }
+  #     }
+  config :replace, :validate => :hash
+  # Update an existing field with a new value. If the field does not exist,
+  # then no action will be taken.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         update => [ "sample", "My new message" ]
+  #       }
+  #     }
+  config :update, :validate => :hash
+  # Convert a field's value to a different type, like turning a string to an
+  # integer. If the field value is an array, all members will be converted.
+  # If the field is a hash, no action will be taken.
+  #
+  # Valid conversion targets are: integer, float, string
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         convert => [ "fieldname", "integer" ]
+  #       }
+  #     }
+  config :convert, :validate => :hash
+  # Convert a string field by applying a regular expression and a replacement
+  # if the field is not a string, no action will be taken.
+  #
+  # This configuration takes an array consisting of 3 elements per
+  # field/substitution.
+  #
+  # Be aware of escaping any backslash in the config file.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         gsub => [
+  #           # replace all forward slashes with underscore
+  #           "fieldname", "/", "_",
+  #
+  #           # replace backslashes, question marks, hashes, and minuses with
+  #           # dot
+  #           "fieldname2", "[\\?#-]", "."
+  #         ]
+  #       }
+  #     }
+  #
+  config :gsub, :validate => :array
+  # Convert a string to its uppercase equivalent
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         uppercase => [ "fieldname" ]
+  #       }
+  #     }
+  config :uppercase, :validate => :array
+  # Convert a string to its lowercase equivalent
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #         lowercase => [ "fieldname" ]
+  #       }
+  #     }
+  config :lowercase, :validate => :array
+  # Split a field to an array using a separator character. Only works on string
+  # fields.
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #          split => ["fieldname", ","]
+  #       }
+  #     }
+  config :split, :validate => :hash
+  # Join an array with a separator character, does nothing on non-array fields
+  #
+  # Example:
+  #
+  #    filter {
+  #      mutate {
+  #        join => ["fieldname", ","]
+  #      }
+  #    }
+  config :join, :validate => :hash
+  # Strip whitespaces
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #          strip => ["field1", "field2"]
+  #       }
+  #     }
+  config :strip, :validate => :array
+  # merge two fields or arrays or hashes
+  # String fields will be converted in array, so
+  #  array + string will work
+  #  string + string will result in an 2 entry array in dest_field
+  #  array and hash will not work
+  #
+  # Example:
+  #
+  #     filter {
+  #       mutate {
+  #          merge => ["dest_field", "added_field"]
+  #       }
+  #     }
+  config :merge, :validate => :hash
+  public
+  def register
+    valid_conversions = %w(string integer float)
+    # TODO(sissel): Validate conversion requests if provided.
+    @convert.nil? or @convert.each do |field, type|
+      if !valid_conversions.include?(type)
+        @logger.error("Invalid conversion type",
+                      "type" => type, "expected one of" => valid_types)
+        # TODO(sissel): It's 2011, man, let's actually make like.. a proper
+        # 'configuration broken' exception
+        raise "Bad configuration, aborting."
+      end
+    end # @convert.each
+    @gsub_parsed = []
+    @gsub.nil? or @gsub.each_slice(3) do |field, needle, replacement|
+      if [field, needle, replacement].any? {|n| n.nil?}
+        @logger.error("Invalid gsub configuration. gsub has to define 3 elements per config entry", :field => field, :needle => needle, :replacement => replacement)
+        raise "Bad configuration, aborting."
+      end
+      @gsub_parsed << {
+        :field        => field,
+        :needle       => Regexp.new(needle),
+        :replacement  => replacement
+      }
+    end
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    rename(event) if @rename
+    update(event) if @update
+    replace(event) if @replace
+    convert(event) if @convert
+    gsub(event) if @gsub
+    uppercase(event) if @uppercase
+    lowercase(event) if @lowercase
+    strip(event) if @strip
+    remove(event) if @remove
+    split(event) if @split
+    join(event) if @join
+    merge(event) if @merge
+    filter_matched(event)
+  end # def filter
+  private
+  def remove(event)
+    # TODO(sissel): use event.sprintf on the field names?
+    @remove.each do |field|
+      event.remove(field)
+    end
+  end # def remove
+  private
+  def rename(event)
+    # TODO(sissel): use event.sprintf on the field names?
+    @rename.each do |old, new|
+      next unless event.include?(old)
+      event[new] = event.remove(old)
+    end
+  end # def rename
+  private
+  def update(event)
+    @update.each do |field, newvalue|
+      next unless event.include?(field)
+      event[field] = event.sprintf(newvalue)
+    end
+  end # def update
+  private
+  def replace(event)
+    @replace.each do |field, newvalue|
+      event[field] = event.sprintf(newvalue)
+    end
+  end # def replace
+  def convert(event)
+    @convert.each do |field, type|
+      next unless event.include?(field)
+      original = event[field]
+      # calls convert_{string,integer,float} depending on type requested.
+      converter = method("convert_" + type)
+      if original.nil?
+        next
+      elsif original.is_a?(Hash)
+        @logger.debug("I don't know how to type convert a hash, skipping",
+                      :field => field, :value => original)
+        next
+      elsif original.is_a?(Array)
+        value = original.map { |v| converter.call(v) }
+      else
+        value = converter.call(original)
+      end
+      event[field] = value
+    end
+  end # def convert
+  def convert_string(value)
+    return value.to_s
+  end # def convert_string
+  def convert_integer(value)
+    return value.to_i
+  end # def convert_integer
+  def convert_float(value)
+    return value.to_f
+  end # def convert_float
+  private
+  def gsub(event)
+    @gsub_parsed.each do |config|
+      field = config[:field]
+      needle = config[:needle]
+      replacement = config[:replacement]
+      if event[field].is_a?(Array)
+        event[field] = event[field].map do |v|
+          if not v.is_a?(String)
+            @logger.warn("gsub mutation is only applicable for Strings, " +
+                          "skipping", :field => field, :value => v)
+            v
+          else
+            v.gsub(needle, replacement)
+          end
+        end
+      else
+        if not event[field].is_a?(String)
+          @logger.debug("gsub mutation is only applicable for Strings, " +
+                        "skipping", :field => field, :value => event[field])
+          next
+        end
+        event[field] = event[field].gsub(needle, replacement)
+      end
+    end # @gsub_parsed.each
+  end # def gsub
+  private
+  def uppercase(event)
+    @uppercase.each do |field|
+      if event[field].is_a?(Array)
+        event[field].each { |v| v.upcase! }
+      elsif event[field].is_a?(String)
+        event[field].upcase!
+      else
+        @logger.debug("Can't uppercase something that isn't a string",
+                      :field => field, :value => event[field])
+      end
+    end
+  end # def uppercase
+  private
+  def lowercase(event)
+    @lowercase.each do |field|
+      if event[field].is_a?(Array)
+        event[field].each { |v| v.downcase! }
+      elsif event[field].is_a?(String)
+        event[field].downcase!
+      else
+        @logger.debug("Can't lowercase something that isn't a string",
+                      :field => field, :value => event[field])
+      end
+    end
+  end # def lowercase
+  private
+  def split(event)
+    @split.each do |field, separator|
+      if event[field].is_a?(String)
+        event[field] = event[field].split(separator)
+      else
+        @logger.debug("Can't split something that isn't a string",
+                      :field => field, :value => event[field])
+      end
+    end
+  end
+  private
+  def join(event)
+    @join.each do |field, separator|
+      if event[field].is_a?(Array)
+        event[field] = event[field].join(separator)
+      end
+    end
+  end
+  private
+  def strip(event)
+    @strip.each do |field|
+      if event[field].is_a?(Array)
+        event[field] = event[field].map{|s| s.strip }
+      elsif event[field].is_a?(String)
+        event[field] = event[field].strip
+      end
+    end
+  end
+  private
+  def merge(event)
+    @merge.each do |dest_field, added_fields|
+      #When multiple calls, added_field is an array
+      added_fields = [ added_fields ] if ! added_fields.is_a?(Array)
+      added_fields.each do |added_field|
+        if event[dest_field].is_a?(Hash) ^ event[added_field].is_a?(Hash)
+          @logger.error("Not possible to merge an array and a hash: ",
+                        :dest_field => dest_field,
+                        :added_field => added_field )
+          next
+        end
+        if event[dest_field].is_a?(Hash) #No need to test the other
+          event[dest_field].update(event[added_field])
+        else
+          event[dest_field] = [event[dest_field]] if ! event[dest_field].is_a?(Array)
+          event[added_field] = [event[added_field]] if ! event[added_field].is_a?(Array)
+         event[dest_field].concat(event[added_field])
+        end
+      end
+    end
+  end
+end # class LogStash::Filters::Mutate

data/lib/logstash/filters/noop.rb ADDED

@@ -0,0 +1,21 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# No-op filter. This is used generally for internal/dev testing.
+class LogStash::Filters::NOOP < LogStash::Filters::Base
+  config_name "noop"
+  milestone 2
+  public
+  def register
+    # Nothing
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    # Nothing to do
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::NOOP

data/lib/logstash/filters/prune.rb ADDED

@@ -0,0 +1,149 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The prune filter is for pruning event data from @fileds based on whitelist/blacklist
+# of field names or their values (names and values can also be regular expressions).
+class LogStash::Filters::Prune < LogStash::Filters::Base
+  config_name "prune"
+  milestone 1
+  # Trigger whether configation fields and values should be interpolated for
+  # dynamic values.
+  # Probably adds some performance overhead. Defaults to false.
+  config :interpolate, :validate => :boolean, :default => false
+  # Include only fields only if their names match specified regexps, default to empty list which means include everything.
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         tags            => [ "apache-accesslog" ]
+  #         whitelist_names => [ "method", "(referrer|status)", "${some}_field" ]
+  #       }
+  #     }
+  config :whitelist_names, :validate => :array, :default => []
+  # Exclude fields which names match specified regexps, by default exclude unresolved %{field} strings.
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         tags            => [ "apache-accesslog" ]
+  #         blacklist_names => [ "method", "(referrer|status)", "${some}_field" ]
+  #       }
+  #     }
+  config :blacklist_names, :validate => :array, :default => [ "%\{[^}]+\}" ]
+  # Include specified fields only if their values match regexps.
+  # In case field values are arrays, the fields are pruned on per array item
+  # thus only matching array items will be included.
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         tags             => [ "apache-accesslog" ]
+  #         whitelist_values => [ "uripath", "/index.php",
+  #                               "method", "(GET|POST)",
+  #                               "status", "^[^2]" ]
+  #       }
+  #     }
+  config :whitelist_values, :validate => :hash, :default => {}
+  # Exclude specified fields if their values match regexps.
+  # In case field values are arrays, the fields are pruned on per array item
+  # in case all array items are matched whole field will be deleted.
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         tags             => [ "apache-accesslog" ]
+  #         blacklist_values => [ "uripath", "/index.php",
+  #                               "method", "(HEAD|OPTIONS)",
+  #                               "status", "^[^2]" ]
+  #       }
+  #     }
+  config :blacklist_values, :validate => :hash, :default => {}
+  public
+  def register
+    unless @interpolate
+      @whitelist_names_regexp = Regexp.union(@whitelist_names.map {|x| Regexp.new(x)})
+      @blacklist_names_regexp = Regexp.union(@blacklist_names.map {|x| Regexp.new(x)})
+      @whitelist_values.each do |key, value|
+        @whitelist_values[key] = Regexp.new(value)
+      end
+      @blacklist_values.each do |key, value|
+        @blacklist_values[key] = Regexp.new(value)
+      end
+    end
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    hash = event.to_hash
+    # We need to collect fields which needs to be remove ,and only in the end
+    # actually remove it since then interpolation mode you can get unexpected
+    # results as fields with dynamic values will not match since the fields to
+    # which they refer have already been removed.
+    fields_to_remove = []
+    unless @whitelist_names.empty?
+      @whitelist_names_regexp = Regexp.union(@whitelist_names.map {|x| Regexp.new(event.sprintf(x))}) if @interpolate
+      hash.each_key do |field|
+        fields_to_remove << field unless field.match(@whitelist_names_regexp)
+      end
+    end
+    unless @blacklist_names.empty?
+      @blacklist_names_regexp = Regexp.union(@blacklist_names.map {|x| Regexp.new(event.sprintf(x))}) if @interpolate
+      hash.each_key do |field|
+        fields_to_remove << field if field.match(@blacklist_names_regexp)
+      end
+    end
+    @whitelist_values.each do |key, value|
+      if @interpolate
+        key = event.sprintf(key)
+        value = Regexp.new(event.sprintf(value))
+      end
+      if hash[key]
+        if hash[key].is_a?(Array)
+          subvalues_to_remove = hash[key].find_all{|x| not x.match(value)}
+          unless subvalues_to_remove.empty?
+            fields_to_remove << (subvalues_to_remove.length == hash[key].length ? key : { :key => key, :values => subvalues_to_remove })
+          end
+        else
+          fields_to_remove << key if not hash[key].match(value)
+        end
+      end
+    end
+    @blacklist_values.each do |key, value|
+      if @interpolate
+        key = event.sprintf(key)
+        value = Regexp.new(event.sprintf(value))
+      end
+      if hash[key]
+        if hash[key].is_a?(Array)
+          subvalues_to_remove = hash[key].find_all{|x| x.match(value)}
+          unless subvalues_to_remove.empty?
+            fields_to_remove << (subvalues_to_remove.length == hash[key].length ? key : { :key => key, :values => subvalues_to_remove })
+          end
+        else
+          fields_to_remove << key if hash[key].match(value)
+        end
+      end
+    end
+    fields_to_remove.each do |field|
+      if field.is_a?(Hash)
+        hash[field[:key]] = hash[field[:key]] - field[:values]
+      else
+        hash.delete(field)
+      end
+    end
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Prune