RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/punct.rb ADDED

@@ -0,0 +1,32 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Strip everything but punctuation from a field and store the remainder in the
+# a separate field. This is often used for fingerprinting log events.
+class LogStash::Filters::Punct < LogStash::Filters::Base
+  config_name "punct"
+  milestone 1
+  # The field reference to use for punctuation stripping
+  config :source, :validate => :string, :default => "message"
+  # The field to store the result.
+  config :target, :validate => :string, :default => "punct"
+  public
+  def register
+    # Nothing to do
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    original_value = event[@source]
+    # If for some reason the field is an array of values, take the first only.
+    original_value = original_value.first if original_value.is_a?(Array)
+    event[@target] = original_value.tr('A-Za-z0-9 \t','')
+  end # def filter
+end # class LogStash::Filters::Punct

data/lib/logstash/filters/railsparallelrequest.rb ADDED

@@ -0,0 +1,86 @@
+# encoding: utf-8
+# parallel request filter
+#
+# This filter will separate out the parallel requests into separate events.
+#
+require "logstash/filters/base"
+require "logstash/namespace"
+require "set"
+class LogStash::Filters::Railsparallelrequest < LogStash::Filters::Base
+  config_name "railsparallelrequest"
+  milestone 1
+  public
+  def initialize(config = {})
+    super
+    @threadsafe = false
+    @pending = Hash.new
+    @last_event = nil
+    @recently_error = nil
+    @last_uuid = nil
+  end
+  def register ;end
+  def filter(event)
+    return unless filter?(event)
+    return if event["tags"].include? self.class.config_name
+    event["tags"] << self.class.config_name
+    line = event["message"]
+    if line =~ /^\[(.*?)\]/
+      uuid = $1
+      event["uuid"] = uuid
+      if @recently_error
+        if @last_uuid == uuid
+          merge_events(@recently_error, event, uuid)
+          event.cancel
+          return
+        else
+          @recently_error.uncancel
+          yield @recently_error
+          @recently_error = nil
+        end
+      end
+      @last_uuid = uuid
+      if @pending[uuid]
+        merge_events(@pending[uuid], event, uuid)
+      else
+        @pending[uuid] = event
+      end
+      @last_event = @pending[uuid]
+      if line =~ /Error/
+        event.overwrite(@pending[uuid].to_hash)
+        @pending.delete uuid
+        @recently_error = event
+      elsif line =~ /Completed/
+        event.overwrite(@pending[uuid])
+        @pending.delete uuid
+        return
+      end
+      event.cancel
+    elsif @last_event
+      @last_event.append(event)
+      event.cancel
+    end
+  end
+  def flush
+    events = @pending.values.each { |event| event.uncancel }
+    @pending.clear
+    events
+  end
+  private
+  def merge_events(dest, source, uuid)
+    source["message"].gsub!("[#{uuid}]", "")
+    dest.append(source)
+  end
+end

data/lib/logstash/filters/range.rb ADDED

@@ -0,0 +1,142 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# This filter is used to check that certain fields are within expected size/length ranges.
+# Supported types are numbers and strings.
+# Numbers are checked to be within numeric value range.
+# Strings are checked to be within string length range.
+# More than one range can be specified for same fieldname, actions will be applied incrementally.
+# When field value is within a specified range an action will be taken.
+# Supported actions are drop event, add tag, or add field with specified value.
+#
+# Example use cases are for histogram-like tagging of events
+# or for finding anomaly values in fields or too big events that should be dropped.
+class LogStash::Filters::Range < LogStash::Filters::Base
+  config_name "range"
+  milestone 1
+  # An array of field, min, max, action tuples.
+  # Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         ranges => [ "message", 0, 10, "tag:short",
+  #                     "message", 11, 100, "tag:medium",
+  #                     "message", 101, 1000, "tag:long",
+  #                     "message", 1001, 1e1000, "drop",
+  #                     "duration", 0, 100, "field:latency:fast",
+  #                     "duration", 101, 200, "field:latency:normal",
+  #                     "duration", 201, 1000, "field:latency:slow",
+  #                     "duration", 1001, 1e1000, "field:latency:outlier",
+  #                     "requests", 0, 10, "tag:too_few_%{host}_requests" ]
+  #       }
+  #     }
+  #
+  # Supported actions are drop tag or field with specified value.
+  # Added tag names and field names and field values can have %{dynamic} values.
+  #
+  # TODO(piavlo): The action syntax is ugly at the moment due to logstash grammar limitations - arrays grammar should support
+  # TODO(piavlo): simple not nested hashses as values in addition to numaric and string values to prettify the syntax.
+  config :ranges, :validate => :array, :default => []
+  # Negate the range match logic, events should be outsize of the specified range to match.
+  config :negate, :validate => :boolean, :default => false
+  public
+  def register
+    if @ranges.length % 4 != 0
+      raise "#{self.class.name}: ranges array should consist of 4 field tuples (field,min,max,action)"
+    end
+    @range_tuples = {}
+    while !@ranges.empty?
+      fieldname, min, max, action = @ranges.shift(4)
+      raise "#{self.class.name}: range field name value should be a string" if !fieldname.is_a?(String)
+      raise "#{self.class.name}: range min value should be a number" if !min.is_a?(Integer) and !min.is_a?(Float)
+      raise "#{self.class.name}: range max value should be a number" if !max.is_a?(Integer) and !max.is_a?(Float)
+      raise "#{self.class.name}: range action value should be a string" if !action.is_a?(String)
+      action = action.split(':')
+      case action.first
+      when "drop"
+        raise "#{self.class.name}: drop action does not accept any parameters" unless action.length == 1
+        action = { :name => :drop }
+      when "tag"
+        raise "#{self.class.name}: tag action accepts exactly one arg which is a tag name" unless action.length == 2
+        action = { :name => :add_tag, :tag => action.last }
+      when "field"
+        raise "#{self.class.name}: field action accepts exactly 2 args which are a field name and field value" unless action.length == 3
+        if action.last == action.last.to_i.to_s
+          value = action.last.to_i
+        elsif action.last == action.last.to_f.to_s
+          value = action.last.to_f
+        else
+          value = action.last
+        end
+        action = { :name => :add_field, :field => action[1], :value => value }
+      else
+        raise "#{self.class.name}: unsupported action #{action}"
+      end
+      @range_tuples[fieldname] ||= []
+      @range_tuples[fieldname] << { :min => min, :max => max, :action => action }
+    end
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @range_tuples.each_key do |fieldname|
+      if event.include?(fieldname)
+        @range_tuples[fieldname].each do |range|
+          matched = false
+          field = event[fieldname]
+          case field
+          when Integer
+            matched = field.between?(range[:min], range[:max])
+          when Float
+            matched = field.between?(range[:min], range[:max])
+          when String
+            matched = field.length.between?(range[:min], range[:max])
+          else
+            @logger.warn("#{self.class.name}: action field value has unsupported type")
+          end
+          matched = !matched if @negate
+          next unless matched
+          case range[:action][:name]
+          when :drop
+            @logger.debug? and @logger.debug("#{self.class.name}: dropping event due to range match", :event => event)
+            event.cancel
+            return
+          when :add_tag
+            @logger.debug? and @logger.debug("#{self.class.name}: adding tag due to range match",
+                                             :event => event, :tag => range[:action][:tag] )
+            event.tag(event.sprintf(range[:action][:tag]))
+          when :add_field
+            @logger.debug? and @logger.debug("#{self.class.name}: adding field due to range match",
+                                              :event => event, :field => range[:action][:field], :value => range[:action][:value])
+            new_field = event.sprintf(range[:action][:field])
+            if event[new_field]
+              event[new_field] = [event[new_field]] if !event[new_field].is_a?(Array)
+              event[new_field] << event.sprintf(range[:action][:value])
+            else
+              event[new_field] = range[:action][:value].is_a?(String) ? event.sprintf(range[:action][:value]) : range[:action][:value]
+            end
+          end
+        end
+      end
+    end
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Range

data/lib/logstash/filters/ruby.rb ADDED

@@ -0,0 +1,42 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Execute ruby code.
+#
+# For example, to cancel 90% of events, you can do this:
+#
+#     filter {
+#       ruby {
+#         # Cancel 90% of events
+#         code => "event.cancel if rand <= 0.90"
+#       }
+#     }
+#
+class LogStash::Filters::Ruby < LogStash::Filters::Base
+  config_name "ruby"
+  milestone 1
+  # Any code to execute at logstash startup-time
+  config :init, :validate => :string
+  # The code to execute for every event.
+  # You will have an 'event' variable available that is the event itself.
+  config :code, :validate => :string, :required => true
+  public
+  def register
+    # TODO(sissel): Compile the ruby code
+    eval(@init, binding, "(ruby filter init)") if @init
+    eval("@codeblock = lambda { |event| #{@code} }", binding, "(ruby filter code)")
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @codeblock.call(event)
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Ruby

data/lib/logstash/filters/sleep.rb ADDED

@@ -0,0 +1,111 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Sleep a given amount of time. This will cause logstash
+# to stall for the given amount of time. This is useful
+# for rate limiting, etc.
+#
+class LogStash::Filters::Sleep < LogStash::Filters::Base
+  config_name "sleep"
+  milestone 1
+  # The length of time to sleep, in seconds, for every event.
+  #
+  # This can be a number (eg, 0.5), or a string (eg, "%{foo}")
+  # The second form (string with a field value) is useful if
+  # you have an attribute of your event that you want to use
+  # to indicate the amount of time to sleep.
+  #
+  # Example:
+  #
+  #     filter {
+  #       sleep {
+  #         # Sleep 1 second for every event.
+  #         time => "1"
+  #       }
+  #     }
+  config :time, :validate => :string
+  # Sleep on every N'th. This option is ignored in replay mode.
+  #
+  # Example:
+  #
+  #     filter {
+  #       sleep {
+  #         time => "1"   # Sleep 1 second
+  #         every => 10   # on every 10th event
+  #       }
+  #     }
+  config :every, :validate => :string, :default => 1
+  # Enable replay mode.
+  #
+  # Replay mode tries to sleep based on timestamps in each event.
+  #
+  # The amount of time to sleep is computed by subtracting the
+  # previous event's timestamp from the current event's timestamp.
+  # This helps you replay events in the same timeline as original.
+  #
+  # If you specify a `time` setting as well, this filter will
+  # use the `time` value as a speed modifier. For example,
+  # a `time` value of 2 will replay at double speed, while a
+  # value of 0.25 will replay at 1/4th speed.
+  #
+  # For example:
+  #
+  #     filter {
+  #       sleep {
+  #         time => 2
+  #         replay => true
+  #       }
+  #     }
+  #
+  # The above will sleep in such a way that it will perform
+  # replay 2-times faster than the original time speed.
+  config :replay, :validate => :boolean, :default => false
+  public
+  def register
+    if @replay && @time.nil?
+      # Default time multiplier is 1 when replay is set.
+      @time = 1
+    end
+    if @time.nil?
+      raise ArgumentError, "Missing required parameter 'time' for input/eventlog"
+    end
+    @count = 0
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @count += 1
+    case @time
+      when Fixnum, Float; time = @time
+      when nil; # nothing
+      else; time = event.sprintf(@time).to_f
+    end
+    if @replay
+      clock = event["@timestamp"].to_f
+      if @last_clock
+        delay = clock - @last_clock
+        time = delay/time
+        if time > 0
+          @logger.debug? && @logger.debug("Sleeping", :delay => time)
+          sleep(time)
+        end
+      end
+      @last_clock = clock
+    else
+      if @count >= @every
+        @count = 0
+        @logger.debug? && @logger.debug("Sleeping", :delay => time)
+        sleep(time)
+      end
+    end
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Sleep

data/lib/logstash/filters/split.rb ADDED

@@ -0,0 +1,64 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# The split filter is for splitting multiline messages into separate events.
+#
+# An example use case of this filter is for taking output from the 'exec' input
+# which emits one event for the whole output of a command and splitting that
+# output by newline - making each line an event.
+#
+# The end result of each split is a complete copy of the event
+# with only the current split section of the given field changed.
+class LogStash::Filters::Split < LogStash::Filters::Base
+  config_name "split"
+  milestone 2
+  # The string to split on. This is usually a line terminator, but can be any
+  # string.
+  config :terminator, :validate => :string, :default => "\n"
+  # The field which value is split by the terminator
+  config :field, :validate => :string, :default => "message"
+  public
+  def register
+    # Nothing to do
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    events = []
+    original_value = event[@field]
+    # If for some reason the field is an array of values, take the first only.
+    original_value = original_value.first if original_value.is_a?(Array)
+    # Using -1 for 'limit' on String#split makes ruby not drop trailing empty
+    # splits.
+    splits = original_value.split(@terminator, -1)
+    # Skip filtering if splitting this event resulted in only one thing found.
+    return if splits.length == 1
+    #or splits[1].empty?
+    splits.each do |value|
+      next if value.empty?
+      event_split = event.clone
+      @logger.debug("Split event", :value => value, :field => @field)
+      event_split[@field] = value
+      filter_matched(event_split)
+      # Push this new event onto the stack at the LogStash::FilterWorker
+      yield event_split
+    end
+    # Cancel this event, we'll use the newly generated ones above.
+    event.cancel
+  end # def filter
+end # class LogStash::Filters::Split