RubyGems - logstash-lib - Versions diffs - 1.3.2 - Mend

logstash-lib 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (419) hide show

data/.gitignore +24 -0
data/.tailor +8 -0
data/.travis.yml +12 -0
data/CHANGELOG +1185 -0
data/CONTRIBUTING.md +61 -0
data/CONTRIBUTORS +79 -0
data/LICENSE +14 -0
data/Makefile +460 -0
data/README.md +120 -0
data/STYLE.md +96 -0
data/bin/logstash +37 -0
data/bin/logstash-test +4 -0
data/bin/logstash-web +4 -0
data/bin/logstash.lib.sh +78 -0
data/bot/check_pull_changelog.rb +89 -0
data/docs/configuration.md +260 -0
data/docs/docgen.rb +242 -0
data/docs/extending/example-add-a-new-filter.md +121 -0
data/docs/extending/index.md +91 -0
data/docs/flags.md +43 -0
data/docs/generate_index.rb +28 -0
data/docs/index.html.erb +56 -0
data/docs/learn.md +46 -0
data/docs/life-of-an-event.md +109 -0
data/docs/logging-tool-comparisons.md +60 -0
data/docs/plugin-doc.html.erb +91 -0
data/docs/plugin-milestones.md +41 -0
data/docs/plugin-synopsis.html.erb +24 -0
data/docs/release-engineering.md +46 -0
data/docs/release-test-results.md +14 -0
data/docs/repositories.md +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-elasticsearch.conf +35 -0
data/docs/tutorials/10-minute-walkthrough/apache-parse.conf +33 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.1 +1 -0
data/docs/tutorials/10-minute-walkthrough/apache_log.2.bz2 +0 -0
data/docs/tutorials/10-minute-walkthrough/hello-search.conf +25 -0
data/docs/tutorials/10-minute-walkthrough/hello.conf +16 -0
data/docs/tutorials/10-minute-walkthrough/index.md +124 -0
data/docs/tutorials/10-minute-walkthrough/step-5-output.txt +17 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.png +0 -0
data/docs/tutorials/getting-started-centralized-overview-diagram.xml +1 -0
data/docs/tutorials/getting-started-centralized.md +217 -0
data/docs/tutorials/getting-started-simple.md +200 -0
data/docs/tutorials/just-enough-rabbitmq-for-logstash.md +201 -0
data/docs/tutorials/media/frontend-response-codes.png +0 -0
data/docs/tutorials/metrics-from-logs.md +84 -0
data/docs/tutorials/zeromq.md +118 -0
data/extract_services.rb +29 -0
data/gembag.rb +64 -0
data/lib/logstash-event.rb +2 -0
data/lib/logstash.rb +4 -0
data/lib/logstash/JRUBY-6970-openssl.rb +22 -0
data/lib/logstash/JRUBY-6970.rb +102 -0
data/lib/logstash/agent.rb +305 -0
data/lib/logstash/certs/cacert.pem +3895 -0
data/lib/logstash/codecs/base.rb +49 -0
data/lib/logstash/codecs/compress_spooler.rb +50 -0
data/lib/logstash/codecs/dots.rb +18 -0
data/lib/logstash/codecs/edn.rb +28 -0
data/lib/logstash/codecs/edn_lines.rb +36 -0
data/lib/logstash/codecs/fluent.rb +55 -0
data/lib/logstash/codecs/graphite.rb +114 -0
data/lib/logstash/codecs/json.rb +41 -0
data/lib/logstash/codecs/json_lines.rb +52 -0
data/lib/logstash/codecs/json_spooler.rb +22 -0
data/lib/logstash/codecs/line.rb +58 -0
data/lib/logstash/codecs/msgpack.rb +43 -0
data/lib/logstash/codecs/multiline.rb +189 -0
data/lib/logstash/codecs/netflow.rb +342 -0
data/lib/logstash/codecs/netflow/util.rb +212 -0
data/lib/logstash/codecs/noop.rb +19 -0
data/lib/logstash/codecs/oldlogstashjson.rb +56 -0
data/lib/logstash/codecs/plain.rb +48 -0
data/lib/logstash/codecs/rubydebug.rb +22 -0
data/lib/logstash/codecs/spool.rb +38 -0
data/lib/logstash/config/Makefile +4 -0
data/lib/logstash/config/config_ast.rb +380 -0
data/lib/logstash/config/file.rb +39 -0
data/lib/logstash/config/grammar.rb +3504 -0
data/lib/logstash/config/grammar.treetop +241 -0
data/lib/logstash/config/mixin.rb +464 -0
data/lib/logstash/config/registry.rb +13 -0
data/lib/logstash/config/test.conf +18 -0
data/lib/logstash/errors.rb +10 -0
data/lib/logstash/event.rb +262 -0
data/lib/logstash/filters/advisor.rb +178 -0
data/lib/logstash/filters/alter.rb +173 -0
data/lib/logstash/filters/anonymize.rb +93 -0
data/lib/logstash/filters/base.rb +190 -0
data/lib/logstash/filters/checksum.rb +50 -0
data/lib/logstash/filters/cidr.rb +76 -0
data/lib/logstash/filters/cipher.rb +145 -0
data/lib/logstash/filters/clone.rb +35 -0
data/lib/logstash/filters/collate.rb +114 -0
data/lib/logstash/filters/csv.rb +94 -0
data/lib/logstash/filters/date.rb +244 -0
data/lib/logstash/filters/dns.rb +201 -0
data/lib/logstash/filters/drop.rb +32 -0
data/lib/logstash/filters/elapsed.rb +256 -0
data/lib/logstash/filters/elasticsearch.rb +73 -0
data/lib/logstash/filters/environment.rb +27 -0
data/lib/logstash/filters/extractnumbers.rb +84 -0
data/lib/logstash/filters/gelfify.rb +52 -0
data/lib/logstash/filters/geoip.rb +145 -0
data/lib/logstash/filters/grep.rb +153 -0
data/lib/logstash/filters/grok.rb +425 -0
data/lib/logstash/filters/grokdiscovery.rb +75 -0
data/lib/logstash/filters/i18n.rb +51 -0
data/lib/logstash/filters/json.rb +90 -0
data/lib/logstash/filters/json_encode.rb +52 -0
data/lib/logstash/filters/kv.rb +232 -0
data/lib/logstash/filters/metaevent.rb +68 -0
data/lib/logstash/filters/metrics.rb +237 -0
data/lib/logstash/filters/multiline.rb +241 -0
data/lib/logstash/filters/mutate.rb +399 -0
data/lib/logstash/filters/noop.rb +21 -0
data/lib/logstash/filters/prune.rb +149 -0
data/lib/logstash/filters/punct.rb +32 -0
data/lib/logstash/filters/railsparallelrequest.rb +86 -0
data/lib/logstash/filters/range.rb +142 -0
data/lib/logstash/filters/ruby.rb +42 -0
data/lib/logstash/filters/sleep.rb +111 -0
data/lib/logstash/filters/split.rb +64 -0
data/lib/logstash/filters/sumnumbers.rb +73 -0
data/lib/logstash/filters/syslog_pri.rb +107 -0
data/lib/logstash/filters/translate.rb +121 -0
data/lib/logstash/filters/unique.rb +29 -0
data/lib/logstash/filters/urldecode.rb +57 -0
data/lib/logstash/filters/useragent.rb +112 -0
data/lib/logstash/filters/uuid.rb +58 -0
data/lib/logstash/filters/xml.rb +139 -0
data/lib/logstash/filters/zeromq.rb +123 -0
data/lib/logstash/filterworker.rb +122 -0
data/lib/logstash/inputs/base.rb +125 -0
data/lib/logstash/inputs/collectd.rb +306 -0
data/lib/logstash/inputs/drupal_dblog.rb +323 -0
data/lib/logstash/inputs/drupal_dblog/jdbcconnection.rb +66 -0
data/lib/logstash/inputs/elasticsearch.rb +140 -0
data/lib/logstash/inputs/eventlog.rb +129 -0
data/lib/logstash/inputs/eventlog/racob_fix.rb +44 -0
data/lib/logstash/inputs/exec.rb +69 -0
data/lib/logstash/inputs/file.rb +146 -0
data/lib/logstash/inputs/ganglia.rb +127 -0
data/lib/logstash/inputs/ganglia/gmondpacket.rb +146 -0
data/lib/logstash/inputs/ganglia/xdr.rb +327 -0
data/lib/logstash/inputs/gelf.rb +138 -0
data/lib/logstash/inputs/gemfire.rb +222 -0
data/lib/logstash/inputs/generator.rb +97 -0
data/lib/logstash/inputs/graphite.rb +41 -0
data/lib/logstash/inputs/heroku.rb +51 -0
data/lib/logstash/inputs/imap.rb +136 -0
data/lib/logstash/inputs/irc.rb +84 -0
data/lib/logstash/inputs/log4j.rb +136 -0
data/lib/logstash/inputs/lumberjack.rb +53 -0
data/lib/logstash/inputs/pipe.rb +57 -0
data/lib/logstash/inputs/rabbitmq.rb +126 -0
data/lib/logstash/inputs/rabbitmq/bunny.rb +118 -0
data/lib/logstash/inputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/inputs/rabbitmq/march_hare.rb +129 -0
data/lib/logstash/inputs/redis.rb +263 -0
data/lib/logstash/inputs/relp.rb +106 -0
data/lib/logstash/inputs/s3.rb +279 -0
data/lib/logstash/inputs/snmptrap.rb +87 -0
data/lib/logstash/inputs/sqlite.rb +185 -0
data/lib/logstash/inputs/sqs.rb +172 -0
data/lib/logstash/inputs/stdin.rb +46 -0
data/lib/logstash/inputs/stomp.rb +84 -0
data/lib/logstash/inputs/syslog.rb +237 -0
data/lib/logstash/inputs/tcp.rb +231 -0
data/lib/logstash/inputs/threadable.rb +18 -0
data/lib/logstash/inputs/twitter.rb +82 -0
data/lib/logstash/inputs/udp.rb +81 -0
data/lib/logstash/inputs/unix.rb +163 -0
data/lib/logstash/inputs/varnishlog.rb +48 -0
data/lib/logstash/inputs/websocket.rb +50 -0
data/lib/logstash/inputs/wmi.rb +72 -0
data/lib/logstash/inputs/xmpp.rb +81 -0
data/lib/logstash/inputs/zenoss.rb +143 -0
data/lib/logstash/inputs/zeromq.rb +165 -0
data/lib/logstash/kibana.rb +113 -0
data/lib/logstash/loadlibs.rb +9 -0
data/lib/logstash/logging.rb +89 -0
data/lib/logstash/monkeypatches-for-bugs.rb +2 -0
data/lib/logstash/monkeypatches-for-debugging.rb +47 -0
data/lib/logstash/monkeypatches-for-performance.rb +66 -0
data/lib/logstash/multiqueue.rb +53 -0
data/lib/logstash/namespace.rb +16 -0
data/lib/logstash/outputs/base.rb +120 -0
data/lib/logstash/outputs/boundary.rb +116 -0
data/lib/logstash/outputs/circonus.rb +78 -0
data/lib/logstash/outputs/cloudwatch.rb +351 -0
data/lib/logstash/outputs/csv.rb +55 -0
data/lib/logstash/outputs/datadog.rb +93 -0
data/lib/logstash/outputs/datadog_metrics.rb +123 -0
data/lib/logstash/outputs/elasticsearch.rb +332 -0
data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json +44 -0
data/lib/logstash/outputs/elasticsearch_http.rb +256 -0
data/lib/logstash/outputs/elasticsearch_river.rb +214 -0
data/lib/logstash/outputs/email.rb +299 -0
data/lib/logstash/outputs/exec.rb +40 -0
data/lib/logstash/outputs/file.rb +180 -0
data/lib/logstash/outputs/ganglia.rb +75 -0
data/lib/logstash/outputs/gelf.rb +208 -0
data/lib/logstash/outputs/gemfire.rb +103 -0
data/lib/logstash/outputs/google_bigquery.rb +570 -0
data/lib/logstash/outputs/google_cloud_storage.rb +431 -0
data/lib/logstash/outputs/graphite.rb +143 -0
data/lib/logstash/outputs/graphtastic.rb +185 -0
data/lib/logstash/outputs/hipchat.rb +80 -0
data/lib/logstash/outputs/http.rb +142 -0
data/lib/logstash/outputs/irc.rb +80 -0
data/lib/logstash/outputs/jira.rb +109 -0
data/lib/logstash/outputs/juggernaut.rb +105 -0
data/lib/logstash/outputs/librato.rb +146 -0
data/lib/logstash/outputs/loggly.rb +93 -0
data/lib/logstash/outputs/lumberjack.rb +51 -0
data/lib/logstash/outputs/metriccatcher.rb +103 -0
data/lib/logstash/outputs/mongodb.rb +81 -0
data/lib/logstash/outputs/nagios.rb +119 -0
data/lib/logstash/outputs/nagios_nsca.rb +123 -0
data/lib/logstash/outputs/null.rb +18 -0
data/lib/logstash/outputs/opentsdb.rb +101 -0
data/lib/logstash/outputs/pagerduty.rb +79 -0
data/lib/logstash/outputs/pipe.rb +132 -0
data/lib/logstash/outputs/rabbitmq.rb +96 -0
data/lib/logstash/outputs/rabbitmq/bunny.rb +135 -0
data/lib/logstash/outputs/rabbitmq/hot_bunnies.rb +1 -0
data/lib/logstash/outputs/rabbitmq/march_hare.rb +143 -0
data/lib/logstash/outputs/redis.rb +245 -0
data/lib/logstash/outputs/riak.rb +152 -0
data/lib/logstash/outputs/riemann.rb +109 -0
data/lib/logstash/outputs/s3.rb +356 -0
data/lib/logstash/outputs/sns.rb +124 -0
data/lib/logstash/outputs/solr_http.rb +78 -0
data/lib/logstash/outputs/sqs.rb +141 -0
data/lib/logstash/outputs/statsd.rb +116 -0
data/lib/logstash/outputs/stdout.rb +53 -0
data/lib/logstash/outputs/stomp.rb +67 -0
data/lib/logstash/outputs/syslog.rb +145 -0
data/lib/logstash/outputs/tcp.rb +145 -0
data/lib/logstash/outputs/udp.rb +38 -0
data/lib/logstash/outputs/websocket.rb +46 -0
data/lib/logstash/outputs/websocket/app.rb +29 -0
data/lib/logstash/outputs/websocket/pubsub.rb +45 -0
data/lib/logstash/outputs/xmpp.rb +78 -0
data/lib/logstash/outputs/zabbix.rb +108 -0
data/lib/logstash/outputs/zeromq.rb +125 -0
data/lib/logstash/pipeline.rb +286 -0
data/lib/logstash/plugin.rb +150 -0
data/lib/logstash/plugin_mixins/aws_config.rb +93 -0
data/lib/logstash/program.rb +15 -0
data/lib/logstash/runner.rb +238 -0
data/lib/logstash/sized_queue.rb +8 -0
data/lib/logstash/test.rb +183 -0
data/lib/logstash/threadwatchdog.rb +37 -0
data/lib/logstash/time_addon.rb +33 -0
data/lib/logstash/util.rb +106 -0
data/lib/logstash/util/buftok.rb +139 -0
data/lib/logstash/util/charset.rb +39 -0
data/lib/logstash/util/fieldreference.rb +50 -0
data/lib/logstash/util/password.rb +25 -0
data/lib/logstash/util/prctl.rb +11 -0
data/lib/logstash/util/relp.rb +326 -0
data/lib/logstash/util/require-helper.rb +18 -0
data/lib/logstash/util/socket_peer.rb +7 -0
data/lib/logstash/util/zenoss.rb +566 -0
data/lib/logstash/util/zeromq.rb +47 -0
data/lib/logstash/version.rb +6 -0
data/locales/en.yml +170 -0
data/logstash-event.gemspec +29 -0
data/logstash.gemspec +128 -0
data/patterns/firewalls +60 -0
data/patterns/grok-patterns +91 -0
data/patterns/haproxy +37 -0
data/patterns/java +3 -0
data/patterns/linux-syslog +14 -0
data/patterns/mcollective +1 -0
data/patterns/mcollective-patterns +4 -0
data/patterns/nagios +108 -0
data/patterns/postgresql +3 -0
data/patterns/redis +3 -0
data/patterns/ruby +2 -0
data/pkg/build.sh +135 -0
data/pkg/centos/after-install.sh +1 -0
data/pkg/centos/before-install.sh +10 -0
data/pkg/centos/before-remove.sh +11 -0
data/pkg/centos/sysconfig +15 -0
data/pkg/debian/after-install.sh +5 -0
data/pkg/debian/before-install.sh +13 -0
data/pkg/debian/before-remove.sh +13 -0
data/pkg/debian/build.sh +34 -0
data/pkg/debian/debian/README +6 -0
data/pkg/debian/debian/changelog +17 -0
data/pkg/debian/debian/compat +1 -0
data/pkg/debian/debian/control +16 -0
data/pkg/debian/debian/copyright +27 -0
data/pkg/debian/debian/dirs +19 -0
data/pkg/debian/debian/docs +0 -0
data/pkg/debian/debian/logstash.default +39 -0
data/pkg/debian/debian/logstash.init +201 -0
data/pkg/debian/debian/logstash.install +1 -0
data/pkg/debian/debian/logstash.logrotate +9 -0
data/pkg/debian/debian/logstash.postinst +68 -0
data/pkg/debian/debian/logstash.postrm +23 -0
data/pkg/debian/debian/manpage.1.ex +59 -0
data/pkg/debian/debian/preinst.ex +37 -0
data/pkg/debian/debian/prerm.ex +40 -0
data/pkg/debian/debian/release.conf +5 -0
data/pkg/debian/debian/rules +80 -0
data/pkg/debian/debian/watch.ex +22 -0
data/pkg/logrotate.conf +8 -0
data/pkg/logstash-web.default +41 -0
data/pkg/logstash-web.sysv.debian +201 -0
data/pkg/logstash-web.upstart.ubuntu +18 -0
data/pkg/logstash.default +45 -0
data/pkg/logstash.sysv.debian +202 -0
data/pkg/logstash.sysv.redhat +158 -0
data/pkg/logstash.upstart.ubuntu +20 -0
data/pkg/rpm/SOURCES/logstash.conf +26 -0
data/pkg/rpm/SOURCES/logstash.init +80 -0
data/pkg/rpm/SOURCES/logstash.logrotate +8 -0
data/pkg/rpm/SOURCES/logstash.sysconfig +3 -0
data/pkg/rpm/SOURCES/logstash.wrapper +105 -0
data/pkg/rpm/SPECS/logstash.spec +180 -0
data/pkg/rpm/readme.md +4 -0
data/pkg/ubuntu/after-install.sh +7 -0
data/pkg/ubuntu/before-install.sh +12 -0
data/pkg/ubuntu/before-remove.sh +13 -0
data/pull_release_note.rb +25 -0
data/require-analyze.rb +22 -0
data/spec/README.md +14 -0
data/spec/codecs/edn.rb +40 -0
data/spec/codecs/edn_lines.rb +53 -0
data/spec/codecs/graphite.rb +96 -0
data/spec/codecs/json.rb +57 -0
data/spec/codecs/json_lines.rb +51 -0
data/spec/codecs/json_spooler.rb +43 -0
data/spec/codecs/msgpack.rb +39 -0
data/spec/codecs/multiline.rb +60 -0
data/spec/codecs/oldlogstashjson.rb +55 -0
data/spec/codecs/plain.rb +35 -0
data/spec/codecs/spool.rb +35 -0
data/spec/conditionals/test.rb +323 -0
data/spec/config.rb +31 -0
data/spec/event.rb +165 -0
data/spec/examples/fail2ban.rb +28 -0
data/spec/examples/graphite-input.rb +41 -0
data/spec/examples/mysql-slow-query.rb +70 -0
data/spec/examples/parse-apache-logs.rb +66 -0
data/spec/examples/parse-haproxy-logs.rb +115 -0
data/spec/examples/syslog.rb +48 -0
data/spec/filters/alter.rb +96 -0
data/spec/filters/anonymize.rb +189 -0
data/spec/filters/checksum.rb +41 -0
data/spec/filters/clone.rb +67 -0
data/spec/filters/collate.rb +122 -0
data/spec/filters/csv.rb +174 -0
data/spec/filters/date.rb +285 -0
data/spec/filters/date_performance.rb +31 -0
data/spec/filters/dns.rb +159 -0
data/spec/filters/drop.rb +19 -0
data/spec/filters/elapsed.rb +294 -0
data/spec/filters/environment.rb +43 -0
data/spec/filters/geoip.rb +62 -0
data/spec/filters/grep.rb +342 -0
data/spec/filters/grok.rb +473 -0
data/spec/filters/grok/timeout2.rb +56 -0
data/spec/filters/grok/timeouts.rb +39 -0
data/spec/filters/i18n.rb +25 -0
data/spec/filters/json.rb +72 -0
data/spec/filters/json_encode.rb +37 -0
data/spec/filters/kv.rb +403 -0
data/spec/filters/metrics.rb +212 -0
data/spec/filters/multiline.rb +119 -0
data/spec/filters/mutate.rb +180 -0
data/spec/filters/noop.rb +221 -0
data/spec/filters/prune.rb +441 -0
data/spec/filters/punct.rb +18 -0
data/spec/filters/railsparallelrequest.rb +112 -0
data/spec/filters/range.rb +169 -0
data/spec/filters/split.rb +58 -0
data/spec/filters/translate.rb +70 -0
data/spec/filters/unique.rb +25 -0
data/spec/filters/useragent.rb +42 -0
data/spec/filters/xml.rb +157 -0
data/spec/inputs/file.rb +107 -0
data/spec/inputs/gelf.rb +52 -0
data/spec/inputs/generator.rb +30 -0
data/spec/inputs/imap.rb +60 -0
data/spec/inputs/redis.rb +63 -0
data/spec/inputs/relp.rb +70 -0
data/spec/inputs/tcp.rb +101 -0
data/spec/jar.rb +21 -0
data/spec/outputs/csv.rb +266 -0
data/spec/outputs/elasticsearch.rb +161 -0
data/spec/outputs/elasticsearch_http.rb +240 -0
data/spec/outputs/email.rb +173 -0
data/spec/outputs/file.rb +82 -0
data/spec/outputs/graphite.rb +236 -0
data/spec/outputs/redis.rb +127 -0
data/spec/speed.rb +20 -0
data/spec/sqlite-test.rb +81 -0
data/spec/support/LOGSTASH-733.rb +21 -0
data/spec/support/LOGSTASH-820.rb +25 -0
data/spec/support/akamai-grok.rb +26 -0
data/spec/support/date-http.rb +17 -0
data/spec/support/postwait1.rb +26 -0
data/spec/support/pull375.rb +21 -0
data/spec/test_utils.rb +125 -0
data/spec/util/fieldeval_spec.rb +44 -0
data/test/jenkins/config.xml.erb +74 -0
data/test/jenkins/create-jobs.rb +23 -0
data/test/jenkins/generatorjob.config.xml +66 -0
data/tools/Gemfile +14 -0
data/tools/Gemfile.jruby-1.9.lock +322 -0
data/tools/Gemfile.rbx-2.1.lock +516 -0
data/tools/Gemfile.ruby-1.9.1.lock +310 -0
data/tools/Gemfile.ruby-2.0.0.lock +310 -0
metadata +629 -0

data/lib/logstash/filters/sumnumbers.rb ADDED

@@ -0,0 +1,73 @@
+require 'logstash/namespace'
+require 'logstash/filters/base'
+# This filter automatically sum all numbers found inside a string
+#
+# The sum is returned in a new field, "sumTotal".
+# The total numbers summed will be in a new field, "sumNums"
+#
+# The fields produced by this filter are extra useful used in combination
+# with kibana number plotting features.
+#
+# If the field is an array, all of the numbers in it will be summed.
+# If the field is a hash, all of the values of the top-level keys will be summed.
+# If the field is a string, it will be split, numbers extracted, and summed.
+class LogStash::Filters::SumNumbers < LogStash::Filters::Base
+  config_name 'sumnumbers'
+  milestone 1
+  # The source field for the data. By default is message.
+  config :source, :validate => :string, :default => 'message'
+  public
+  def register
+  end
+  public
+  def filter(event)
+    msg = event[@source]
+    sumnums = 0
+    sumtotal = 0
+    if not msg
+      return
+    end
+    # If for some reason the field is an array of values, take the first only.
+    if msg.is_a?(Array)
+      fields = msg.first.split
+      # If msg is json, get an array from the values
+    elsif msg.is_a?(Hash)
+      fields = msg.values
+      # Else, we have a string. Split it.
+    else
+      fields = msg.split
+    end
+    for elem in fields
+      int = str_as_integer(elem)
+      if int != nil
+        sumtotal += int
+        sumnums += 1
+        next
+      end
+      f = str_as_float(elem)
+      if f != nil
+        sumtotal += f
+        sumnums += 1
+      end
+    end
+    event["sumNums"] = sumnums
+    event["sumTotal"] = sumtotal
+  end
+  def str_as_integer(str)
+    Integer(str) rescue nil
+  end
+  def str_as_float(str)
+    Float(str) rescue nil
+  end
+end # class LogStash::Filters::SumNumbers

data/lib/logstash/filters/syslog_pri.rb ADDED

@@ -0,0 +1,107 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Filter plugin for logstash to parse the PRI field from the front
+# of a Syslog (RFC3164) message.  If no priority is set, it will
+# default to 13 (per RFC).
+#
+# This filter is based on the original syslog.rb code shipped
+# with logstash.
+class LogStash::Filters::Syslog_pri < LogStash::Filters::Base
+  config_name "syslog_pri"
+  # set the status to experimental/beta/stable
+  milestone 1
+  # Add human-readable names after parsing severity and facility from PRI
+  config :use_labels, :validate => :boolean, :default => true
+  # Name of field which passes in the extracted PRI part of the syslog message
+  config :syslog_pri_field_name, :validate => :string, :default => "syslog_pri"
+  # Labels for facility levels. This comes from RFC3164.
+  config :facility_labels, :validate => :array, :default => [
+    "kernel",
+    "user-level",
+    "mail",
+    "daemon",
+    "security/authorization",
+    "syslogd",
+    "line printer",
+    "network news",
+    "uucp",
+    "clock",
+    "security/authorization",
+    "ftp",
+    "ntp",
+    "log audit",
+    "log alert",
+    "clock",
+    "local0",
+    "local1",
+    "local2",
+    "local3",
+    "local4",
+    "local5",
+    "local6",
+    "local7",
+  ]
+  # Labels for severity levels. This comes from RFC3164.
+  config :severity_labels, :validate => :array, :default => [
+    "emergency",
+    "alert",
+    "critical",
+    "error",
+    "warning",
+    "notice",
+    "informational",
+    "debug",
+  ]
+  public
+  def register
+    # Nothing
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    parse_pri(event)
+    filter_matched(event)
+  end # def filter
+  private
+  def parse_pri(event)
+    # Per RFC3164, priority = (facility * 8) + severity
+    # = (facility << 3) & (severity)
+    if event[@syslog_pri_field_name]
+      if event[@syslog_pri_field_name].is_a?(Array)
+        priority = event[@syslog_pri_field_name].first.to_i
+      else
+        priority = event[@syslog_pri_field_name].to_i
+      end
+    else
+      priority = 13  # default
+    end
+    severity = priority & 7 # 7 is 111 (3 bits)
+    facility = priority >> 3
+    event["syslog_severity_code"] = severity
+    event["syslog_facility_code"] = facility
+    # Add human-readable names after parsing severity and facility from PRI
+    if @use_labels
+      facility_number = event["syslog_facility_code"]
+      severity_number = event["syslog_severity_code"]
+      if @facility_labels[facility_number]
+        event["syslog_facility"] = @facility_labels[facility_number]
+      end
+      if @severity_labels[severity_number]
+        event["syslog_severity"] = @severity_labels[severity_number]
+      end
+    end
+  end # def parse_pri
+end # class LogStash::Filters::SyslogPRI

data/lib/logstash/filters/translate.rb ADDED

@@ -0,0 +1,121 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+# Originally written to translate HTTP response codes
+# but turned into a general translation tool which uses
+# configured has or/and .yaml files as a dictionary.
+# response codes in default dictionary were scraped from
+# 'gem install cheat; cheat status_codes'
+#
+# Alternatively for simple string search and replacements for just a few values
+# use the gsub function of the mutate filter.
+class LogStash::Filters::Translate < LogStash::Filters::Base
+  config_name "translate"
+  milestone 1
+  # The field containing a response code If this field is an
+  # array, only the first value will be used.
+  config :field, :validate => :string, :required => true
+  # In case dstination field already exists should we skip translation(default) or override it with new translation
+  config :override, :validate => :boolean, :default => false
+  # Dictionary to use for translation.
+  # Example:
+  #
+  #     filter {
+  #       %PLUGIN% {
+  #         dictionary => [ "100", "Continue",
+  #                         "101", "Switching Protocols",
+  #                         "200", "OK",
+  #                         "201", "Created",
+  #                         "202", "Accepted" ]
+  #       }
+  #     }
+  config :dictionary, :validate => :hash,  :default => {}
+  # name with full path of external dictionary file.
+  # format of the table should be a YAML file which will be merged with the @dictionary.
+  # make sure you encase any integer based keys in quotes.
+  # The YAML file should look something like this:
+  #
+  #     100: Continue
+  #     101: Switching Protocols
+  config :dictionary_path, :validate => :path
+  # The destination field you wish to populate with the translation code.
+  # default is "translation".
+  # Set to the same value as source if you want to do a substitution, in this case filter will allways succeed.
+  config :destination, :validate => :string, :default => "translation"
+  # set to false if you want to match multiple terms
+  # a large dictionary could get expensive if set to false.
+  config :exact, :validate => :boolean, :default => true
+  # treat dictionary keys as regular expressions to match against, used only then @exact enabled.
+  config :regex, :validate => :boolean, :default => false
+  # Incase no translation was made add default translation string
+  config :fallback, :validate => :string
+  public
+  def register
+    if @dictionary_path
+      raise "#{self.class.name}: dictionary file #{@dictionary_path} does not exists" unless File.exists?(@dictionary_path)
+      begin
+        @dictionary.merge!(YAML.load_file(@dictionary_path))
+      rescue Exception => e
+        raise "#{self.class.name}: Bad Syntax in dictionary file #{@dictionary_path}"
+      end
+    end
+    @logger.debug? and @logger.debug("#{self.class.name}: Dictionary - ", :dictionary => @dictionary)
+    if @exact
+      @logger.debug? and @logger.debug("#{self.class.name}: Dictionary translation method - Exact")
+    else
+      @logger.debug? and @logger.debug("#{self.class.name}: Dictionary translation method - Fuzzy")
+    end
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    return unless event.include?(@field) # Skip translation in case event does not have @event field.
+    return if event.include?(@destination) and not @override # Skip translation in case @destination field already exists and @override is disabled.
+    begin
+      #If source field is array use first value and make sure source value is string
+      source = event[@field].is_a?(Array) ? event[@field].first.to_s : event[@field].to_s
+      matched = false
+      if @exact
+        if @regex
+          key = @dictionary.keys.detect{|k| source.match(Regexp.new(k))}
+          if key
+            event[@destination] = @dictionary[key]
+            matched = true
+          end
+        elsif @dictionary.include?(source)
+          event[@destination] = @dictionary[source]
+          matched = true
+        end
+      else
+        translation = source.gsub(Regexp.union(@dictionary.keys), @dictionary)
+        if source != translation
+          event[@destination] = translation
+          matched = true
+        end
+      end
+      if not matched and @fallback
+        event[@destination] = @fallback
+        matched = true
+      end
+      filter_matched(event) if matched or @field == @destination
+    rescue Exception => e
+      @logger.error("Something went wrong when attempting to translate from dictionary", :exception => e, :field => @field, :event => event)
+    end
+  end # def filter
+end # class LogStash::Filters::Translate

data/lib/logstash/filters/unique.rb ADDED

@@ -0,0 +1,29 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+class LogStash::Filters::Unique < LogStash::Filters::Base
+  config_name "unique"
+  milestone 1
+  # The fields on which to run the unique filter.
+  config :fields, :validate => :array, :required => true
+  public
+  def register
+    # Nothing to do
+  end # def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    @fields.each do |field|
+      next unless event[field].class == Array
+      event[field] = event[field].uniq
+    end
+  end # def filter
+end # class Logstash::Filters::Unique

data/lib/logstash/filters/urldecode.rb ADDED

@@ -0,0 +1,57 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "uri"
+# The urldecode filter is for decoding fields that are urlencoded.
+class LogStash::Filters::Urldecode < LogStash::Filters::Base
+  config_name "urldecode"
+  milestone 2
+  # The field which value is urldecoded
+  config :field, :validate => :string, :default => "message"
+  # Urldecode all fields
+  config :all_fields, :validate => :boolean, :default => false
+  public
+  def register
+    # Nothing to do
+  end #def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    # If all_fields is true then try to decode them all
+    if @all_fields
+      event.to_hash.each do |name, value|
+        event[name] = urldecode(value)
+      end
+    # Else decode the specified field
+    else
+      event[@field] = urldecode(event[@field])
+    end
+    filter_matched(event)
+  end # def filter
+  # Attempt to handle string, array, and hash values for fields.
+  # For all other datatypes, just return, URI.unescape doesn't support them.
+  private
+  def urldecode(value)
+    case value
+    when String
+      return URI.unescape(value)
+    when Array
+      ret_values = []
+      value.each { |v| ret_values << urldecode(v) }
+      return ret_values
+    when Hash
+      ret_values = {}
+      value.each { |k,v| ret_values[k] = urldecode(v) }
+      return ret_values
+    else
+      return value
+    end
+  end
+end # class LogStash::Filters::Urldecode

data/lib/logstash/filters/useragent.rb ADDED

@@ -0,0 +1,112 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "tempfile"
+# Parse user agent strings into structured data based on BrowserScope data
+#
+# UserAgent filter, adds information about user agent like family, operating
+# system, version, and device
+#
+# Logstash releases ship with the regexes.yaml database made available from
+# ua-parser with an Apache 2.0 license. For more details on ua-parser, see
+# <https://github.com/tobie/ua-parser/>.
+class LogStash::Filters::UserAgent < LogStash::Filters::Base
+  config_name "useragent"
+  milestone 1
+  # The field containing the user agent string. If this field is an
+  # array, only the first value will be used.
+  config :source, :validate => :string, :required => true
+  # The name of the field to assign user agent data into.
+  #
+  # If not specified user agent data will be stored in the root of the event.
+  config :target, :validate => :string
+  # regexes.yaml file to use
+  #
+  # If not specified, this will default to the regexes.yaml that ships
+  # with logstash.
+  #
+  # You can find the latest version of this here:
+  # <https://github.com/tobie/ua-parser/blob/master/regexes.yaml>
+  config :regexes, :validate => :string
+  # A string to prepend to all of the extracted keys
+  config :prefix, :validate => :string, :default => ''
+  public
+  def register
+    require 'user_agent_parser'
+    if @regexes.nil?
+      begin
+        @parser = UserAgentParser::Parser.new()
+      rescue Exception => e
+        begin
+          if __FILE__ =~ /file:\/.*\.jar!/
+            # Running from a flatjar which has a different layout
+            regexes_file = [__FILE__.split("!").first, "/vendor/ua-parser/regexes.yaml"].join("!")
+            @parser = UserAgentParser::Parser.new(:patterns_path => regexes_file)
+          else
+            # assume operating from the git checkout
+            @parser = UserAgentParser::Parser.new(:patterns_path => "vendor/ua-parser/regexes.yaml")
+          end
+        rescue => ex
+          raise "Failed to cache, due to: #{ex}\n"
+        end
+      end
+    else
+      @logger.info("Using user agent regexes", :regexes => @regexes)
+      @parser = UserAgentParser::Parser.new(:patterns_path => @regexes)
+    end
+  end #def register
+  public
+  def filter(event)
+    return unless filter?(event)
+    ua_data = nil
+    useragent = event[@source]
+    useragent = useragent.first if useragent.is_a? Array
+    begin
+      ua_data = @parser.parse(useragent)
+    rescue Exception => e
+      @logger.error("Uknown error while parsing user agent data", :exception => e, :field => @source, :event => event)
+    end
+    if !ua_data.nil?
+      if @target.nil?
+        # default write to the root of the event
+        target = event
+      else
+        target = event[@target] ||= {}
+      end
+      target[@prefix + "name"] = ua_data.name
+      #OSX, Andriod and maybe iOS parse correctly, ua-agent parsing for Windows does not provide this level of detail
+      unless ua_data.os.nil?
+        target[@prefix + "os"] = ua_data.os.to_s
+        target[@prefix + "os_name"] = ua_data.os.name.to_s
+        target[@prefix + "os_major"] = ua_data.os.version.major.to_s unless ua_data.os.version.nil?
+        target[@prefix + "os_minor"] = ua_data.os.version.minor.to_s unless ua_data.os.version.nil?
+      end
+      target[@prefix + "device"] = ua_data.device.to_s if not ua_data.device.nil?
+      if not ua_data.version.nil?
+        ua_version = ua_data.version
+        target[@prefix + "major"] = ua_version.major
+        target[@prefix + "minor"] = ua_version.minor
+        target[@prefix + "patch"] = ua_version.patch if ua_version.patch
+        target[@prefix + "build"] = ua_version.patch_minor if ua_version.patch_minor
+      end
+      filter_matched(event)
+    end
+  end # def filter
+end # class LogStash::Filters::UserAgent