logstash-patterns-core 0.1.7 → 0.1.10
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/logstash-patterns-core.gemspec +2 -1
- data/patterns/mongodb +3 -0
- data/patterns/nagios +2 -2
- data/spec/patterns/core_spec.rb +28 -3
- data/spec/patterns/mongodb_spec.rb +84 -0
- data/spec/patterns/nagios_spec.rb +243 -0
- data/spec/spec_helper.rb +50 -0
- metadata +28 -8
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: fb94df5ab3f3e8ee6e7204b1c6f6b44055b40d26
|
4
|
+
data.tar.gz: 5f6edd7688daf729dfad7b17a40f98744f36ea48
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 08a6bd3187a03e03f277b6c17bf2a78084a68271a0958cda6f1cae0f3679e7b8873f797048be49788d8039ac2456a6556947b78316e8a0d1a41b959e5dfe9c27
|
7
|
+
data.tar.gz: 4d7784a60f00fa548feb0946d71abe36c2cffb7249cbbf306dbb773950735ead55b501fd074392de6e633296c1f16f59aadb3bdc68c05469a2eda3355ff65194
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-patterns-core'
|
4
|
-
s.version = '0.1.
|
4
|
+
s.version = '0.1.10'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Patterns to be used in logstash"
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
@@ -22,6 +22,7 @@ Gem::Specification.new do |s|
|
|
22
22
|
# Gem dependencies
|
23
23
|
s.add_runtime_dependency "logstash-core", '>= 1.4.0', '< 2.0.0'
|
24
24
|
|
25
|
+
s.add_development_dependency 'logstash-filter-grok'
|
25
26
|
s.add_development_dependency 'logstash-devutils'
|
26
27
|
end
|
27
28
|
|
data/patterns/mongodb
CHANGED
@@ -2,3 +2,6 @@ MONGO_LOG %{SYSLOGTIMESTAMP:timestamp} \[%{WORD:component}\] %{GREEDYDATA:messag
|
|
2
2
|
MONGO_QUERY \{ (?<={ ).*(?= } ntoreturn:) \}
|
3
3
|
MONGO_SLOWQUERY %{WORD} %{MONGO_WORDDASH:database}\.%{MONGO_WORDDASH:collection} %{WORD}: %{MONGO_QUERY:query} %{WORD}:%{NONNEGINT:ntoreturn} %{WORD}:%{NONNEGINT:ntoskip} %{WORD}:%{NONNEGINT:nscanned}.*nreturned:%{NONNEGINT:nreturned}..+ (?<duration>[0-9]+)ms
|
4
4
|
MONGO_WORDDASH \b[\w-]+\b
|
5
|
+
MONGO3_SEVERITY \w
|
6
|
+
MONGO3_COMPONENT %{WORD}|-
|
7
|
+
MONGO3_LOG %{TIMESTAMP_ISO8601:timestamp} %{MONGO3_SEVERITY:severity} %{MONGO3_COMPONENT:component}%{SPACE}(?:\[%{DATA:context}\])? %{GREEDYDATA:message}
|
data/patterns/nagios
CHANGED
@@ -66,7 +66,7 @@ NAGIOS_CURRENT_SERVICE_STATE %{NAGIOS_TYPE_CURRENT_SERVICE_STATE:nagios_type}: %
|
|
66
66
|
NAGIOS_CURRENT_HOST_STATE %{NAGIOS_TYPE_CURRENT_HOST_STATE:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statetype};%{DATA:nagios_statecode};%{GREEDYDATA:nagios_message}
|
67
67
|
|
68
68
|
NAGIOS_SERVICE_NOTIFICATION %{NAGIOS_TYPE_SERVICE_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
|
69
|
-
NAGIOS_HOST_NOTIFICATION %{NAGIOS_TYPE_HOST_NOTIFICATION}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
|
69
|
+
NAGIOS_HOST_NOTIFICATION %{NAGIOS_TYPE_HOST_NOTIFICATION:nagios_type}: %{DATA:nagios_notifyname};%{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_contact};%{GREEDYDATA:nagios_message}
|
70
70
|
|
71
71
|
NAGIOS_SERVICE_ALERT %{NAGIOS_TYPE_SERVICE_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
|
72
72
|
NAGIOS_HOST_ALERT %{NAGIOS_TYPE_HOST_ALERT:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{NUMBER:nagios_attempt};%{GREEDYDATA:nagios_message}
|
@@ -83,7 +83,7 @@ NAGIOS_PASSIVE_HOST_CHECK %{NAGIOS_TYPE_PASSIVE_HOST_CHECK:nagios_type}: %{DATA:
|
|
83
83
|
NAGIOS_SERVICE_EVENT_HANDLER %{NAGIOS_TYPE_SERVICE_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_service};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
|
84
84
|
NAGIOS_HOST_EVENT_HANDLER %{NAGIOS_TYPE_HOST_EVENT_HANDLER:nagios_type}: %{DATA:nagios_hostname};%{DATA:nagios_state};%{DATA:nagios_statelevel};%{DATA:nagios_event_handler_name}
|
85
85
|
|
86
|
-
NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}
|
86
|
+
NAGIOS_TIMEPERIOD_TRANSITION %{NAGIOS_TYPE_TIMEPERIOD_TRANSITION:nagios_type}: %{DATA:nagios_service};%{DATA:nagios_unknown1};%{DATA:nagios_unknown2}
|
87
87
|
|
88
88
|
####################
|
89
89
|
#### External checks
|
data/spec/patterns/core_spec.rb
CHANGED
@@ -1,6 +1,31 @@
|
|
1
1
|
# encoding: utf-8
|
2
|
-
require "
|
3
|
-
require
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "SYSLOGLINE" do
|
6
|
+
|
7
|
+
let(:value) { "Mar 16 00:01:25 evita postfix/smtpd[1713]: connect from camomile.cloud9.net[168.100.1.3]" }
|
8
|
+
let(:grok) { grok_match(subject, value) }
|
9
|
+
it "a pattern pass the grok expression" do
|
10
|
+
expect(grok).to pass
|
11
|
+
end
|
12
|
+
|
13
|
+
it "matches a simple message" do
|
14
|
+
expect(subject).to match(value)
|
15
|
+
end
|
16
|
+
|
17
|
+
it "generates the program field" do
|
18
|
+
expect(grok_match(subject, value)).to include("program" => "postfix/smtpd")
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
|
23
|
+
describe "COMMONAPACHELOG" do
|
24
|
+
|
25
|
+
let(:value) { '83.149.9.216 - - [24/Feb/2015:23:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36'}
|
26
|
+
|
27
|
+
it "generates the clientip field" do
|
28
|
+
expect(grok_match(subject, value)).to include("clientip" => "83.149.9.216")
|
29
|
+
end
|
4
30
|
|
5
|
-
describe LogStash::Patterns::Core do
|
6
31
|
end
|
@@ -0,0 +1,84 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "MONGO3_LOG" do
|
6
|
+
|
7
|
+
let(:pattern) { "MONGO3_LOG" }
|
8
|
+
|
9
|
+
context "parsing an standard/basic message" do
|
10
|
+
|
11
|
+
let(:value) { "2014-11-03T18:28:32.450-0500 I NETWORK [initandlisten] waiting for connections on port 27017" }
|
12
|
+
|
13
|
+
subject { grok_match(pattern, value) }
|
14
|
+
|
15
|
+
it { should include("timestamp" => "2014-11-03T18:28:32.450-0500") }
|
16
|
+
|
17
|
+
it { should include("severity" => "I") }
|
18
|
+
|
19
|
+
it { should include("component" => "NETWORK") }
|
20
|
+
|
21
|
+
it { should include("context" => "initandlisten") }
|
22
|
+
|
23
|
+
it "generates a message field" do
|
24
|
+
expect(subject["message"]).to include("waiting for connections on port 27017")
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
context "parsing a message with a missing component" do
|
29
|
+
|
30
|
+
let(:value) { "2015-02-24T18:17:47.148+0000 F - [conn11] Got signal: 11 (Segmentation fault)." }
|
31
|
+
|
32
|
+
subject { grok_match(pattern, value) }
|
33
|
+
|
34
|
+
it { should include("timestamp" => "2015-02-24T18:17:47.148+0000") }
|
35
|
+
|
36
|
+
it { should include("severity" => "F") }
|
37
|
+
|
38
|
+
it { should include("component" => "-") }
|
39
|
+
|
40
|
+
it { should include("context" => "conn11") }
|
41
|
+
|
42
|
+
it "generates a message field" do
|
43
|
+
expect(subject["message"]).to include("Got signal: 11 (Segmentation fault).")
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
context "parsing a message with a multiwords context" do
|
48
|
+
|
49
|
+
let(:value) { "2015-04-23T06:57:28.256+0200 I JOURNAL [journal writer] Journal writer thread started" }
|
50
|
+
|
51
|
+
subject { grok_match(pattern, value) }
|
52
|
+
|
53
|
+
it { should include("timestamp" => "2015-04-23T06:57:28.256+0200") }
|
54
|
+
|
55
|
+
it { should include("severity" => "I") }
|
56
|
+
|
57
|
+
it { should include("component" => "JOURNAL") }
|
58
|
+
|
59
|
+
it { should include("context" => "journal writer") }
|
60
|
+
|
61
|
+
it "generates a message field" do
|
62
|
+
expect(subject["message"]).to include("Journal writer thread started")
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
context "parsing a message without context" do
|
67
|
+
|
68
|
+
let(:value) { "2015-04-23T07:00:13.864+0200 I CONTROL Ctrl-C signal" }
|
69
|
+
|
70
|
+
subject { grok_match(pattern, value) }
|
71
|
+
|
72
|
+
it { should include("timestamp" => "2015-04-23T07:00:13.864+0200") }
|
73
|
+
|
74
|
+
it { should include("severity" => "I") }
|
75
|
+
|
76
|
+
it { should include("component" => "CONTROL") }
|
77
|
+
|
78
|
+
it { should_not have_key("context") }
|
79
|
+
|
80
|
+
it "generates a message field" do
|
81
|
+
expect(subject["message"]).to include("Ctrl-C signal")
|
82
|
+
end
|
83
|
+
end
|
84
|
+
end
|
@@ -0,0 +1,243 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "NAGIOSLOGLINE - CURRENT HOST STATE" do
|
6
|
+
|
7
|
+
let(:value) { "[1427925600] CURRENT HOST STATE: nagioshost;UP;HARD;1;PING OK - Packet loss = 0%, RTA = 2.24 ms" }
|
8
|
+
let(:grok) { grok_match(subject, value) }
|
9
|
+
|
10
|
+
it "a pattern pass the grok expression" do
|
11
|
+
expect(grok).to pass
|
12
|
+
end
|
13
|
+
|
14
|
+
it "matches a simple message" do
|
15
|
+
expect(subject).to match(value)
|
16
|
+
end
|
17
|
+
|
18
|
+
it "generates the nagios_epoch field" do
|
19
|
+
expect(grok).to include("nagios_epoch" => "1427925600")
|
20
|
+
end
|
21
|
+
|
22
|
+
it "generates the nagios_message field" do
|
23
|
+
expect(grok).to include("nagios_message" => "PING OK - Packet loss = 0%, RTA = 2.24 ms")
|
24
|
+
end
|
25
|
+
|
26
|
+
it "generates the nagios_hostname field" do
|
27
|
+
expect(grok).to include("nagios_hostname" => "nagioshost")
|
28
|
+
end
|
29
|
+
|
30
|
+
it "generates the nagios_state field" do
|
31
|
+
expect(grok).to include("nagios_state" => "UP")
|
32
|
+
end
|
33
|
+
|
34
|
+
it "generates the nagios_statetype field" do
|
35
|
+
expect(grok).to include("nagios_statetype" => "HARD")
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
|
40
|
+
describe "NAGIOSLOGLINE - CURRENT SERVICE STATE" do
|
41
|
+
|
42
|
+
let(:value) { "[1427925600] CURRENT SERVICE STATE: nagioshost;nagiosservice;OK;HARD;1;nagiosmessage" }
|
43
|
+
let(:grok) { grok_match(subject, value) }
|
44
|
+
|
45
|
+
it "a pattern pass the grok expression" do
|
46
|
+
expect(grok).to pass
|
47
|
+
end
|
48
|
+
|
49
|
+
it "matches a simple message" do
|
50
|
+
expect(subject).to match(value)
|
51
|
+
end
|
52
|
+
|
53
|
+
it "generates the nagios_type field" do
|
54
|
+
expect(grok).to include("nagios_type" => "CURRENT SERVICE STATE")
|
55
|
+
end
|
56
|
+
|
57
|
+
it "generates the nagios_epoch field" do
|
58
|
+
expect(grok).to include("nagios_epoch" => "1427925600")
|
59
|
+
end
|
60
|
+
|
61
|
+
it "generates the nagios_message field" do
|
62
|
+
expect(grok).to include("nagios_message" => "nagiosmessage")
|
63
|
+
end
|
64
|
+
|
65
|
+
it "generates the nagios_hostname field" do
|
66
|
+
expect(grok).to include("nagios_hostname" => "nagioshost")
|
67
|
+
end
|
68
|
+
|
69
|
+
it "generates the nagios_service field" do
|
70
|
+
expect(grok).to include("nagios_service" => "nagiosservice")
|
71
|
+
end
|
72
|
+
|
73
|
+
it "generates the nagios_state field" do
|
74
|
+
expect(grok).to include("nagios_state" => "OK")
|
75
|
+
end
|
76
|
+
|
77
|
+
it "generates the nagios_statetype field" do
|
78
|
+
expect(grok).to include("nagios_statetype" => "HARD")
|
79
|
+
end
|
80
|
+
|
81
|
+
end
|
82
|
+
|
83
|
+
describe "NAGIOSLOGLINE - TIMEPERIOD TRANSITION" do
|
84
|
+
|
85
|
+
let(:value) { "[1427925600] TIMEPERIOD TRANSITION: 24X7;1;1" }
|
86
|
+
let(:grok) { grok_match(subject, value) }
|
87
|
+
|
88
|
+
it "a pattern pass the grok expression" do
|
89
|
+
expect(grok).to pass
|
90
|
+
end
|
91
|
+
|
92
|
+
it "matches a simple message" do
|
93
|
+
expect(subject).to match(value)
|
94
|
+
end
|
95
|
+
|
96
|
+
it "generates the nagios_type field" do
|
97
|
+
expect(grok).to include("nagios_type" => "TIMEPERIOD TRANSITION")
|
98
|
+
end
|
99
|
+
|
100
|
+
it "generates the nagios_epoch field" do
|
101
|
+
expect(grok).to include("nagios_epoch" => "1427925600")
|
102
|
+
end
|
103
|
+
|
104
|
+
it "generates the nagios_esrvice field" do
|
105
|
+
expect(grok).to include("nagios_service" => "24X7")
|
106
|
+
end
|
107
|
+
|
108
|
+
# Regression test for but fixed in Nagios patterns #30
|
109
|
+
it "doesn't end in a semi-colon" do
|
110
|
+
expect(grok['message']).to_not end_with(";")
|
111
|
+
end
|
112
|
+
|
113
|
+
end
|
114
|
+
|
115
|
+
describe "NAGIOSLOGLINE - SERVICE ALERT" do
|
116
|
+
|
117
|
+
let(:value) { "[1427925689] SERVICE ALERT: varnish;Varnish Backend Connections;CRITICAL;SOFT;1;Current value: 154.0, warn threshold: 10.0, crit threshold: 20.0" }
|
118
|
+
let(:grok) { grok_match(subject, value) }
|
119
|
+
|
120
|
+
it "a pattern pass the grok expression" do
|
121
|
+
expect(grok).to pass
|
122
|
+
end
|
123
|
+
|
124
|
+
it "matches a simple message" do
|
125
|
+
expect(subject).to match(value)
|
126
|
+
end
|
127
|
+
|
128
|
+
it "generates the nagios_type field" do
|
129
|
+
expect(grok).to include("nagios_type" => "SERVICE ALERT")
|
130
|
+
end
|
131
|
+
|
132
|
+
it "generates the nagios_epoch field" do
|
133
|
+
expect(grok).to include("nagios_epoch" => "1427925689")
|
134
|
+
end
|
135
|
+
|
136
|
+
it "generates the nagios_hostname field" do
|
137
|
+
expect(grok).to include("nagios_hostname" => "varnish")
|
138
|
+
end
|
139
|
+
|
140
|
+
it "generates the nagios_service field" do
|
141
|
+
expect(grok).to include("nagios_service" => "Varnish Backend Connections")
|
142
|
+
end
|
143
|
+
|
144
|
+
it "generates the nagios_state field" do
|
145
|
+
expect(grok).to include("nagios_state" => "CRITICAL")
|
146
|
+
end
|
147
|
+
|
148
|
+
it "generates the nagios_statelevel field" do
|
149
|
+
expect(grok).to include("nagios_statelevel" => "SOFT")
|
150
|
+
end
|
151
|
+
|
152
|
+
it "generates the nagios_message field" do
|
153
|
+
expect(grok).to include("nagios_message" => "Current value: 154.0, warn threshold: 10.0, crit threshold: 20.0")
|
154
|
+
end
|
155
|
+
|
156
|
+
end
|
157
|
+
|
158
|
+
describe "NAGIOSLOGLINE - SERVICE NOTIFICATION" do
|
159
|
+
|
160
|
+
let(:value) { "[1427950229] SERVICE NOTIFICATION: nagiosadmin;varnish;Varnish Backend Connections;CRITICAL;notify-service-by-email;Current value: 337.0, warn threshold: 10.0, crit threshold: 20.0" }
|
161
|
+
let(:grok) { grok_match(subject, value) }
|
162
|
+
|
163
|
+
it "a pattern pass the grok expression" do
|
164
|
+
expect(grok).to pass
|
165
|
+
end
|
166
|
+
|
167
|
+
it "matches a simple message" do
|
168
|
+
expect(subject).to match(value)
|
169
|
+
end
|
170
|
+
|
171
|
+
it "generates the nagios_type field" do
|
172
|
+
expect(grok).to include("nagios_type" => "SERVICE NOTIFICATION")
|
173
|
+
end
|
174
|
+
|
175
|
+
it "generates the nagios_epoch field" do
|
176
|
+
expect(grok).to include("nagios_epoch" => "1427950229")
|
177
|
+
end
|
178
|
+
|
179
|
+
it "generates the nagios_notifyname field" do
|
180
|
+
expect(grok).to include("nagios_notifyname" => "nagiosadmin")
|
181
|
+
end
|
182
|
+
|
183
|
+
it "generates the nagios_hostname field" do
|
184
|
+
expect(grok).to include("nagios_hostname" => "varnish")
|
185
|
+
end
|
186
|
+
|
187
|
+
it "generates the nagios_service field" do
|
188
|
+
expect(grok).to include("nagios_service" => "Varnish Backend Connections")
|
189
|
+
end
|
190
|
+
|
191
|
+
it "generates the nagios_state field" do
|
192
|
+
expect(grok).to include("nagios_state" => "CRITICAL")
|
193
|
+
end
|
194
|
+
|
195
|
+
it "generates the nagios_contact field" do
|
196
|
+
expect(grok).to include("nagios_contact" => "notify-service-by-email")
|
197
|
+
end
|
198
|
+
|
199
|
+
it "generates the nagios_message field" do
|
200
|
+
expect(grok).to include("nagios_message" => "Current value: 337.0, warn threshold: 10.0, crit threshold: 20.0")
|
201
|
+
end
|
202
|
+
|
203
|
+
end
|
204
|
+
|
205
|
+
|
206
|
+
describe "NAGIOSLOGLINE - HOST NOTIFICATION" do
|
207
|
+
|
208
|
+
let(:value) { "[1429878690] HOST NOTIFICATION: nagiosadmin;nagioshost;DOWN;notify-host-by-email;CRITICAL - Socket timeout after 10 seconds" }
|
209
|
+
let(:grok) { grok_match(subject, value) }
|
210
|
+
|
211
|
+
it "a pattern pass the grok expression" do
|
212
|
+
expect(grok).to pass
|
213
|
+
end
|
214
|
+
|
215
|
+
it "matches a simple message" do
|
216
|
+
expect(subject).to match(value)
|
217
|
+
end
|
218
|
+
|
219
|
+
it "generates the nagios_type field" do
|
220
|
+
expect(grok).to include("nagios_type" => "HOST NOTIFICATION")
|
221
|
+
end
|
222
|
+
|
223
|
+
it "generates the nagios_epoch field" do
|
224
|
+
expect(grok).to include("nagios_epoch" => "1429878690")
|
225
|
+
end
|
226
|
+
|
227
|
+
it "generates the nagios_notifyname field" do
|
228
|
+
expect(grok).to include("nagios_notifyname" => "nagiosadmin")
|
229
|
+
end
|
230
|
+
|
231
|
+
it "generates the nagios_hostname field" do
|
232
|
+
expect(grok).to include("nagios_hostname" => "nagioshost")
|
233
|
+
end
|
234
|
+
|
235
|
+
it "generates the nagios_contact field" do
|
236
|
+
expect(grok).to include("nagios_contact" => "notify-host-by-email")
|
237
|
+
end
|
238
|
+
|
239
|
+
it "generates the nagios_message field" do
|
240
|
+
expect(grok).to include("nagios_message" => "CRITICAL - Socket timeout after 10 seconds")
|
241
|
+
end
|
242
|
+
|
243
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
require "logstash/devutils/rspec/spec_helper"
|
2
|
+
require 'rspec/expectations'
|
3
|
+
|
4
|
+
# running the grok code outside a logstash package means
|
5
|
+
# LOGSTASH_HOME will not be defined, so let's set it here
|
6
|
+
# before requiring the grok filter
|
7
|
+
unless LogStash::Environment.const_defined?(:LOGSTASH_HOME)
|
8
|
+
LogStash::Environment::LOGSTASH_HOME = File.expand_path("../", __FILE__)
|
9
|
+
end
|
10
|
+
|
11
|
+
require "logstash/filters/grok"
|
12
|
+
|
13
|
+
module GrokHelpers
|
14
|
+
def grok_match(label, message)
|
15
|
+
grok = build_grok(label)
|
16
|
+
event = build_event(message)
|
17
|
+
grok.filter(event)
|
18
|
+
event.to_hash
|
19
|
+
end
|
20
|
+
|
21
|
+
def build_grok(label)
|
22
|
+
grok = LogStash::Filters::Grok.new("match" => ["message", "%{#{label}}"])
|
23
|
+
grok.register
|
24
|
+
grok
|
25
|
+
end
|
26
|
+
|
27
|
+
def build_event(message)
|
28
|
+
LogStash::Event.new("message" => message)
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
RSpec.configure do |c|
|
33
|
+
c.include GrokHelpers
|
34
|
+
end
|
35
|
+
|
36
|
+
RSpec::Matchers.define :pass do |expected|
|
37
|
+
match do |actual|
|
38
|
+
!actual.include?("tags")
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
RSpec::Matchers.define :match do |value|
|
43
|
+
match do |grok|
|
44
|
+
grok = build_grok(grok)
|
45
|
+
event = build_event(value)
|
46
|
+
grok.filter(event)
|
47
|
+
!event.include?("tags")
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
metadata
CHANGED
@@ -1,17 +1,18 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-patterns-core
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-05-06 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
|
-
|
14
|
+
name: logstash-core
|
15
|
+
version_requirements: !ruby/object:Gem::Requirement
|
15
16
|
requirements:
|
16
17
|
- - '>='
|
17
18
|
- !ruby/object:Gem::Version
|
@@ -19,10 +20,7 @@ dependencies:
|
|
19
20
|
- - <
|
20
21
|
- !ruby/object:Gem::Version
|
21
22
|
version: 2.0.0
|
22
|
-
|
23
|
-
prerelease: false
|
24
|
-
type: :runtime
|
25
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirement: !ruby/object:Gem::Requirement
|
26
24
|
requirements:
|
27
25
|
- - '>='
|
28
26
|
- !ruby/object:Gem::Version
|
@@ -30,20 +28,36 @@ dependencies:
|
|
30
28
|
- - <
|
31
29
|
- !ruby/object:Gem::Version
|
32
30
|
version: 2.0.0
|
31
|
+
prerelease: false
|
32
|
+
type: :runtime
|
33
33
|
- !ruby/object:Gem::Dependency
|
34
|
+
name: logstash-filter-grok
|
35
|
+
version_requirements: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - '>='
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
34
40
|
requirement: !ruby/object:Gem::Requirement
|
35
41
|
requirements:
|
36
42
|
- - '>='
|
37
43
|
- !ruby/object:Gem::Version
|
38
44
|
version: '0'
|
39
|
-
name: logstash-devutils
|
40
45
|
prerelease: false
|
41
46
|
type: :development
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: logstash-devutils
|
42
49
|
version_requirements: !ruby/object:Gem::Requirement
|
43
50
|
requirements:
|
44
51
|
- - '>='
|
45
52
|
- !ruby/object:Gem::Version
|
46
53
|
version: '0'
|
54
|
+
requirement: !ruby/object:Gem::Requirement
|
55
|
+
requirements:
|
56
|
+
- - '>='
|
57
|
+
- !ruby/object:Gem::Version
|
58
|
+
version: '0'
|
59
|
+
prerelease: false
|
60
|
+
type: :development
|
47
61
|
description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
|
48
62
|
email: info@elastic.co
|
49
63
|
executables: []
|
@@ -72,6 +86,9 @@ files:
|
|
72
86
|
- patterns/redis
|
73
87
|
- patterns/ruby
|
74
88
|
- spec/patterns/core_spec.rb
|
89
|
+
- spec/patterns/mongodb_spec.rb
|
90
|
+
- spec/patterns/nagios_spec.rb
|
91
|
+
- spec/spec_helper.rb
|
75
92
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
76
93
|
licenses:
|
77
94
|
- Apache License (2.0)
|
@@ -99,3 +116,6 @@ specification_version: 4
|
|
99
116
|
summary: Patterns to be used in logstash
|
100
117
|
test_files:
|
101
118
|
- spec/patterns/core_spec.rb
|
119
|
+
- spec/patterns/mongodb_spec.rb
|
120
|
+
- spec/patterns/nagios_spec.rb
|
121
|
+
- spec/spec_helper.rb
|