logstash-patterns-core 4.0.1 → 4.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +54 -8
- data/CONTRIBUTORS +2 -0
- data/Gemfile +8 -1
- data/LICENSE +199 -10
- data/README.md +1 -1
- data/logstash-patterns-core.gemspec +2 -2
- data/patterns/aws +3 -0
- data/patterns/bind +3 -0
- data/patterns/firewalls +6 -1
- data/patterns/grok-patterns +8 -14
- data/patterns/haproxy +1 -1
- data/patterns/httpd +15 -0
- data/patterns/java +3 -6
- data/patterns/linux-syslog +1 -1
- data/patterns/maven +1 -0
- data/patterns/nagios +1 -1
- data/patterns/redis +1 -1
- data/patterns/squid +4 -0
- data/spec/patterns/core_spec.rb +311 -11
- data/spec/patterns/firewalls_spec.rb +31 -0
- data/spec/patterns/haproxy_spec.rb +17 -0
- data/spec/patterns/httpd_spec.rb +169 -9
- data/spec/patterns/java_spec.rb +45 -0
- data/spec/patterns/maven_spec.rb +61 -0
- data/spec/patterns/nagios_spec.rb +5 -1
- data/spec/patterns/redis_spec.rb +171 -0
- data/spec/patterns/s3_spec.rb +41 -0
- data/spec/patterns/syslog_spec.rb +14 -0
- data/spec/spec_helper.rb +8 -4
- metadata +26 -8
@@ -56,4 +56,21 @@ describe "HAPROXY" do
|
|
56
56
|
|
57
57
|
end
|
58
58
|
|
59
|
+
context "Parsing HAPROXY log line that is truncated and thus not ending with a double quote or HTTP version." do
|
60
|
+
|
61
|
+
let(:value) { 'Jul 31 22:20:22 loadbalancer haproxy[1190]: 203.0.113.54:59968 [31/Jul/2017:22:20:22.447] loadbalancer default/instance8 135/0/1/19/156 200 1015 - - --VR 8/8/0/0/0 0/0 "GET /path/to/request/that/exceeds/more/than/1024/characterssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss'}
|
62
|
+
subject { grok_match(haproxyhttpbase_pattern, value)}
|
63
|
+
|
64
|
+
it { should include("client_ip" => "203.0.113.54") }
|
65
|
+
it { should include("http_verb" => "GET") }
|
66
|
+
it { should include("server_name" => "instance8") }
|
67
|
+
it { should include("http_request" => "/path/to/request/that/exceeds/more/than/1024/characterssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssssss") }
|
68
|
+
it { should_not have_key("http_version") }
|
69
|
+
|
70
|
+
it "generates a message field" do
|
71
|
+
expect(subject["message"]).to include("loadbalancer default/instance8")
|
72
|
+
end
|
73
|
+
|
74
|
+
end
|
75
|
+
|
59
76
|
end
|
data/spec/patterns/httpd_spec.rb
CHANGED
@@ -2,23 +2,183 @@
|
|
2
2
|
require "spec_helper"
|
3
3
|
require "logstash/patterns/core"
|
4
4
|
|
5
|
+
describe "HTTPD_COMBINEDLOG" do
|
6
|
+
|
7
|
+
let(:pattern) { 'HTTPD_COMBINEDLOG' }
|
8
|
+
let(:grok) { grok_match(pattern, message) }
|
9
|
+
|
10
|
+
context "typical test case" do
|
11
|
+
|
12
|
+
let(:message) { '83.149.9.216 - - [24/Feb/2015:23:13:42 +0000] "GET /presentations/logstash-monitorama-2013/images/kibana-search.png HTTP/1.1" 200 203023 "http://semicomplete.com/presentations/logstash-monitorama-2013/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"'}
|
13
|
+
|
14
|
+
it "matches" do
|
15
|
+
expect(grok).to include(
|
16
|
+
'clientip' => '83.149.9.216',
|
17
|
+
'verb' => 'GET',
|
18
|
+
'request' => '/presentations/logstash-monitorama-2013/images/kibana-search.png',
|
19
|
+
'httpversion' => '1.1',
|
20
|
+
'response' => '200',
|
21
|
+
'bytes' => '203023',
|
22
|
+
'referrer' => '"http://semicomplete.com/presentations/logstash-monitorama-2013/"',
|
23
|
+
'agent' => '"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36"'
|
24
|
+
)
|
25
|
+
end
|
26
|
+
|
27
|
+
it "does not capture 'null' fields" do
|
28
|
+
expect(grok).to include('auth' => '-', 'ident' => '-')
|
29
|
+
end
|
30
|
+
|
31
|
+
end
|
32
|
+
|
33
|
+
context "email address in auth field" do
|
34
|
+
|
35
|
+
let(:message) { '10.0.0.1 - username@example.com [07/Apr/2016:18:42:24 +0000] "GET /bar/foo/users/1/username%40example.com/authenticate?token=blargh&client_id=15 HTTP/1.1" 400 75 "" "Mozilla/5.0 (iPad; CPU OS 9_3_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13E238 Safari/601.1"'}
|
36
|
+
|
37
|
+
it "gets captured" do
|
38
|
+
expect(grok).to include("auth" => "username@example.com")
|
39
|
+
end
|
40
|
+
|
41
|
+
end
|
42
|
+
|
43
|
+
context 'sample OPTIONS line' do
|
44
|
+
|
45
|
+
let(:message) { '83.149.9.216 - a.user [11/Jan/2020:23:05:27 +0100] "OPTIONS /remote.php/ HTTP/1.1" - 7908 "-" "monitoring-client (v2.2)"' }
|
46
|
+
|
47
|
+
it 'matches' do
|
48
|
+
expect(grok).to include("verb" => "OPTIONS", 'request' => '/remote.php/', 'httpversion' => '1.1', "bytes" => '7908')
|
49
|
+
end
|
50
|
+
|
51
|
+
it 'does not capture optional response code' do
|
52
|
+
expect(grok.keys).to_not include("response")
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
|
5
59
|
describe "HTTPD_ERRORLOG" do
|
6
60
|
|
7
|
-
|
8
|
-
|
61
|
+
let(:pattern) { 'HTTPD_ERRORLOG' }
|
62
|
+
let(:grok) { grok_match(pattern, message) }
|
63
|
+
|
64
|
+
context "matches a full httpd 2.4 message" do
|
65
|
+
let(:message) do
|
66
|
+
"[Mon Aug 31 09:30:48.958285 2015] [proxy_fcgi:error] [pid 28787:tid 140169587934976] (70008)Partial results are valid but processing is incomplete: [client 58.13.45.166:59307] AH01075: Error dispatching request to : (reading input brigade), referer: http://example.com/index.php?id_product=11&controller=product"
|
67
|
+
end
|
68
|
+
it "generates the fields" do
|
69
|
+
|
70
|
+
expect(grok).to include(
|
71
|
+
'timestamp' => 'Mon Aug 31 09:30:48.958285 2015',
|
72
|
+
'module' => 'proxy_fcgi',
|
73
|
+
'loglevel' => 'error',
|
74
|
+
'pid' => '28787',
|
75
|
+
'tid' => '140169587934976',
|
76
|
+
'proxy_errorcode' => '70008',
|
77
|
+
'proxy_message' => 'Partial results are valid but processing is incomplete',
|
78
|
+
'clientip' => '58.13.45.166',
|
79
|
+
'clientport' => '59307',
|
80
|
+
'errorcode' => 'AH01075',
|
81
|
+
'message' => [ message, 'Error dispatching request to : (reading input brigade), referer: http://example.com/index.php?id_product=11&controller=product' ],
|
82
|
+
)
|
83
|
+
end
|
9
84
|
end
|
10
85
|
|
11
|
-
|
12
|
-
|
86
|
+
context "HTTPD_ERRORLOG", "matches a httpd 2.2 log message" do
|
87
|
+
let(:message) do
|
88
|
+
"[Mon Aug 31 16:27:04 2015] [error] [client 10.17.42.3] Premature end of script headers: example.com"
|
89
|
+
end
|
90
|
+
it "generates the fields" do
|
91
|
+
expect(grok).to include(
|
92
|
+
'timestamp' => 'Mon Aug 31 16:27:04 2015',
|
93
|
+
'loglevel' => 'error',
|
94
|
+
'clientip' => '10.17.42.3',
|
95
|
+
'message' => [ message, 'Premature end of script headers: example.com' ]
|
96
|
+
)
|
97
|
+
end
|
13
98
|
end
|
14
99
|
|
15
|
-
|
16
|
-
|
100
|
+
context "HTTPD_ERRORLOG", "a short httpd 2.4 message" do
|
101
|
+
let(:value1) {
|
102
|
+
"[Mon Aug 31 07:15:38.664897 2015] [proxy_fcgi:error] [pid 28786:tid 140169629898496] [client 81.139.1.34:52042] AH01071: Got error 'Primary script unknown\n'"
|
103
|
+
}
|
104
|
+
it "generates the fields" do
|
105
|
+
expect(grok_match(subject, value1)).to include(
|
106
|
+
'timestamp' => 'Mon Aug 31 07:15:38.664897 2015',
|
107
|
+
'module' => 'proxy_fcgi',
|
108
|
+
'loglevel' => 'error',
|
109
|
+
'pid' => '28786',
|
110
|
+
'tid' => '140169629898496',
|
111
|
+
'clientip' => '81.139.1.34',
|
112
|
+
'clientport' => '52042',
|
113
|
+
'errorcode' => 'AH01071',
|
114
|
+
'message' => [ value1, "Got error 'Primary script unknown\n'" ]
|
115
|
+
)
|
116
|
+
end
|
117
|
+
|
118
|
+
let(:value2) {
|
119
|
+
"[Thu Apr 27 10:39:46.719636 2017] [php7:notice] [pid 17] [client 10.255.0.3:49580] Test error log record"
|
120
|
+
}
|
121
|
+
it "generates the fields" do
|
122
|
+
expect(grok_match(subject, value2)).to include(
|
123
|
+
'timestamp' => 'Thu Apr 27 10:39:46.719636 2017',
|
124
|
+
'module' => 'php7',
|
125
|
+
'loglevel' => 'notice',
|
126
|
+
'pid' => '17',
|
127
|
+
'clientip' => '10.255.0.3',
|
128
|
+
'clientport' => '49580',
|
129
|
+
'message' => [ value2, "Test error log record" ]
|
130
|
+
)
|
131
|
+
end
|
17
132
|
end
|
18
133
|
|
19
|
-
|
20
|
-
|
21
|
-
|
134
|
+
context "HTTPD_ERRORLOG", "a httpd 2.4 restart message" do
|
135
|
+
let(:value1) {
|
136
|
+
"[Mon Aug 31 06:29:47.406518 2015] [mpm_event:notice] [pid 24968:tid 140169861986176] AH00489: Apache/2.4.16 (Ubuntu) configured -- resuming normal operations"
|
137
|
+
}
|
138
|
+
it "generates the fields" do
|
139
|
+
expect(grok_match(subject, value1)).to include(
|
140
|
+
'timestamp' => 'Mon Aug 31 06:29:47.406518 2015',
|
141
|
+
'module' => 'mpm_event',
|
142
|
+
'loglevel' => 'notice',
|
143
|
+
'pid' => '24968',
|
144
|
+
'tid' => '140169861986176',
|
145
|
+
'errorcode' => 'AH00489',
|
146
|
+
'message' => [ value1, 'Apache/2.4.16 (Ubuntu) configured -- resuming normal operations' ]
|
147
|
+
)
|
148
|
+
end
|
149
|
+
|
150
|
+
let(:value2) {
|
151
|
+
"[Mon Aug 31 06:29:47.406530 2015] [core:notice] [pid 24968:tid 140169861986176] AH00094: Command line: '/usr/sbin/apache2'"
|
152
|
+
}
|
153
|
+
it "generates the fields" do
|
154
|
+
expect(grok_match(subject, value2)).to include(
|
155
|
+
'timestamp' => 'Mon Aug 31 06:29:47.406530 2015',
|
156
|
+
'module' => 'core',
|
157
|
+
'loglevel' => 'notice',
|
158
|
+
'pid' => '24968',
|
159
|
+
'tid' => '140169861986176',
|
160
|
+
'errorcode' => 'AH00094',
|
161
|
+
'message' => [ value2, 'Command line: \'/usr/sbin/apache2\'' ]
|
162
|
+
)
|
163
|
+
end
|
22
164
|
end
|
23
165
|
|
166
|
+
context 'a debug message' do
|
167
|
+
let(:message) do
|
168
|
+
'[Fri Feb 01 22:03:08.319124 2019] [authz_core:debug] [pid 9:tid 140597881775872] mod_authz_core.c(820): [client 172.17.0.1:50752] AH01626: authorization result of <RequireAny>: granted'
|
169
|
+
end
|
170
|
+
|
171
|
+
it 'matches imperfectly (legacy)' do
|
172
|
+
expect(grok).to include({
|
173
|
+
"timestamp"=>"Fri Feb 01 22:03:08.319124 2019",
|
174
|
+
"module"=>"authz_core",
|
175
|
+
"loglevel"=>"debug",
|
176
|
+
"pid"=>"9",
|
177
|
+
"tid"=>"140597881775872",
|
178
|
+
"errorcode"=>"mod_authz_core.c(820)",
|
179
|
+
"message"=>[message, "[client 172.17.0.1:50752] AH01626: authorization result of <RequireAny>: granted"]
|
180
|
+
})
|
181
|
+
end
|
182
|
+
end
|
183
|
+
|
24
184
|
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "JAVA" do
|
6
|
+
describe "JAVACLASS" do
|
7
|
+
let(:example) { 'hudson.node_monitors.AbstractAsyncNodeMonitorDescriptor' }
|
8
|
+
it "matches a java class with underscores" do
|
9
|
+
expect(grok_match(subject, example, true)['tags']).to be_nil
|
10
|
+
end
|
11
|
+
end
|
12
|
+
describe "JAVAFILE" do
|
13
|
+
let(:example) { 'Native Method' }
|
14
|
+
it "matches a java file name with spaces" do
|
15
|
+
expect(grok_match(subject, example, true)['tags']).to be_nil
|
16
|
+
end
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
describe "JAVASTACKTRACEPART" do
|
21
|
+
let(:pattern) { 'JAVASTACKTRACEPART' }
|
22
|
+
let(:message) { ' at com.sample.stacktrace.StackTraceExample.aMethod(StackTraceExample.java:42)' }
|
23
|
+
it "matches" do
|
24
|
+
grok = grok_match(pattern, message, true)
|
25
|
+
expect(grok).to include({
|
26
|
+
"message"=>" at com.sample.stacktrace.StackTraceExample.aMethod(StackTraceExample.java:42)",
|
27
|
+
"method"=>"aMethod",
|
28
|
+
"class"=>"com.sample.stacktrace.StackTraceExample",
|
29
|
+
"file"=>"StackTraceExample.java",
|
30
|
+
"line"=>"42"
|
31
|
+
})
|
32
|
+
end
|
33
|
+
|
34
|
+
context 'generated file' do
|
35
|
+
let(:message) { ' at org.jruby.RubyMethod$INVOKER$i$call.call(RubyMethod$INVOKER$i$call.gen)' }
|
36
|
+
it "matches" do
|
37
|
+
grok = grok_match(pattern, message, true)
|
38
|
+
expect(grok).to include({
|
39
|
+
"method"=>"call",
|
40
|
+
"class"=>"org.jruby.RubyMethod$INVOKER$i$call",
|
41
|
+
"file"=>"RubyMethod$INVOKER$i$call.gen",
|
42
|
+
})
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,61 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "MAVEN_VERSION" do
|
6
|
+
|
7
|
+
let(:pattern) { 'MAVEN_VERSION' }
|
8
|
+
|
9
|
+
context "when maven version is simple" do
|
10
|
+
let(:value) { '1.1.0' }
|
11
|
+
|
12
|
+
it "should match the version" do
|
13
|
+
expect(grok_match(pattern,value)).to pass
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
context "when maven version is a bit more complex" do
|
18
|
+
let(:value) { '2.35.128' }
|
19
|
+
|
20
|
+
it "should match the version" do
|
21
|
+
expect(grok_match(pattern,value)).to pass
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
context "when maven version contains release" do
|
26
|
+
let(:value) { '1.1.0.RELEASE' }
|
27
|
+
|
28
|
+
it "should match the version" do
|
29
|
+
expect(grok_match(pattern,value)).to pass
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
context "when maven version contains shapshot" do
|
34
|
+
let(:value) { '1.1.0.SNAPSHOT' }
|
35
|
+
|
36
|
+
it "should match the version" do
|
37
|
+
expect(grok_match(pattern,value)).to pass
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
context "when maven version contains release" do
|
42
|
+
context "and the version contains a dash" do
|
43
|
+
let(:value) { '1.1.0-RELEASE' }
|
44
|
+
|
45
|
+
it "should match the version" do
|
46
|
+
expect(grok_match(pattern,value)).to pass
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context "when maven version contains shapshot" do
|
52
|
+
context "and the version contains a dash" do
|
53
|
+
let(:value) { '1.1.0-SNAPSHOT' }
|
54
|
+
|
55
|
+
it "should match the version" do
|
56
|
+
expect(grok_match(pattern,value)).to pass
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
end
|
@@ -82,7 +82,7 @@ end
|
|
82
82
|
|
83
83
|
describe "NAGIOSLOGLINE - TIMEPERIOD TRANSITION" do
|
84
84
|
|
85
|
-
let(:value) { "[1427925600] TIMEPERIOD TRANSITION: 24X7
|
85
|
+
let(:value) { "[1427925600] TIMEPERIOD TRANSITION: 24X7;-1;1" }
|
86
86
|
let(:grok) { grok_match(subject, value) }
|
87
87
|
|
88
88
|
it "a pattern pass the grok expression" do
|
@@ -105,6 +105,10 @@ describe "NAGIOSLOGLINE - TIMEPERIOD TRANSITION" do
|
|
105
105
|
expect(grok).to include("nagios_service" => "24X7")
|
106
106
|
end
|
107
107
|
|
108
|
+
it "generates the period from/to fields" do
|
109
|
+
expect(grok).to include("nagios_unknown1" => "-1", "nagios_unknown2" => "1")
|
110
|
+
end
|
111
|
+
|
108
112
|
# Regression test for but fixed in Nagios patterns #30
|
109
113
|
it "doesn't end in a semi-colon" do
|
110
114
|
expect(grok['message']).to_not end_with(";")
|
@@ -0,0 +1,171 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "spec_helper"
|
3
|
+
require "logstash/patterns/core"
|
4
|
+
|
5
|
+
describe "REDISTIMESTAMP" do
|
6
|
+
|
7
|
+
let(:value) { '14 Nov 07:01:22.119'}
|
8
|
+
let(:pattern) { "REDISTIMESTAMP" }
|
9
|
+
|
10
|
+
it "a pattern pass the grok expression" do
|
11
|
+
expect(grok_match(pattern, value)).to pass
|
12
|
+
end
|
13
|
+
|
14
|
+
end
|
15
|
+
|
16
|
+
describe "REDISLOG" do
|
17
|
+
|
18
|
+
let(:value) { "[4018] 14 Nov 07:01:22.119 * Background saving terminated with success" }
|
19
|
+
let(:pattern) { "REDISLOG" }
|
20
|
+
let(:grok) { grok_match(pattern, value) }
|
21
|
+
|
22
|
+
it "a pattern pass the grok expression" do
|
23
|
+
expect(grok).to pass
|
24
|
+
end
|
25
|
+
|
26
|
+
it "generates the pid field" do
|
27
|
+
expect(grok).to include("pid" => "4018")
|
28
|
+
end
|
29
|
+
|
30
|
+
end
|
31
|
+
|
32
|
+
|
33
|
+
describe "REDISMONLOG - SIMPLE COMMAND" do
|
34
|
+
|
35
|
+
let(:value) { "1470637867.953466 [0 195.168.1.1:52500] \"info\"" }
|
36
|
+
let(:pattern) { "REDISMONLOG" }
|
37
|
+
let(:grok) { grok_match(pattern, value) }
|
38
|
+
|
39
|
+
it "a pattern pass the grok expression" do
|
40
|
+
expect(grok).to pass
|
41
|
+
end
|
42
|
+
|
43
|
+
it "generates the timestamp field" do
|
44
|
+
expect(grok).to include("timestamp" => "1470637867.953466")
|
45
|
+
end
|
46
|
+
|
47
|
+
it "generates the database field" do
|
48
|
+
expect(grok).to include("database" => "0")
|
49
|
+
end
|
50
|
+
|
51
|
+
it "generates the client field" do
|
52
|
+
expect(grok).to include("client" => "195.168.1.1")
|
53
|
+
end
|
54
|
+
|
55
|
+
it "generates the port field" do
|
56
|
+
expect(grok).to include("port" => "52500")
|
57
|
+
end
|
58
|
+
|
59
|
+
it "generates the command field" do
|
60
|
+
expect(grok).to include("command" => "info")
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
|
65
|
+
describe "REDISMONLOG - ONE PARAM COMMAND" do
|
66
|
+
|
67
|
+
let(:value) { "1339518083.107412 [0 127.0.0.1:60866] \"keys\" \"*\"" }
|
68
|
+
let(:pattern) { "REDISMONLOG" }
|
69
|
+
let(:grok) { grok_match(pattern, value) }
|
70
|
+
|
71
|
+
it "a pattern pass the grok expression" do
|
72
|
+
expect(grok).to pass
|
73
|
+
end
|
74
|
+
|
75
|
+
it "generates the timestamp field" do
|
76
|
+
expect(grok).to include("timestamp" => "1339518083.107412")
|
77
|
+
end
|
78
|
+
|
79
|
+
it "generates the database field" do
|
80
|
+
expect(grok).to include("database" => "0")
|
81
|
+
end
|
82
|
+
|
83
|
+
it "generates the client field" do
|
84
|
+
expect(grok).to include("client" => "127.0.0.1")
|
85
|
+
end
|
86
|
+
|
87
|
+
it "generates the port field" do
|
88
|
+
expect(grok).to include("port" => "60866")
|
89
|
+
end
|
90
|
+
|
91
|
+
it "generates the command field" do
|
92
|
+
expect(grok).to include("command" => "keys")
|
93
|
+
end
|
94
|
+
|
95
|
+
it "generates the params field" do
|
96
|
+
expect(grok).to include("params" => "\"*\"")
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
100
|
+
|
101
|
+
describe "REDISMONLOG - TWO PARAM COMMAND" do
|
102
|
+
|
103
|
+
let(:value) { "1470637925.186681 [0 127.0.0.1:39404] \"rpush\" \"my:special:key\" \"{\\\"data\\\":\"cdr\\\",\\\"payload\\\":\\\"json\\\"}\"" }
|
104
|
+
let(:pattern) { "REDISMONLOG" }
|
105
|
+
let(:grok) { grok_match(pattern, value) }
|
106
|
+
|
107
|
+
it "a pattern pass the grok expression" do
|
108
|
+
expect(grok).to pass
|
109
|
+
end
|
110
|
+
|
111
|
+
it "generates the timestamp field" do
|
112
|
+
expect(grok).to include("timestamp" => "1470637925.186681")
|
113
|
+
end
|
114
|
+
|
115
|
+
it "generates the database field" do
|
116
|
+
expect(grok).to include("database" => "0")
|
117
|
+
end
|
118
|
+
|
119
|
+
it "generates the client field" do
|
120
|
+
expect(grok).to include("client" => "127.0.0.1")
|
121
|
+
end
|
122
|
+
|
123
|
+
it "generates the port field" do
|
124
|
+
expect(grok).to include("port" => "39404")
|
125
|
+
end
|
126
|
+
|
127
|
+
it "generates the command field" do
|
128
|
+
expect(grok).to include("command" => "rpush")
|
129
|
+
end
|
130
|
+
|
131
|
+
it "generates the params field" do
|
132
|
+
expect(grok).to include("params" => "\"my:special:key\" \"{\\\"data\\\":\"cdr\\\",\\\"payload\\\":\\\"json\\\"}\"")
|
133
|
+
end
|
134
|
+
|
135
|
+
end
|
136
|
+
|
137
|
+
describe "REDISMONLOG - VARIADIC COMMAND" do
|
138
|
+
|
139
|
+
let(:value) { "1470637875.777457 [15 195.168.1.1:52500] \"intentionally\" \"broken\" \"variadic\" \"log\" \"entry\"" }
|
140
|
+
let(:pattern) { "REDISMONLOG" }
|
141
|
+
let(:grok) { grok_match(pattern, value) }
|
142
|
+
|
143
|
+
it "a pattern pass the grok expression" do
|
144
|
+
expect(grok).to pass
|
145
|
+
end
|
146
|
+
|
147
|
+
it "generates the timestamp field" do
|
148
|
+
expect(grok).to include("timestamp" => "1470637875.777457")
|
149
|
+
end
|
150
|
+
|
151
|
+
it "generates the database field" do
|
152
|
+
expect(grok).to include("database" => "15")
|
153
|
+
end
|
154
|
+
|
155
|
+
it "generates the client field" do
|
156
|
+
expect(grok).to include("client" => "195.168.1.1")
|
157
|
+
end
|
158
|
+
|
159
|
+
it "generates the port field" do
|
160
|
+
expect(grok).to include("port" => "52500")
|
161
|
+
end
|
162
|
+
|
163
|
+
it "generates the command field" do
|
164
|
+
expect(grok).to include("command" => "intentionally")
|
165
|
+
end
|
166
|
+
|
167
|
+
it "generates the params field" do
|
168
|
+
expect(grok).to include("params" => "\"broken\" \"variadic\" \"log\" \"entry\"")
|
169
|
+
end
|
170
|
+
|
171
|
+
end
|