Sha256: 911ee4eefc39b94c278cca2e79a592e60d5025eae36ab249ea9af12d5ea2a2f9
Contents?: true
Size: 1.64 KB
Versions: 5
Compression:
Stored size: 1.64 KB
Contents
# {
# "parse": {
# "field": "message",
# "pattern": "()"
# }
# }
module Anschel
class Filter
def parse conf, stats, log
field = conf.delete :field
pattern = Regexp.new conf.delete(:pattern)
unless_field = conf.delete(:unless_field) || '@timestamp'
error_tag = conf.has_key?(:error_tag) ? conf[:error_tag] : 'parse-error'
raise 'Missing required "field" for "parse" filter' if field.nil?
raise 'Missing required "pattern" for "parse" filter' if pattern.nil?
field = field.to_sym
unless_field = unless_field.to_sym
stats.create 'filter-parse'
stats.create 'filter-parse-skipped'
stats.create 'filter-parse-error'
log.trace event: 'filter-compiled', kind: 'parse', \
field: field, pattern: pattern
lambda do |event|
unless event.has_key? field
stats.inc 'filter-parse-skipped'
return event
end
if event.has_key? unless_field
stats.inc 'filter-parse-skipped'
return event
end
mdata = pattern.match event[field]
if mdata.nil?
log.trace \
event: 'parse-filter-error',
reason: 'regexp did not match',
field: field,
pattern: pattern,
raw_event: event
stats.inc 'filter-parse-error'
if error_tag
event[:tags] ||= []
event[:tags] << error_tag
end
return event
end
mdata.names.each do |group|
event[group.to_sym] = mdata[group]
end
stats.inc 'filter-parse'
filtered event, conf
end
end
end
end
Version data entries
5 entries across 5 versions & 1 rubygems