require "helper" require "tempfile" require "fluent/plugin/parser_grok" def str2time(str_time, format = nil) if format Time.strptime(str_time, format).to_i else Time.parse(str_time).to_i end end class GrokParserTest < ::Test::Unit::TestCase class Timestamp < self def test_timestamp_iso8601 internal_test_grok_pattern("%{TIMESTAMP_ISO8601:time}", "Some stuff at 2014-01-01T00:00:00+0900", event_time("2014-01-01T00:00:00+0900"), {}) end def test_datestamp_rfc822_with_zone internal_test_grok_pattern("%{DATESTAMP_RFC822:time}", "Some stuff at Mon Aug 15 2005 15:52:01 UTC", event_time("Mon Aug 15 2005 15:52:01 UTC"), {}) end def test_datestamp_rfc822_with_numeric_zone internal_test_grok_pattern("%{DATESTAMP_RFC2822:time}", "Some stuff at Mon, 15 Aug 2005 15:52:01 +0000", event_time("Mon, 15 Aug 2005 15:52:01 +0000"), {}) end def test_syslogtimestamp internal_test_grok_pattern("%{SYSLOGTIMESTAMP:time}", "Some stuff at Aug 01 00:00:00", event_time("Aug 01 00:00:00"), {}) end end def test_call_for_grok_pattern_not_found assert_raise Fluent::Grok::GrokPatternNotFoundError do internal_test_grok_pattern("%{THIS_PATTERN_DOESNT_EXIST}", "Some stuff at somewhere", nil, {}) end end def test_call_for_multiple_fields internal_test_grok_pattern("%{MAC:mac_address} %{IP:ip_address}", "this.wont.match DEAD.BEEF.1234 127.0.0.1", nil, {"mac_address" => "DEAD.BEEF.1234", "ip_address" => "127.0.0.1"}) end def test_call_for_complex_pattern internal_test_grok_pattern("%{COMBINEDAPACHELOG}", '127.0.0.1 192.168.0.1 - [28/Feb/2013:12:00:00 +0900] "GET / HTTP/1.1" 200 777 "-" "Opera/12.0"', str2time("28/Feb/2013:12:00:00 +0900", "%d/%b/%Y:%H:%M:%S %z"), { "clientip" => "127.0.0.1", "ident" => "192.168.0.1", "auth" => "-", "verb" => "GET", "request" => "/", "httpversion" => "1.1", "response" => "200", "bytes" => "777", "referrer" => "\"-\"", "agent" => "\"Opera/12.0\"" }, "time_key" => "timestamp", "time_format" => "%d/%b/%Y:%H:%M:%S %z" ) end def test_call_for_custom_pattern pattern_file = File.new(File.expand_path("../my_pattern", __FILE__), "w") pattern_file.write("MY_AWESOME_PATTERN %{GREEDYDATA:message}\n") pattern_file.close begin internal_test_grok_pattern("%{MY_AWESOME_PATTERN:message}", "this is awesome", nil, {"message" => "this is awesome"}, "custom_pattern_path" => pattern_file.path ) ensure File.delete(pattern_file.path) end end class OptionalType < self def test_simple internal_test_grok_pattern("%{INT:user_id:integer} paid %{NUMBER:paid_amount:float}", "12345 paid 6789.10", nil, {"user_id" => 12345, "paid_amount" => 6789.1 }) end def test_array internal_test_grok_pattern("%{GREEDYDATA:message:array}", "a,b,c,d", nil, {"message" => %w(a b c d)}) end def test_array_with_delimiter internal_test_grok_pattern("%{GREEDYDATA:message:array:|}", "a|b|c|d", nil, {"message" => %w(a b c d)}) end def test_timestamp_iso8601 internal_test_grok_pattern("%{TIMESTAMP_ISO8601:stamp:time}", "Some stuff at 2014-01-01T00:00:00+0900", nil, {"stamp" => event_time("2014-01-01T00:00:00+0900")}) end def test_datestamp_rfc822_with_zone internal_test_grok_pattern("%{DATESTAMP_RFC822:stamp:time}", "Some stuff at Mon Aug 15 2005 15:52:01 UTC", nil, {"stamp" => event_time("Mon Aug 15 2005 15:52:01 UTC")}) end def test_datestamp_rfc822_with_numeric_zone internal_test_grok_pattern("%{DATESTAMP_RFC2822:stamp:time}", "Some stuff at Mon, 15 Aug 2005 15:52:01 +0000", nil, {"stamp" => event_time("Mon, 15 Aug 2005 15:52:01 +0000")}) end def test_syslogtimestamp internal_test_grok_pattern("%{SYSLOGTIMESTAMP:stamp:time}", "Some stuff at Aug 01 00:00:00", nil, {"stamp" => event_time("Aug 01 00:00:00")}) end def test_timestamp_with_format internal_test_grok_pattern("%{TIMESTAMP_ISO8601:stamp:time:%Y-%m-%d %H%M}", "Some stuff at 2014-01-01 1000", nil, {"stamp" => event_time("2014-01-01 10:00")}) end end class NoGrokPatternMatched < self def test_with_grok_failure_key config = %[ grok_failure_key grok_failure pattern %{PATH:path} ] expected = { "grok_failure" => "No grok pattern matched", "message" => "no such pattern" } d = create_driver(config) d.instance.parse("no such pattern") do |_time, record| assert_equal(expected, record) end end def test_without_grok_failure_key config = %[ pattern %{PATH:path} ] expected = { "message" => "no such pattern" } d = create_driver(config) d.instance.parse("no such pattern") do |_time, record| assert_equal(expected, record) end end end private def create_driver(conf) Fluent::Test::Driver::Parser.new(Fluent::Plugin::GrokParser).configure(conf) end def internal_test_grok_pattern(grok_pattern, text, expected_time, expected_record, options = {}) d = create_driver({"grok_pattern" => grok_pattern}.merge(options)) # for the new API d.instance.parse(text) {|time, record| assert_equal(expected_time, time) if expected_time assert_equal(expected_record, record) } end end