forked from tsaikd/gogstash
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfiltergrok.go
115 lines (99 loc) · 2.96 KB
/
filtergrok.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
package filtergrok
import (
"context"
"github.com/tsaikd/gogstash/config"
"github.com/tsaikd/gogstash/config/goglog"
"github.com/tsaikd/gogstash/config/logevent"
"github.com/vjeantet/grok"
)
// ModuleName is the name used in config file
const ModuleName = "grok"
// ErrorTag tag added to event when process module failed
const ErrorTag = "gogstash_filter_grok_error"
// FilterConfig holds the configuration json fields and internal objects
type FilterConfig struct {
config.FilterConfig
PatternsPath string `json:"patterns_path"` // path to patterns file
Patterns map[string]string `json:"patterns"` // pattern definitions
Match []string `json:"match"` // match pattern
Source string `json:"source"` // source message field name
RemoveEmptyValues bool `json:"remove_empty_values"` // remove empty values
grk *grok.Grok
}
// DefaultFilterConfig returns an FilterConfig struct with default values
func DefaultFilterConfig() FilterConfig {
return FilterConfig{
FilterConfig: config.FilterConfig{
CommonConfig: config.CommonConfig{
Type: ModuleName,
},
},
PatternsPath: "",
Patterns: nil,
Match: []string{"%{COMMONAPACHELOG}"},
Source: "message",
RemoveEmptyValues: true,
}
}
// InitHandler initialize the filter plugin
func InitHandler(ctx context.Context, raw *config.ConfigRaw) (config.TypeFilterConfig, error) {
conf := DefaultFilterConfig()
err := config.ReflectConfig(raw, &conf)
if err != nil {
return nil, err
}
g, err := grok.NewWithConfig(&grok.Config{
NamedCapturesOnly: true,
RemoveEmptyValues: conf.RemoveEmptyValues,
})
if err != nil {
return nil, err
}
if conf.PatternsPath != "" {
err = g.AddPatternsFromPath(conf.PatternsPath)
if err != nil {
return nil, err
}
}
if conf.Patterns != nil {
err = g.AddPatternsFromMap(conf.Patterns)
if err != nil {
return nil, err
}
}
conf.grk = g
return &conf, nil
}
// Event the main filter event
func (f *FilterConfig) Event(ctx context.Context, event logevent.LogEvent) ([]logevent.LogEvent, bool) {
eventsOut := make([]logevent.LogEvent, 0)
message := event.GetString(f.Source)
found := false
for _, thisMatch := range f.Match {
// grok Parse will success even it doesn't match
values, err := f.grk.ParseTyped(thisMatch, message)
if err == nil && len(values) > 0 {
found = true
for key, value := range values {
switch v := value.(type) {
case string:
event.SetValue(key, v)
case nil:
// pass
default:
event.SetValue(key, value)
}
}
goglog.Logger.Debugf("Grok Filter: %q %v - Matched: %v in %q", f.Match, event, values, message)
break
}
}
if !found {
event.AddTag(ErrorTag)
goglog.Logger.Debugf("grok: no matches for %q", message)
eventsOut = append(eventsOut, event)
return eventsOut, false
}
eventsOut = append(eventsOut, event)
return eventsOut, true
}