github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 06:37:19 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add "emergency" to LOGLEVEL grok pattern

Browse source 
Apache, nginx, syslog, and many systems use emergency level,
and it was missing in logstash.

Also add tests to cover all scenarios of `LOGLEVEL` expansion.
This commit is contained in:
Hugo Lopes Tavares 2013-08-02 11:15:22 -04:00
parent 630b3eb10e
commit 1e8f5d8b10
2 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
patterns/grok-patterns
View file

@ -92,4 +92,4 @@ SYSLOGBASE %{SYSLOGTIMESTAMP:timestamp} (?:%{SYSLOGFACILITY} )?%{SYSLOGHOST:logs
COMBINEDAPACHELOG %{IPORHOST:clientip} %{USER:ident} %{USER:auth} \[%{HTTPDATE:timestamp}\] "(?:%{WORD:verb} %{NOTSPACE:request}(?: HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})" %{NUMBER:response} (?:%{NUMBER:bytes}|-) %{QS:referrer} %{QS:agent}
# Log Levels
LOGLEVEL ([T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE)
LOGLEVEL ([T|t]race|TRACE|[D|d]ebug|DEBUG|[N|n]otice|NOTICE|[I|i]nfo|INFO|[W|w]arn?(?:ing)?|WARN?(?:ING)?|[E|e]rr?(?:or)?|ERR?(?:OR)?|[C|c]rit?(?:ical)?|CRIT?(?:ICAL)?|[F|f]atal|FATAL|[S|s]evere|SEVERE|EMERG(?:ENCY)?|[Ee]merg(?:ency)?)

28
spec/filters/grok.rb
View file

@ -263,6 +263,34 @@ describe LogStash::Filters::Grok do
end
end
describe "grok on %{LOGLEVEL}" do
config <<-'CONFIG'
filter {
grok {
pattern => "%{LOGLEVEL:level}: error!"
}
}
CONFIG
log_level_names = %w(
trace Trace TRACE
debug Debug DEBUG
notice Notice Notice
info Info INFO
warn warning Warn Warning WARN WARNING
err error Err Error ERR ERROR
crit critical Crit Critical CRIT CRITICAL
fatal Fatal FATAL
severe Severe SEVERE
emerg emergency Emerg Emergency EMERG EMERGENCY
)
log_level_names.each do |level_name|
sample "#{level_name}: error!" do
insist { subject['level'] } == level_name
end
end
end
describe "tagging on failure" do
config <<-CONFIG
filter {