diff --git a/logstash.gemspec b/logstash.gemspec index 5ab5206c8..f7a93fe32 100644 --- a/logstash.gemspec +++ b/logstash.gemspec @@ -42,7 +42,7 @@ Gem::Specification.new do |gem| gem.add_runtime_dependency "gelfd", ["0.2.0"] gem.add_runtime_dependency "gelf", ["1.3.2"] gem.add_runtime_dependency "gmetric", ["0.1.3"] - gem.add_runtime_dependency "jls-grok", ["0.10.9"] + gem.add_runtime_dependency "jls-grok", ["0.10.10"] gem.add_runtime_dependency "mail" gem.add_runtime_dependency "mongo" gem.add_runtime_dependency "onstomp" diff --git a/spec/filters/grok.rb b/spec/filters/grok.rb index 0afaf631e..37586287f 100644 --- a/spec/filters/grok.rb +++ b/spec/filters/grok.rb @@ -1,7 +1,7 @@ require "test_utils" require "logstash/filters/grok" -describe LogStash::Filters::Grok do +describe LogStash::Filters::Grok do extend LogStash::RSpec describe "simple syslog line" do @@ -26,7 +26,7 @@ describe LogStash::Filters::Grok do end end - describe "parsing an event with multiple messages (array of strings)" do + describe "parsing an event with multiple messages (array of strings)" do config <<-CONFIG filter { grok { @@ -170,4 +170,37 @@ describe LogStash::Filters::Grok do insist { subject["foo"] } == "yo" end end + + describe "using oniguruma named captures (?regex)" do + context "plain regexp" do + config <<-'CONFIG' + filter { + grok { + singles => true + pattern => "(?\w+)" + } + } + CONFIG + sample "hello world" do + reject { subject.tags }.include?("_grokparsefailure") + insist { subject["foo"] } == "hello" + end + end + + context "grok patterns" do + config <<-'CONFIG' + filter { + grok { + singles => true + pattern => "(?%{DATE_EU} %{TIME})" + } + } + CONFIG + + sample "fancy 2012-12-12 12:12:12" do + reject { subject.tags }.include?("_grokparsefailure") + insist { subject["timestamp"] } == "2012-12-12 12:12:12" + end + end + end end