github-mirrors/logstash
1
0
Fork 0
mirror of https://github.com/elastic/logstash.git synced 2025-04-24 22:57:16 -04:00
Code Issues Projects Releases Packages Wiki Activity

- Add 'negate' support to grep filter

Browse source 
- Add documentation for grep
This commit is contained in:
Jordan Sissel 2011-01-12 01:49:48 +08:00 committed by Alexandre Dulaunoy
parent e878dcca46
commit eff843fb34
1 changed files with 35 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

38
lib/logstash/filters/grep.rb
View file

@ -1,6 +1,28 @@
require "logstash/filters/base" require "logstash/filters/base"
require "logstash/namespace" require "logstash/namespace"
# Grep filter.
#
# Useful for:
# * Dropping events
# * Tagging events
# * Adding static fields
#
# Events not matched ar dropped. If 'negate' is set to true (defaults false), then
# matching events are dropped.
#
# Config:
# - grep:
# <type>:
# - match:
# <field>: <regexp>
# negate: true/false
# add_fields:
# <field>: <value>
# add_tags:
# - tag1
# - tag2
#
class LogStash::Filters::Grep < LogStash::Filters::Base class LogStash::Filters::Grep < LogStash::Filters::Base
public public
def initialize(config = {}) def initialize(config = {})
@ -41,7 +63,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
return return
end end
@logger.debug(["Running grep filter", event, config]) @logger.debug(["Running grep filter", event.to_hash, config])
matched = false matched = false
config.each do |match| config.each do |match|
if ! match["match"] if ! match["match"]
@ -55,9 +77,18 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
match["match"].each do |field, re| match["match"].each do |field, re|
next unless event[field] next unless event[field]
if event[field].empty? and match["negate"] == true
match_count += 1
end
event[field].each do |value| event[field].each do |value|
next unless re.match(value) if match["negate"] == true
@logger.debug("grep matched on field #{field}") @logger.debug("want negate match")
next if re.match(value)
@logger.debug(["grep not-matched (negate requsted)", { field => value }])
else
next unless re.match(value)
@logger.debug(["grep matched", { field => value }])
end
match_count += 1 match_count += 1
break break
end end
@ -81,6 +112,7 @@ class LogStash::Filters::Grep < LogStash::Filters::Base
@logger.debug("grep: adding tag #{tag}") @logger.debug("grep: adding tag #{tag}")
end end
end # if match["add_tags"] end # if match["add_tags"]
else else
@logger.debug("match block failed " \ @logger.debug("match block failed " \
"(#{match_count}/#{match["match"].length} matches)") "(#{match_count}/#{match["match"].length} matches)")