Skip to content

Instantly share code, notes, and snippets.

@jsvd
Last active March 5, 2020 20:32
Show Gist options
  • Save jsvd/81ea583afcb8a5cb56299487d2eb4768 to your computer and use it in GitHub Desktop.
Save jsvd/81ea583afcb8a5cb56299487d2eb4768 to your computer and use it in GitHub Desktop.
/tmp/logstash-7.6.0 ❯ bin/logstash -i irb
Sending Logstash logs to /tmp/logstash-7.6.0/logs which is now configured via log4j2.properties
irb(main):001:0> grok_class = LogStash::Plugin.lookup("filter", "grok")
=> LogStash::Filters::Grok
irb(main):002:0> grok = grok_class.new("match" => { "message" => [ "%{WORD:word}", "%{NUMBER:num}" ] })
=> <LogStash::Filters::Grok match=>{"message"=>["%{WORD:word}", "%{NUMBER:num}"]}, id=>"grok_1a49e57c-96f1-4381-b421-0fb93adf6eec", enable_metric=>true, periodic_flush=>false, patterns_files_glob=>"*", break_on_match=>true, named_captures_only=>true, keep_empty_captures=>false, tag_on_failure=>["_grokparsefailure"], timeout_millis=>30000, timeout_scope=>"pattern", tag_on_timeout=>"_groktimeout">
irb(main):003:0> grok.register
=> #<LogStash::Filters::Grok::PatternTimeoutMatcher:0x72a80415 @filter=<LogStash::Filters::Grok match=>{"message"=>["%{WORD:word}", "%{NUMBER:num}"]}, id=>"grok_1a49e57c-96f1-4381-b421-0fb93adf6eec", enable_metric=>true, periodic_flush=>false, patterns_files_glob=>"*", break_on_match=>true, named_captures_only=>true, keep_empty_captures=>false, tag_on_failure=>["_grokparsefailure"], timeout_millis=>30000, timeout_scope=>"pattern", tag_on_timeout=>"_groktimeout">>
irb(main):004:0> event = LogStash::Event.new("message" => "hey")
=> #<LogStash::Event:0x1155ab2c>
irb(main):005:0> grok.filter(event)
=> false
irb(main):006:0> event.to_hash
=> {"@timestamp"=>2020-03-05T15:59:53.848Z, "message"=>"hey", "@version"=>"1", "word"=>"hey"}
require_relative "lib/bootstrap/environment"
LogStash::Bundler.setup!({:without => [:build, :development]})
require "logstash-core"
require "logstash/environment"
require "logstash/plugin"
grok_class = LogStash::Plugin.lookup("filter", "grok")
grok = grok_class.new("match" => { "message" => [ "%{WORD:word}", "%{NUMBER:num}" ] })
grok.register
event = LogStash::Event.new("message" => "hey")
grok.filter(event)
puts event.to_hash
# /tmp/logstash-7.6.0
# ❯ bin/ruby script.rb
# {"word"=>"hey", "@timestamp"=>2020-03-05T16:19:19.322Z, "@version"=>"1", "message"=>"hey"}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment