webmat/grok_fields.rb

## grok_fields.rb
PATTERNS_GLOB = ENV['PATTERNS_GLOB'] || '~/work/elastic/plugins/logstash-patterns-core/patterns/*'

FIELD_MATCHER = /{\w+:([^}]+)}/
ECS = %w(labels agent client cloud container destination ecs error event file
         geo group host http log network observer organization os process
         related server service source url user user_agent)

field_names = {}
puts "File name\tField\tLine\tPosition\tConflict"
Dir[PATTERNS_GLOB].each do |file|
  file_name = File.basename(file)
  File.open(file) do |f|
    f.readlines.each_with_index do |line, lineno|
      line.scan(FIELD_MATCHER).each_with_index do |match, matchno|
        match = match[0]
        conflict = ECS.any? { |e| e == match }
        puts "#{file_name}\t#{match}\t#{lineno}\t#{matchno}\t#{conflict}"
      end
    end
  end
end
	PATTERNS_GLOB = ENV['PATTERNS_GLOB'] \|\| '~/work/elastic/plugins/logstash-patterns-core/patterns/*'

	FIELD_MATCHER = /{\w+:([^}]+)}/
	ECS = %w(labels agent client cloud container destination ecs error event file
	geo group host http log network observer organization os process
	related server service source url user user_agent)

	field_names = {}
	puts "File name\tField\tLine\tPosition\tConflict"
	Dir[PATTERNS_GLOB].each do \|file\|
	file_name = File.basename(file)
	File.open(file) do \|f\|
	f.readlines.each_with_index do \|line, lineno\|
	line.scan(FIELD_MATCHER).each_with_index do \|match, matchno\|
	match = match[0]
	conflict = ECS.any? { \|e\| e == match }
	puts "#{file_name}\t#{match}\t#{lineno}\t#{matchno}\t#{conflict}"
	end
	end
	end
	end