wiibaa

{
	"size": 2,
	"limit": 25,
	"isLastPage": true,
	"values": [{
			"anchor": {
				"id": 15815,
				"version": 1,
				"text": "Some comment text",
				"author": {

wiibaa

Logstash plugin dashboard (generated on 2016-09-21 12:49:28 +0200)

Plugin name	Plugin type	open issues/PR3	travis status	gemspec license	gemspec version	gempsec platform	plugin-core-api dependency	other plugin dependency	gemspec version	gempsec platform

wiibaa

date

The date filter is used for parsing dates from fields, and then using that date or timestamp as the logstash timestamp for the event.

For example, syslog events usually have timestamps like this:

wiibaa

# Title: DOC-VAR={DOC-VAR} ; MYVAR={MYVAR} ; INLINE-VAR={INLINE-VAR}
:DOC-VAR: my doc-variable


A variable is set here with `:MYVAR: my variable`

:MYVAR: my variable

An inline variable is set here with `\{set:INLINE-VAR:my inline-variable}`
{set:INLINE-VAR:my inline-variable}

wiibaa

D:\tmp\logstash\release\logstash-1.5.0-rc3>bin\logstash -f debug.cnf --debug
io/console not supported; tty will not be manipulated
←[36mReading config file {:file=>"/tmp/logstash/release/logstash-1.5.0-rc3/vendor/bundle/jruby/1.9/gems/logstash-core-1.5.0.rc3-java/lib/logstash/agent.rb", :level=>:debug, :line=>"326", :method=>"local_config"}←[0m
←[36mCompiled pipeline code:
        @inputs = []
        @filters = []
        @outputs = []
        @periodic_flushers = []
        @shutdown_flushers = []

wiibaa

input {
        stdin {codec => multiline{

                 pattern => "^ -%{SPACE}%{SPACE}%{TIMESTAMP_ISO8601}"
                 negate => true
                 what => "previous"
        }  }}

filter {
    grok {

wiibaa

# encoding: utf-8
require "test_utils"

describe "Logstash filters test suite" do
  extend LogStash::RSpec
  
  describe "Logstash filters for my_type inputs" do
    #You are loading your real configuration, no repetition
    config File.new("/etc/logstash/filters.conf").read

wiibaa

http://www.sroze.io/2008/10/09/regex-ipv4-et-ipv6/
http://home.deds.nl/~aeron/regex/ (with test data)

logstash PR
IPV6 ((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\

wiibaa

D:\tmp\logstash\github\logstash>rake artifact:tar --trace
** Invoke artifact:tar (first_time)
** Invoke vendor:elasticsearch (first_time)
** Execute vendor:elasticsearch
** Invoke vendor/_/elasticsearch-1.3.0.tar.gz (first_time)
** Invoke vendor/_ (first_time, not_needed)
** Invoke vendor (first_time, not_needed)
** Execute vendor/_/elasticsearch-1.3.0.tar.gz
Downloading https://download.elasticsearch.org/elasticsearch/elasticsearch/elasticsearch-1.3.0.tar.gz
** Invoke vendor/elasticsearch (first_time, not_needed)