Skip to content
Snippets Groups Projects
README 3.35 KiB
Newer Older
  • Learn to ignore specific revisions
  • NAME
        Message::Passing::Filter::Regexp - Regexp Capture Filter For
        Message::Passing
    
    SYNOPSIS
            # regexfile
            *** FORMAT ***
            :default = "%date %status %remotehost %domain %request %originhost %responsetime %upstreamtime %bytes %referer %ua %xff"
            :nginxaccesslog = "%date %status %remotehost %bytes %responsetime"
            *** REGEXP ***
            %date = '(?#=date)\[(?#=ts)\d{2}\/\w{3}\/\d{4}(?::\d{2}){3}(?#!ts) [-+]\d{4}\](?#!date)'
            %status = '(?#=status)\d+(?#!status)'
            %remotehost = '(?#=remotehost)\S+(?#!remotehost)'
            %domain = '(?#=domain).*?(?#!domain)'
            %request = '(?#=request)-|(?#=method)\w+(?#!method) (?#=url).*?(?#!url) (?#=version)HTTP/\d\.\d(?#!version)(?#!request)'
            %originhost = '(?#=originhost)-|(?#=oh).*?(?#!oh):\d+(?#!originhost)'
            %responsetime = '(?#=responsetime)-|.*?(?#!responsetime)'
            %upstreamtime = '(?#=upstreamtime).*?(?#!upstreamtime)'
            %bytes = '(?#=bytes)\d+(?#!bytes)'
            %referer = '(?#=referer)\"(?#=ref).*?(?#!ref)\"(?#!referer)'
            %useragent = '(?#=useragent)\"(?#=ua).*?(?#!ua)\"(?#!useragent)'
            %xforwarderfor = '(?#=xforwarderfor)\"(?#=xff).*?(?#!xff)\"(?#!xforwarderfor)'
    
            # message-passing-cli
            use Message::Passing::DSL;
            run_message_server message_chain {
                input file => (
                    class => 'FileTail',
                    output_to => 'decoder',
                );
                decoder decoder => (
                    class => 'JSON',
                    output_to => 'logstash',
                );
                filter logstash => (
                    class => 'ToLogstash',
                    output_to => 'regexp',
                );
                filter regexp => (
                    class => 'Regexp',
                    format => ':nginxaccesslog',
                    capture => [qw( ts status remotehost url oh responsetime upstreamtime bytes )]
                    output_to => 'encoder',
                );
                encoder("encoder",
                    class => 'JSON',
                    output_to => 'stdout',
                    output_to => 'es',
                );
                output stdout => (
                    class => 'STDOUT',
                );
                output elasticsearch => (
                    class => 'ElasticSearch',
                    elasticsearch_servers => ['127.0.0.1:9200'],
                );
            };
    
    DESCRIPTION
        This filter passes all incoming messages through with regexp captures.
        Note it must be running after Message::Passing::Filter::ToLogstash
        because it don't process with json format but directly capture
    
        "$message->{'@message'}" data lines into "%{ $message->{'@fields'} }"
    
    
    ATTRIBUTES
      regexfile
        Path of your regexfile. Default is /etc/message-passing/regexfile.
    
      format
        Name of a defined format in your regexfile.
    
      capture
        ArrayRef of regex names which you want to capture and has been defined
        in your regexfile. note delete the prefix "%".
    
    SEE ALSO
        Capture Idea steal from <http://logstash.net> Grok filter Config Format
        steal from <http://oss.oetiker.ch/smokeping> use Config::Grammar
    
    AUTHOR
    
        chenryn, <rao.chenlin@gmail.com>
    
    
    COPYRIGHT AND LICENSE
        Copyright (C) 2012 by chenryn
    
        This library is free software; you can redistribute it and/or modify it
        under the same terms as Perl itself, either Perl version 5.14.2 or, at
        your option, any later version of Perl 5 you may have available.