Message::Passing::Filter::Regexp (3pm)

Regexp capture filter for message::passing

  1. Carta.tech
  2. Man Pages
  3. MISSING SECTION
  4. Message::Passing::Filter::Regexp: Regexp capture filter for message::passing
  1. Carta.tech
  2. Packages
  3. libmessage-passing-filter-regexp-perl
  4. Message::Passing::Filter::Regexp: Regexp capture filter for message::passing

SYNOPSIS

    # regexfile
    [FORMAT]
    :default = %date %status %remotehost %domain %request %originhost %responsetime %upstreamtime %bytes %referer %ua %xff
    :nginxaccesslog = %date %status %remotehost %bytes %responsetime
    [REGEXP]
    %date = (?#=date)\[(?#=ts)\d{2}\/\w{3}\/\d{4}(?::\d{2}){3}(?#!ts) [-+]\d{4}\](?#!date)
    %status = (?#=status)\d+(?#!status)
    %remotehost = (?#=remotehost)\S+(?#!remotehost)
    %domain = (?#=domain).*?(?#!domain)
    %request = (?#=request)-|(?#=method)\w+(?#!method) (?#=url).*?(?#!url) (?#=version)HTTP/\d\.\d(?#!version)(?#!request)
    %originhost = (?#=originhost)-|(?#=oh).*?(?#!oh):\d+(?#!originhost)
    %responsetime = (?#=responsetime)-|.*?(?#!responsetime)
    %upstreamtime = (?#=upstreamtime).*?(?#!upstreamtime)
    %bytes = (?#=bytes)\d+(?#!bytes)
    %referer = (?#=referer)\"(?#=ref).*?(?#!ref)\"(?#!referer)
    %useragent = (?#=useragent)\"(?#=ua).*?(?#!ua)\"(?#!useragent)
    %xforwarderfor = (?#=xforwarderfor)\"(?#=xff).*?(?#!xff)\"(?#!xforwarderfor)

    # message-passing-cli
    use Message::Passing::DSL;
    run_message_server message_chain {
        output stdout => (
            class => 'STDOUT',
        );
        output elasticsearch => (
            class => 'ElasticSearch',
            elasticsearch_servers => ['127.0.0.1:9200'],
        );
        encoder("encoder",
            class => 'JSON',
            output_to => 'stdout',
            output_to => 'es',
        );
        filter regexp => (
            class => 'Regexp',
            format => ':nginxaccesslog',
            capture => [qw( ts status remotehost url oh responsetime upstreamtime bytes )]
            output_to => 'encoder',
        );
        filter logstash => (
            class => 'ToLogstash',
            output_to => 'regexp',
        );
        decoder decoder => (
            class => 'JSON',
            output_to => 'logstash',
        );
        input file => (
            class => 'FileTail',
            output_to => 'decoder',
        );
    };

DESCRIPTION

This filter passes all incoming messages through with regexp captures.

Note it must be running after Message::Passing::Filter::ToLogstash because it don't process with json format but directly capture \*(C`$message->{'@message'}\*(C' data lines into \*(C`%{ $message->{'@fields'} }\*(C'

ATTRIBUTES

regexfile

Path of your regexfile. Default is /etc/message-passing/regexfile.

format

Name of a defined format in your regexfile.

capture

ArrayRef of regex names which you want to capture and has been defined in your regexfile. note delete the prefix \*(C`%\*(C'.

fromto

HashRef of fields which you want capture from and to. Default as \*(C`{ '@message' => '@fields' }\*(C'.

If you set \*(C`undef\*(C' to one key, such field will exists directly in %$message.

RELATED TO Message::Passing::Filter::Regexp…

Idea steal from <http://logstash.net> Grok filter

Config Format see Config::Tiny

AUTHOR

chenryn, <[email protected]<gt>

CONTRIBUTOR

Alexander Hartmaier

COPYRIGHT AND LICENSE

Copyright (C) 2012 by chenryn

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.14.2 or, at your option, any later version of Perl 5 you may have available.