Class: LogStash::Filters::Pilar

Inherits:
Base
  • Object
show all
Defined in:
lib/logstash/filters/pilar.rb

Overview

Parses log events using PILAR

Instance Method Summary collapse

Instance Method Details

#filter(event) ⇒ Object 



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
 
# File 'lib/logstash/filters/pilar.rb', line 62

def filter(event)
  # Initialize gramdict and preprocessor for this thread if not already done
  unless Thread.current[:gramdict] && Thread.current[:preprocessor]
    Thread.current[:gramdict] = GramDict.new(@maximum_gram_dict_size)
    Thread.current[:preprocessor] =
      Preprocessor.new(Thread.current[:gramdict], @logformat, @content_specifier, @regexes)

    # Populate gramdict with seed logs
    if @seed_logs_path && ::File.exist?(@seed_logs_path)
      ::File.open(@seed_logs_path, 'r') do |seed_logs|
        seed_logs.each_line do |seed_log|
          Thread.current[:preprocessor].process_log_event(seed_log, @dynamic_token_threshold, false)
        end
      end
    end
  end

  # Use the message from the specified source field
  if event.get(@source_field)

    processed_log = Thread.current[:preprocessor].process_log_event(
      event.get(@source_field), @dynamic_token_threshold, true
    )

    if processed_log
      template_string, dynamic_tokens = processed_log

      # Set the new values in the returned event
      event.set('template_string', template_string)
      event.set('dynamic_tokens', dynamic_tokens)
    else
      event.set('dynamic_tokens', nil)
      event.set('template_string', nil)
    end

    # include the raw log message
    raw_log = event.get(@source_field)
    event.set('raw_log', raw_log.strip)
  end

  # Emit event
  filter_matched(event)
end

#registerObject

Raises:

  • (LogStash::ConfigurationError) 


52
53
54
55
56
57
58
59
60
 
# File 'lib/logstash/filters/pilar.rb', line 52

def register
  @linenumber = 1
  @regexes = regexes.map { |regex| Regexp.new(regex) }

  # Check if dynamic_token_threshold is between 0 and 1
  return unless @dynamic_token_threshold < 0.0 || @dynamic_token_threshold > 1.0

  raise LogStash::ConfigurationError, 'dynamic_token_threshold must be between 0 and 1'
end