Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/wallyqs/fluent-parser-grok

Grok parser for Fluentd
https://github.com/wallyqs/fluent-parser-grok

Last synced: 8 days ago
JSON representation

Grok parser for Fluentd

Host: GitHub
URL: https://github.com/wallyqs/fluent-parser-grok
Owner: wallyqs
Created: 2014-05-02T03:35:30.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2014-03-13T22:44:10.000Z (almost 11 years ago)
Last Synced: 2024-11-04T23:24:20.721Z (about 2 months ago)
Language: Ruby
Size: 227 KB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        #Fluentd Grok Parser (experimental)

This is a proof of concept to add Grok support for [Fluentd](http://fluentd.org).

##What's Grok?

Grok is a tool to help you parse unstructured logs without writing super complex regular expressions.

##How to use (for now)

- Copy the stuff under in lib into your Fluentd instance

- Under lib/fluent/plugin/, create a new file (say ext_parser.rb) and add the following

    module Fluent

      class TextParser

        self.register_template(, , )

        ...

      end

    end

Now, you should be able to use  as a Grok pattern.

For example, Grok has a pattern called %{COMBINEDAPACHELOG} (which is basically the same as `format apache2`. Then, you can register

    module Fluent

      class TextParser

        self.register_template('apache_grok', "%{COMBINEDAPACHELOG}", "%d/%b/%Y:%H:%M:%S %z")

      end

    end

Grok supports many formats out of the box, such as Cisco firewall logs, Nagios logs, etc.

##N.B.

This is a proof of concept. Most likely, many details of it will change.