Create 'exec' filter · elastic/logstash#2528

(1 comment) (1 reaction) (0 assignees)Ruby (14,197 stars) (3,496 forks)batch import

help wantednew plugin

説明

Migrated from https://logstash.jira.com/browse/LOGSTASH-119:

Would be useful to pipe arbitrary fields through a command to modify them.

Here's an example that would anonymize hostnames or something.
filter {
  exec {
    command => "sed -re 's/\S+\.loggly\.com/anonymizedhost.example.com/'"
    fields => [ "@message", "hostname", "@source_host" ]
  }
}
The default would use only the message to parse

The protocol between logstash and the exec filter must be strict. Something like: for every line emitted, one line must be emitted as the 'new' line. If no changes are made, simply print it unmodified.

deleting the field can be done by printing a blank line

we exec the process once and use stdin for sending data, stdout for reading responses; if it dies, some retries should occur

コントリビューターガイド

技術スタック: rubyshell
領域: backenddatatooling
Issue 種別: feature
難度: 3
推定時間: 1-2 days
活動状況: stale
明確さ: clear
前提条件: RubyLogstash plugin architectureUnderstanding of filter plugins
初心者向け度: 25
調査方針: Examine existing filter plugins (e.g., mutate, drop) in the Logstash plugin directory. Understand how filter plugins register and process events. The exec filter should spawn a process, pipe fields via stdin, read stdout, and update events. Pay attention to error handling and retry logic as described. Review the Logstash filter API documentation.