elastic/logstash

Create 'exec' filter

Open

#2,528 建立於 2015年2月6日

在 GitHub 查看
 (1 留言) (1 反應) (0 負責人)Ruby (14,197 star) (3,496 fork)batch import
help wantednew plugin

描述

Migrated from https://logstash.jira.com/browse/LOGSTASH-119:

Would be useful to pipe arbitrary fields through a command to modify them.

Here's an example that would anonymize hostnames or something.

filter {
  exec {
    command => "sed -re 's/\S+\.loggly\.com/anonymizedhost.example.com/'"
    fields => [ "@message", "hostname", "@source_host" ]
  }
}

The default would use only the message to parse

The protocol between logstash and the exec filter must be strict. Something like: for every line emitted, one line must be emitted as the 'new' line. If no changes are made, simply print it unmodified.

deleting the field can be done by printing a blank line

we exec the process once and use stdin for sending data, stdout for reading responses; if it dies, some retries should occur

貢獻者指南

技術棧
rubyshell
領域
backenddatatooling
議題類型
feature
難度面向新貢獻者的預計實作難度,1 表示很小改動,5 表示專家級工作。
3
預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。
1-2 days
活動狀態議題目前的可參與程度:新鮮、活躍、陳舊、阻塞或等待維護者輸入。
stale
清晰度議題是否清楚說明預期改動、驗收標準和下一步。
clear
前置要求
RubyLogstash plugin architectureUnderstanding of filter plugins
新手友善度1-100 的估計分數,表示該議題對首次貢獻者的友善程度。
25
研究方向
Examine existing filter plugins (e.g., mutate, drop) in the Logstash plugin directory. Understand how filter plugins register and process events. The exec filter should spawn a process, pipe fields via stdin, read stdout, and update events. Pay attention to error handling and retry logic as described. Review the Logstash filter API documentation.