Class: Grok

Inherits:

FFI::Struct

• Object
• FFI::Struct
• Grok

Includes:

CGrok

Defined in:

lib/grok.rb,
lib/grok-pure.rb,
lib/grok/namespace.rb,
lib/grok/c-ext/pile.rb

Overview

A grok pile is an easy way to have multiple patterns together so that you can try to match against each one. The API provided should be similar to the normal Grok interface, but you can compile multiple patterns and match will try each one until a match is found.

Defined Under Namespace

Modules: CGrok Classes: Discovery, Match, PatternError, Pile

Constant Summary

GROK_OK =

0

GROK_ERROR_FILE_NOT_ACCESSIBLE =

1

GROK_ERROR_PATTERN_NOT_FOUND =

2

GROK_ERROR_UNEXPECTED_READ_SIZE =

3

GROK_ERROR_COMPILE_FAILED =

4

GROK_ERROR_UNINITIALIZED =

5

GROK_ERROR_PCRE_ERROR =

6

GROK_ERROR_NOMATCH =

7

PATTERN_RE =

/%\{    # match '%{' not prefixed with '\'
  (?<name>     # match the pattern name
    (?<pattern>[A-z0-9]+)
    (?::(?<subname>[@\[\]A-z0-9_:.-]+))?
  )
  (?:=(?<definition>
    (?:
      (?:[^{}\\]+|\\.+)+
      |
      (?<curly>\{(?:(?>[^{}]+|(?>\\[{}])+)|(\g<curly>))*\})+
    )+
  ))?
  [^}]*
\}/x

Instance Attribute Summary

• #expanded_pattern ⇒ Object

  The fully-expanded pattern (in regex form).

• #logger ⇒ Object

  The logger.

• #pattern ⇒ Object

  The pattern input.

• #patterns ⇒ Object

  The dictionary of pattern names to pattern expressions.

Instance Method Summary

• #add_pattern(name, pattern) ⇒ Object
• #add_patterns_from_file(path) ⇒ Object
• #capture(match, block) ⇒ Object

  def match_and_capture.

• #compile(pattern, named_captures_only = false) ⇒ Object
• #discover(input) ⇒ Object
• #initialize ⇒ Grok constructor

  A new instance of Grok.

• #match(text) ⇒ Object
• #match_and_capture(text) ⇒ Object

  Optimized match and capture instead of calling them separately.

Constructor Details

#initialize ⇒ Grok

Returns a new instance of Grok.

# File 'lib/grok.rb', line 49

def initialize
  super(grok_new)
end

Instance Attribute Details

#expanded_pattern ⇒ Object

The fully-expanded pattern (in regex form)

# File 'lib/grok-pure.rb', line 15

def expanded_pattern
  return self[:full_pattern]
end

#logger ⇒ Object

The logger

# File 'lib/grok-pure.rb', line 18

def logger
  @logger
end

#pattern ⇒ Object

The pattern input

# File 'lib/grok-pure.rb', line 12

def pattern
  return self[:pattern]
end

#patterns ⇒ Object

The dictionary of pattern names to pattern expressions

# File 'lib/grok-pure.rb', line 21

def patterns
  @patterns
end

Instance Method Details

#add_pattern(name, pattern) ⇒ Object

# File 'lib/grok.rb', line 54

def add_pattern(name, pattern)
  name_c = FFI::MemoryPointer.from_string(name)
  pattern_c = FFI::MemoryPointer.from_string(pattern)
  grok_pattern_add(self, name_c, name.length, pattern_c, pattern.length)
  return nil
end

#add_patterns_from_file(path) ⇒ Object

# File 'lib/grok.rb', line 62

def add_patterns_from_file(path)
  path_c = FFI::MemoryPointer.from_string(path)
  ret = grok_patterns_import_from_file(self, path_c)
  if ret != GROK_OK
    raise ArgumentError, "Failed to add patterns from file #{path}"
  end
  return nil
end

#capture(match, block) ⇒ Object

def match_and_capture

# File 'lib/grok-pure.rb', line 183

def capture(match, block)
  @captures_func.call(match) { |k,v| block.call k,v }
end

#compile(pattern, named_captures_only = false) ⇒ Object

# File 'lib/grok.rb', line 82

def compile(pattern)
  pattern_c = FFI::MemoryPointer.from_string(pattern)
  ret = grok_compilen(self, pattern_c, pattern.length)
  if ret != GROK_OK
    raise ArgumentError, "Compile failed: #{self[:errstr]})"
  end
  return ret
end

#discover(input) ⇒ Object

# File 'lib/grok.rb', line 119

def discover(input)
  init_discover if @discover == nil

  return @discover.discover(input)
end

#match(text) ⇒ Object

Raises:

• (ValueError)

# File 'lib/grok.rb', line 92

def match(text)
  match = Grok::Match.new
  text_c = FFI::MemoryPointer.from_string(text)
  rc = grok_execn(self, text_c, text.size, match)
  case rc
  when GROK_OK
    # Give the Grok::Match object a reference to the 'text_c'
    # object which is also Grok::Match#subject string;
    # this will prevent Ruby from garbage collecting it until
    # the match object is garbage collectd.
    #
    # If we don't do this, then 'text_c' will fall out of
    # scope at the end of this function and become a candidate
    # for garbage collection, causing Grok::Match#subject to become
    # corrupt and any captures to point to those corrupt portions.
    # http://code.google.com/p/logstash/issues/detail?id=47
    match.subject_memorypointer = text_c

    return match
  when GROK_ERROR_NOMATCH
    return false
  end

  raise ValueError, "unknown return from grok_execn: #{rc}"
end

#match_and_capture(text) ⇒ Object

Optimized match and capture instead of calling them separately

# File 'lib/grok-pure.rb', line 171

def match_and_capture(text)
  match = @regexp.match(text)
  if match
    @logger.debug? and @logger.debug("Regexp match object", :names => match.names,
                                     :captures => match.captures)
    @captures_func.call(match) { |k,v| yield k,v }
    return true
  else
    return false
  end
end