Class: Fluent::Plugin::NamedQueriesParser

Inherits:

Parser

Object
Parser
Fluent::Plugin::NamedQueriesParser

show all

Defined in:: lib/fluent/plugin/parser_named_queries.rb

Overview

fluentd parser for bind/named queries format

Constant Summary collapse

REGEXP =

/
^
((?<time>\d{2}-\w{3}-\d{4}\s\d{2}:\d{2}:\d{2}.\d{3})\s)?
((?<category>queries):\s)?
((?<severity>(critical|error|warning|notice|info|debug)):\s)?
client\s@(?<client_id>\w+)\s(?<client_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:::)?(?:[a-zA-Z\d]{1,4}::?){1,7}[a-zA-Z\d]{0,4})\#(?<client_port>\d+)(\s\((?<client_query_name>[a-zA-Z\d.-]+)\))?:
\sview\s(?<view>\w+):
\s(?<message_type>query):
\s(?<query_name>\S+)\s(?<query_class>\w+)\s(?<query_type>\w+)\s(?<query_flags>(?:\+|-)\S*)
\s\((?<server_ip>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|(?:::)?(?:[a-zA-Z\d]{1,4}::?){1,7}[a-zA-Z\d]{0,4})\)
$
/x.freeze

TIME_FORMAT =

'%d-%B-%Y %H:%M:%S.%L'

Instance Method Summary collapse

#configure(conf) ⇒ Object
#initialize(event_time = Fluent::EventTime) ⇒ NamedQueriesParser constructor

A new instance of NamedQueriesParser.
#parse(text) {|time, record| ... } ⇒ Object

Constructor Details

#initialize(event_time = Fluent::EventTime) ⇒ `NamedQueriesParser`

Returns a new instance of NamedQueriesParser.

# File 'lib/fluent/plugin/parser_named_queries.rb', line 44

def initialize(event_time = Fluent::EventTime)
  super()
  @mutex = Mutex.new
  @event_time = event_time
end

Instance Method Details

#configure(conf) ⇒ `Object`

# File 'lib/fluent/plugin/parser_named_queries.rb', line 50

def configure(conf)
  super
  @time_parser = time_parser_create(format: TIME_FORMAT)
end

#parse(text) {|time, record| ... } ⇒ `Object`

Yields:

(time, record)

# File 'lib/fluent/plugin/parser_named_queries.rb', line 55

def parse(text)
  m = REGEXP.match(text)
  unless m
    yield nil, nil
    return
  end

  time = m['time']
  time = if time
           @mutex.synchronize { @time_parser.parse(time) }
         else
           @event_time.now
         end

  record = {}
  m.names.each do |name|
    next if name == 'time'

    record[name] = m[name] if m[name]
  end

  record['client_port'] = record['client_port'].to_i if record['client_port']

  record.update(Fluent::Plugin::Bind::Utils.parse_flags(record['query_flags'], prefix: 'query_flag_'))

  yield time, record
end

Class: Fluent::Plugin::NamedQueriesParser

Overview

Constant Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(event_time = Fluent::EventTime) ⇒ NamedQueriesParser

Instance Method Details

#configure(conf) ⇒ Object

#parse(text) {|time, record| ... } ⇒ Object

#initialize(event_time = Fluent::EventTime) ⇒ `NamedQueriesParser`

#configure(conf) ⇒ `Object`

#parse(text) {|time, record| ... } ⇒ `Object`