Class: Grok

Inherits:

FFI::Struct

• Object
• FFI::Struct
• Grok

Includes:

CGrok

Defined in:

lib/grok/pile.rb,
lib/grok.rb

Overview

A grok pile is an easy way to have multiple patterns together so that you can try to match against each one. The API provided should be similar to the normal Grok interface, but you can compile multiple patterns and match will try each one until a match is found.

Defined Under Namespace

Modules: CGrok Classes: Match, Pile

Constant Summary

GROK_OK =

0

GROK_ERROR_FILE_NOT_ACCESSIBLE =

1

GROK_ERROR_PATTERN_NOT_FOUND =

2

GROK_ERROR_UNEXPECTED_READ_SIZE =

3

GROK_ERROR_COMPILE_FAILED =

4

GROK_ERROR_UNINITIALIZED =

5

GROK_ERROR_PCRE_ERROR =

6

GROK_ERROR_NOMATCH =

7

Instance Method Summary

• #add_pattern(name, pattern) ⇒ Object
• #add_patterns_from_file(path) ⇒ Object
• #compile(pattern) ⇒ Object
• #discover(input) ⇒ Object
• #expanded_pattern ⇒ Object
• #initialize ⇒ Grok constructor

  A new instance of Grok.

• #match(text) ⇒ Object
• #pattern ⇒ Object

Constructor Details

#initialize ⇒ Grok

Returns a new instance of Grok.

# File 'lib/grok.rb', line 48

def initialize
  super(grok_new)
end

Instance Method Details

#add_pattern(name, pattern) ⇒ Object

# File 'lib/grok.rb', line 53

def add_pattern(name, pattern)
  name_c = FFI::MemoryPointer.from_string(name)
  pattern_c = FFI::MemoryPointer.from_string(pattern)
  grok_pattern_add(self, name_c, name.length, pattern_c, pattern.length)
  return nil
end

#add_patterns_from_file(path) ⇒ Object

# File 'lib/grok.rb', line 61

def add_patterns_from_file(path)
  path_c = FFI::MemoryPointer.from_string(path)
  ret = grok_patterns_import_from_file(self, path_c)
  if ret != GROK_OK
    raise ArgumentError, "Failed to add patterns from file #{path}"
  end
  return nil
end

#compile(pattern) ⇒ Object

# File 'lib/grok.rb', line 81

def compile(pattern)
  pattern_c = FFI::MemoryPointer.from_string(pattern)
  ret = grok_compilen(self, pattern_c, pattern.length)
  if ret != GROK_OK
    raise ArgumentError, "Compile failed: #{self[:errstr]})"
  end
  return ret
end

#discover(input) ⇒ Object

# File 'lib/grok.rb', line 118

def discover(input)
  init_discover if @discover == nil

  return @discover.discover(input)
end

#expanded_pattern ⇒ Object

# File 'lib/grok.rb', line 76

def expanded_pattern
  return self[:full_pattern]
end

#match(text) ⇒ Object

Raises:

• (ValueError)

# File 'lib/grok.rb', line 91

def match(text)
  match = Grok::Match.new
  text_c = FFI::MemoryPointer.from_string(text)
  rc = grok_execn(self, text_c, text.size, match)
  case rc
  when GROK_OK
    # Give the Grok::Match object a reference to the 'text_c'
    # object which is also Grok::Match#subject string;
    # this will prevent Ruby from garbage collecting it until
    # the match object is garbage collectd.
    #
    # If we don't do this, then 'text_c' will fall out of
    # scope at the end of this function and become a candidate
    # for garbage collection, causing Grok::Match#subject to become
    # corrupt and any captures to point to those corrupt portions.
    # http://code.google.com/p/logstash/issues/detail?id=47
    match.subject_memorypointer = text_c

    return match
  when GROK_ERROR_NOMATCH
    return false
  end

  raise ValueError, "unknown return from grok_execn: #{rc}"
end

#pattern ⇒ Object

# File 'lib/grok.rb', line 71

def pattern
  return self[:pattern]
end