class Fluent::Plugin::GrepFilter

Constants

Expression
REGEXP_MAX_NUM

Attributes

_exclude_and_conditions[R]

for test

_exclude_or_conditions[R]

for test

_regexp_and_conditions[R]

for test

_regexp_or_conditions[R]

for test

Public Class Methods

new() click to toggle source
Calls superclass method Fluent::Plugin::Filter.new
# File lib/fluent/plugin/filter_grep.rb, line 25
def initialize
  super

  @_regexp_and_conditions = nil
  @_exclude_and_conditions = nil
  @_regexp_or_conditions = nil
  @_exclude_or_conditions = nil
end

Public Instance Methods

configure(conf) click to toggle source
Calls superclass method Fluent::PluginLoggerMixin#configure
# File lib/fluent/plugin/filter_grep.rb, line 88
def configure(conf)
  super

  regexp_and_conditions = {}
  regexp_or_conditions = {}
  exclude_and_conditions = {}
  exclude_or_conditions = {}

  (1..REGEXP_MAX_NUM).each do |i|
    next unless conf["regexp#{i}"]
    key, regexp = conf["regexp#{i}"].split(/ /, 2)
    raise Fluent::ConfigError, "regexp#{i} does not contain 2 parameters" unless regexp
    raise Fluent::ConfigError, "regexp#{i} contains a duplicated key, #{key}" if regexp_and_conditions[key]
    regexp_and_conditions[key] = Expression.new(record_accessor_create(key), Regexp.compile(regexp))
  end

  (1..REGEXP_MAX_NUM).each do |i|
    next unless conf["exclude#{i}"]
    key, exclude = conf["exclude#{i}"].split(/ /, 2)
    raise Fluent::ConfigError, "exclude#{i} does not contain 2 parameters" unless exclude
    raise Fluent::ConfigError, "exclude#{i} contains a duplicated key, #{key}" if exclude_or_conditions[key]
    exclude_or_conditions[key] = Expression.new(record_accessor_create(key), Regexp.compile(exclude))
  end

  if @regexps.size > 1
    log.info "Top level multiple <regexp> is intepreted as 'and' condition"
  end
  @regexps.each do |e|
    raise Fluent::ConfigError, "Duplicate key: #{e.key}" if regexp_and_conditions.key?(e.key)
    regexp_and_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
  end

  if @excludes.size > 1
    log.info "Top level multiple <exclude> is intepreted as 'or' condition"
  end
  @excludes.each do |e|
    raise Fluent::ConfigError, "Duplicate key: #{e.key}" if exclude_or_conditions.key?(e.key)
    exclude_or_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
  end

  @and_conditions.each do |and_condition|
    if !and_condition.regexps.empty? && !and_condition.excludes.empty?
      raise Fluent::ConfigError, "Do not specify both <regexp> and <exclude> in <and>"
    end
    and_condition.regexps.each do |e|
      raise Fluent::ConfigError, "Duplicate key in <and>: #{e.key}" if regexp_and_conditions.key?(e.key)
      regexp_and_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
    end
    and_condition.excludes.each do |e|
      raise Fluent::ConfigError, "Duplicate key in <and>: #{e.key}" if exclude_and_conditions.key?(e.key)
      exclude_and_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
    end
  end

  @or_conditions.each do |or_condition|
    if !or_condition.regexps.empty? && !or_condition.excludes.empty?
      raise Fluent::ConfigError, "Do not specify both <regexp> and <exclude> in <or>"
    end
    or_condition.regexps.each do |e|
      raise Fluent::ConfigError, "Duplicate key in <or>: #{e.key}" if regexp_or_conditions.key?(e.key)
      regexp_or_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
    end
    or_condition.excludes.each do |e|
      raise Fluent::ConfigError, "Duplicate key in <or>: #{e.key}" if exclude_or_conditions.key?(e.key)
      exclude_or_conditions[e.key] = Expression.new(record_accessor_create(e.key), e.pattern)
    end
  end

  @_regexp_and_conditions = regexp_and_conditions.values unless regexp_and_conditions.empty?
  @_exclude_and_conditions = exclude_and_conditions.values unless exclude_and_conditions.empty?
  @_regexp_or_conditions = regexp_or_conditions.values unless regexp_or_conditions.empty?
  @_exclude_or_conditions = exclude_or_conditions.values unless exclude_or_conditions.empty?
end
filter(tag, time, record) click to toggle source
# File lib/fluent/plugin/filter_grep.rb, line 162
def filter(tag, time, record)
  begin
    if @_regexp_and_conditions && @_regexp_and_conditions.any? { |expression| !expression.match?(record) }
      return nil
    end
    if @_regexp_or_conditions && @_regexp_or_conditions.none? { |expression| expression.match?(record) }
      return nil
    end
    if @_exclude_and_conditions && @_exclude_and_conditions.all? { |expression| expression.match?(record) }
      return nil
    end
    if @_exclude_or_conditions && @_exclude_or_conditions.any? { |expression| expression.match?(record) }
      return nil
    end
  rescue => e
    log.warn "failed to grep events", error: e
    log.warn_backtrace
  end
  record
end