README
¶
gogstash gonx filter module
Gonx is a log parser, originally written to parse nginx logs. Gonx is a separate project that has been added as a filter to gogstash. It is simple to use and can parse all kind of logfiles that have a fixed text format. If you need more advanced parsing then have a look at the grok filter instead.
Synopsis
filter:
- type: gonx
# (optional) pattern to match, see below, default: nginx access log
format: format-to-match
# (optional) message field to parse, default: "message"
source: message
Example use
An example Apache log can look like this:
127.0.0.1 - Scott [10/Dec/2019:13:55:36 -0700] "GET /server-status HTTP/1.1" 200 2326
To parse this with gonx a filter like this can be used:
$ip $remotename $username [$time] "$request" $http_status $bytes
When parsed the variables will be fields in the event.
NOTICE:
- If you using yaml config file,
\should be written in\\in match patterns. For example:"\\[%{HTTPDATE:nginx.access.time}\\]". - For JSON files you may also need to escape the quotes.
Documentation
¶
Index ¶
Constants ¶
View Source
const ErrorTag = "gogstash_filter_gonx_error"
ErrorTag tag added to event when process module failed
View Source
const ModuleName = "gonx"
ModuleName is the name used in config file
Variables ¶
View Source
var (
ErrorNoFieldInNginxFormat1 = errutil.NewFactory("no field found in nginx format: %q")
)
Errors
Functions ¶
Types ¶
type FilterConfig ¶
type FilterConfig struct {
config.FilterConfig
Format string `json:"format"` // nginx log format
Source string `json:"source"` // source message field name
// contains filtered or unexported fields
}
FilterConfig holds the configuration json fields and internal objects
func DefaultFilterConfig ¶
func DefaultFilterConfig() FilterConfig
DefaultFilterConfig returns an FilterConfig struct with default values
Source Files
Click to show internal directories.
Click to hide internal directories.