From 3669acbb26f475ec302ec6cd9927b073ac7f3160 Mon Sep 17 00:00:00 2001 From: Eric Fontana Date: Thu, 30 Apr 2015 10:09:07 -0400 Subject: [PATCH] Release 1.3.25.0 candidate --- .../Properties/AssemblyInfo.cs | 4 +- .../TimberWinR.TestGenerator.csproj | 9 ++++ TimberWinR.TestGenerator/UdpTestGenerator.cs | 15 ++++-- TimberWinR.TestGenerator/results5.json | 13 +++++ TimberWinR.TestGenerator/test1-twconfig.json | 2 +- TimberWinR.TestGenerator/test5-twconfig.json | 42 +++++++++++++++ TimberWinR.TestGenerator/test5.json | 15 ++++++ TimberWinR.UnitTests/JsonFilterTests.cs | 51 +++++++++++++++++++ TimberWinR.sln | 3 ++ TimberWinR/Filters/GrokFilter.cs | 46 ++++++++--------- TimberWinR/Filters/JsonFilter.cs | 9 ++-- TimberWinR/Inputs/InputListener.cs | 29 +++++++++++ TimberWinR/Inputs/TcpInputListener.cs | 38 ++++++++++++-- TimberWinR/Inputs/UdpInputListener.cs | 35 ++++++++++++- TimberWinR/Manager.cs | 4 +- TimberWinR/Outputs/Redis.cs | 9 +++- TimberWinR/Parser.cs | 44 +++++++++------- TimberWinR/ReleaseNotes.md | 6 +++ TimberWinR/mdocs/GrokFilter.md | 32 ++++++++++-- TimberWinR/mdocs/JsonFilter.md | 40 +++++++++------ TimberWinR/mdocs/Logs.md | 4 +- TimberWinR/mdocs/RedisOutput.md | 10 ++-- TimberWinR/mdocs/TailFiles.md | 2 + TimberWinR/mdocs/TcpInput.md | 9 ++-- TimberWinR/mdocs/UdpInput.md | 5 +- 25 files changed, 387 insertions(+), 89 deletions(-) create mode 100644 TimberWinR.TestGenerator/results5.json create mode 100644 TimberWinR.TestGenerator/test5-twconfig.json create mode 100644 TimberWinR.TestGenerator/test5.json diff --git a/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs b/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs index 67ea23e..8fef8ee 100644 --- a/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs +++ b/TimberWinR.ServiceHost/Properties/AssemblyInfo.cs @@ -32,5 +32,5 @@ using System.Runtime.InteropServices; // You can specify all the values or you can default the Build and Revision Numbers // by using the '*' as shown below: // [assembly: AssemblyVersion("1.0.*")] -[assembly: AssemblyVersion("1.3.24.0")] -[assembly: AssemblyFileVersion("1.3.24.0")] +[assembly: AssemblyVersion("1.3.25.0")] +[assembly: AssemblyFileVersion("1.3.25.0")] diff --git a/TimberWinR.TestGenerator/TimberWinR.TestGenerator.csproj b/TimberWinR.TestGenerator/TimberWinR.TestGenerator.csproj index f4d9f23..19d78bb 100644 --- a/TimberWinR.TestGenerator/TimberWinR.TestGenerator.csproj +++ b/TimberWinR.TestGenerator/TimberWinR.TestGenerator.csproj @@ -117,6 +117,15 @@ PreserveNewest + + PreserveNewest + + + PreserveNewest + + + PreserveNewest + diff --git a/TimberWinR.TestGenerator/UdpTestGenerator.cs b/TimberWinR.TestGenerator/UdpTestGenerator.cs index cf2644f..a8426b3 100644 --- a/TimberWinR.TestGenerator/UdpTestGenerator.cs +++ b/TimberWinR.TestGenerator/UdpTestGenerator.cs @@ -24,7 +24,7 @@ namespace TimberWinR.TestGenerator NumMessages = 100; Port = 6379; Host = "localhost"; - SleepTimeMilliseconds = 10; + SleepTimeMilliseconds = 1; } } @@ -48,16 +48,23 @@ namespace TimberWinR.TestGenerator { JObject o = new JObject { - {"Application", "udp-generator"}, - {"Host", hostName}, + {"Application", "udp-generator"}, + {"Executable", "VP.Common.SvcFrm.Services.Host, Version=29.7.0.0, Culture=neutral, PublicKeyToken=null"}, + {"RenderedMessage", "Responding to RequestSchedule message from 10.1.230.36 with Ack because: PRJ byte array is null."}, + {"Team", "Manufacturing Software"}, + {"Host", hostName}, {"UtcTimestamp", DateTime.UtcNow.ToString("o")}, - {"Type", "udp"}, + {"Type", "VP.Fulfillment.Direct.Initialization.LogWrapper"}, {"Message", "Testgenerator udp message " + DateTime.UtcNow.ToString("o")}, {"Index", "logstash"} }; byte[] sendbuf = Encoding.UTF8.GetBytes(o.ToString()); IPEndPoint ep = new IPEndPoint(broadcast, parms.Port); s.SendTo(sendbuf, ep); + + if (i % 1000 == 0) + LogManager.GetCurrentClassLogger().Info("Sent {0} of {1} messages", i, parms.NumMessages); + Thread.Sleep(parms.SleepTimeMilliseconds); } diff --git a/TimberWinR.TestGenerator/results5.json b/TimberWinR.TestGenerator/results5.json new file mode 100644 index 0000000..754b3a8 --- /dev/null +++ b/TimberWinR.TestGenerator/results5.json @@ -0,0 +1,13 @@ +{ + "Results": { + "Inputs": [ + { + "udp": { + "test1: message sent count": "[messages] == 10000", + "test2: average cpu": "[avgCpuUsage] <= 30", + "test3: maximum memory": "[maxMemUsage] <= 30" + } + } + ] + } +} diff --git a/TimberWinR.TestGenerator/test1-twconfig.json b/TimberWinR.TestGenerator/test1-twconfig.json index 4628dc6..38e34cc 100644 --- a/TimberWinR.TestGenerator/test1-twconfig.json +++ b/TimberWinR.TestGenerator/test1-twconfig.json @@ -39,7 +39,7 @@ "_comment": "Change the host to your Redis instance", "port": 6379, "batch_count": 500, - "threads": 2, + "threads": 1, "host": [ "tstlexiceapp006.vistaprint.svc" ] diff --git a/TimberWinR.TestGenerator/test5-twconfig.json b/TimberWinR.TestGenerator/test5-twconfig.json new file mode 100644 index 0000000..c429d4b --- /dev/null +++ b/TimberWinR.TestGenerator/test5-twconfig.json @@ -0,0 +1,42 @@ +{ + "TimberWinR": { + "Inputs": { + "Udp": [ + { + "_comment": "Output from NLog", + "port": 5140, + "add_field": [ + "Environment", + "PLANT_TST_TIMBERWINR" + ], + "rename": [ + "Type", + "type" + ] + } + ], + "TailFiles": [ + { + "interval": 5, + "logSource": "log files", + "location": "*.jlog", + "recurse": -1 + } + ] + }, + "Outputs": { + "Redis": [ + { + "_comment": "Change the host to your Redis instance", + "port": 6379, + "batch_count": 500, + "interval": 1000, + "threads": 4, + "host": [ + "tstlexiceapp006.vistaprint.svc" + ] + } + ] + } + } +} diff --git a/TimberWinR.TestGenerator/test5.json b/TimberWinR.TestGenerator/test5.json new file mode 100644 index 0000000..a431fe2 --- /dev/null +++ b/TimberWinR.TestGenerator/test5.json @@ -0,0 +1,15 @@ +{ + "test": "Test 5", + "arguments": { + "--start": "", + "--testFile": "test5.json", + "--testDir": "test5", + "--timberWinRConfig": "test5-twconfig.json", + "--numMessages": 20000, + "--logLevel": "debug", + "--udp-host": "localhost", + "--udp": "5140", + "--udp-rate": 5, + "--resultsFile": "results5.json" + } +} diff --git a/TimberWinR.UnitTests/JsonFilterTests.cs b/TimberWinR.UnitTests/JsonFilterTests.cs index 4521d3c..e2ef4a7 100644 --- a/TimberWinR.UnitTests/JsonFilterTests.cs +++ b/TimberWinR.UnitTests/JsonFilterTests.cs @@ -77,5 +77,56 @@ namespace TimberWinR.UnitTests Assert.IsNull(nostuff); Assert.AreEqual(6, jsonInputLine2.Count); } + + [Test] + public void TestRenameAndAdds() + { + JObject jsonInputLine1 = new JObject + { + {"type", "Win32-FileLog"}, + {"ComputerName", "dev.mycompany.net"}, + {"Text", "{\"log4net:Username\" : \"NT AUTHORITY\",\"Email\":\"james@example.com\",\"Active\":true,\"CreatedDate\":\"2013-01-20T00:00:00Z\",\"Roles\":[\"User\",\"Admin\"]}"} + }; + + + string jsonFilter = @"{ + ""TimberWinR"":{ + ""Filters"":[ + { + ""json"":{ + ""type"": ""Win32-FileLog"", + ""source"": ""Text"", + ""promote"": ""Text"", + ""add_field"":[ + ""test1"", + ""value1"", + ""test2"", + ""value2"" + ], + ""rename"":[ + ""Active"", + ""active"", + ""log4net:Username"", + ""lusername"" + ] + } + }] + } + }"; + + + // Positive Tests + Configuration c = Configuration.FromString(jsonFilter); + Json jf = c.Filters.First() as Json; + Assert.IsTrue(jf.Apply(jsonInputLine1)); + + Assert.AreEqual("NT AUTHORITY", jsonInputLine1["lusername"].ToString()); + Assert.AreEqual("True", jsonInputLine1["active"].ToString()); + Assert.IsNotNull(jsonInputLine1["test1"]); + Assert.IsNotNull(jsonInputLine1["test2"]); + Assert.AreEqual("value1", jsonInputLine1["test1"].ToString()); + Assert.AreEqual("value2", jsonInputLine1["test2"].ToString()); + } + } } diff --git a/TimberWinR.sln b/TimberWinR.sln index 3de45ec..08bd683 100644 --- a/TimberWinR.sln +++ b/TimberWinR.sln @@ -116,4 +116,7 @@ Global GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection + GlobalSection(Performance) = preSolution + HasPerformanceSessions = true + EndGlobalSection EndGlobal diff --git a/TimberWinR/Filters/GrokFilter.cs b/TimberWinR/Filters/GrokFilter.cs index 7f88d22..bf334e0 100644 --- a/TimberWinR/Filters/GrokFilter.cs +++ b/TimberWinR/Filters/GrokFilter.cs @@ -30,8 +30,6 @@ namespace TimberWinR.Parser } } - - public partial class Grok : LogstashFilter { public override JObject ToJson() @@ -92,35 +90,37 @@ namespace TimberWinR.Parser return true; } + // Test for any true matching condition(s) private bool Matches(Newtonsoft.Json.Linq.JObject json) { - string field = Match[0]; - string expr = Match[1]; - - JToken token = null; - if (json.TryGetValue(field, out token)) + for (int i = 0; i < Match.Length; i += 2) { - string text = token.ToString(); - if (!string.IsNullOrEmpty(text)) + string field = Match[i]; + string expr = Match[i + 1]; + + JToken token = null; + if (json.TryGetValue(field, out token)) { - var resolver = new RegexGrokResolver(); - var pattern = resolver.ResolveToRegex(expr); - var match = Regex.Match(text, pattern); - if (match.Success) + string text = token.ToString(); + if (!string.IsNullOrEmpty(text)) { - var regex = new Regex(pattern); - var namedCaptures = regex.MatchNamedCaptures(text); - foreach (string fieldName in namedCaptures.Keys) + var resolver = new RegexGrokResolver(); + var pattern = resolver.ResolveToRegex(expr); + var match = Regex.Match(text, pattern); + if (match.Success) { - AddOrModify(json, fieldName, namedCaptures[fieldName]); + var regex = new Regex(pattern); + var namedCaptures = regex.MatchNamedCaptures(text); + foreach (string fieldName in namedCaptures.Keys) + { + AddOrModify(json, fieldName, namedCaptures[fieldName]); + } + return true; // Yes! } - return true; // Yes! } + if (string.IsNullOrEmpty(expr)) + return true; // Empty field is no match } - if (string.IsNullOrEmpty(expr)) - return true; // Empty field is no match - else - return false; } return false; // Not specified is failure } @@ -136,7 +136,7 @@ namespace TimberWinR.Parser AddOrModify(json, fieldName, fieldValue); } } - } + } private void RemoveFields(Newtonsoft.Json.Linq.JObject json) { diff --git a/TimberWinR/Filters/JsonFilter.cs b/TimberWinR/Filters/JsonFilter.cs index 1fb7f83..fbe3b63 100644 --- a/TimberWinR/Filters/JsonFilter.cs +++ b/TimberWinR/Filters/JsonFilter.cs @@ -92,9 +92,12 @@ namespace TimberWinR.Parser if (Rename != null && Rename.Length > 0) { - string oldName = ExpandField(Rename[0], json); - string newName = ExpandField(Rename[1], json); - RenameProperty(json, oldName, newName); + for (int i = 0; i < Rename.Length; i += 2) + { + string oldName = ExpandField(Rename[i], json); + string newName = ExpandField(Rename[i+1], json); + RenameProperty(json, oldName, newName); + } } if (RemoveSource) diff --git a/TimberWinR/Inputs/InputListener.cs b/TimberWinR/Inputs/InputListener.cs index 621b06a..c29ae5e 100644 --- a/TimberWinR/Inputs/InputListener.cs +++ b/TimberWinR/Inputs/InputListener.cs @@ -101,6 +101,34 @@ namespace TimberWinR.Inputs LogManager.GetCurrentClassLogger().Error(ex); } } + + protected void AddOrModify(JObject json, string fieldName, string fieldValue) + { + if (json[fieldName] == null) + json.Add(fieldName, fieldValue); + else + json[fieldName] = fieldValue; + } + + protected void RenameProperty(JObject json, string oldName, string newName) + { + JToken token = json[oldName]; + if (token != null) + { + json.Add(newName, token.DeepClone()); + json.Remove(oldName); + } + } + + protected string ExpandField(string fieldName, JObject json) + { + foreach (var token in json.Children().ToList()) + { + string replaceString = "%{" + token.Path + "}"; + fieldName = fieldName.Replace(replaceString, json[token.Path].ToString()); + } + return fieldName; + } protected void EnsureRollingCaught() { @@ -128,6 +156,7 @@ namespace TimberWinR.Inputs } } + public virtual void AddDefaultFields(JObject json) { if (json["type"] == null) diff --git a/TimberWinR/Inputs/TcpInputListener.cs b/TimberWinR/Inputs/TcpInputListener.cs index ed60011..f0ffb37 100644 --- a/TimberWinR/Inputs/TcpInputListener.cs +++ b/TimberWinR/Inputs/TcpInputListener.cs @@ -16,7 +16,7 @@ namespace TimberWinR.Inputs private Thread _listenThreadV4; private Thread _listenThreadV6; private readonly int _port; - + private TimberWinR.Parser.TcpParameters _arguments; private long _receivedMessages; private long _errorCount; @@ -32,15 +32,19 @@ namespace TimberWinR.Inputs return json; } - public TcpInputListener(CancellationToken cancelToken, int port = 5140) + public TcpInputListener(TimberWinR.Parser.TcpParameters arguments, CancellationToken cancelToken, int port = 5140) : base(cancelToken, "Win32-Tcp") { _port = port; + _arguments = arguments; LogManager.GetCurrentClassLogger().Info("Tcp Input(v4/v6) on Port {0} Ready", _port); - _receivedMessages = 0; + if (!string.IsNullOrEmpty(arguments.Type)) + SetTypeName(arguments.Type); + _receivedMessages = 0; + _tcpListenerV6 = new System.Net.Sockets.TcpListener(IPAddress.IPv6Any, port); _tcpListenerV4 = new System.Net.Sockets.TcpListener(IPAddress.Any, port); @@ -91,6 +95,33 @@ namespace TimberWinR.Inputs } } + // + // Renames, and AddFields + // + private void ApplyFilters(JObject json) + { + if (_arguments.Renames != null) + { + for (int i = 0; i < _arguments.Renames.Length; i += 2) + { + var oldName = ExpandField(_arguments.Renames[i], json); + var newName = ExpandField(_arguments.Renames[i + 1], json); + RenameProperty(json, oldName, newName); + } + } + + if (_arguments.AddFields != null) + { + for (int i = 0; i < _arguments.AddFields.Length; i += 2) + { + var fieldName = ExpandField(_arguments.AddFields[i], json); + var fieldValue = ExpandField(_arguments.AddFields[i + 1], json); + AddOrModify(json, fieldName, fieldValue); + } + } + } + + private void HandleNewClient(object client) { var tcpClient = (TcpClient)client; @@ -109,6 +140,7 @@ namespace TimberWinR.Inputs try { JObject json = JObject.Load(reader); + ApplyFilters(json); ProcessJson(json); Interlocked.Increment(ref _receivedMessages); } diff --git a/TimberWinR/Inputs/UdpInputListener.cs b/TimberWinR/Inputs/UdpInputListener.cs index 2063344..fdcff32 100644 --- a/TimberWinR/Inputs/UdpInputListener.cs +++ b/TimberWinR/Inputs/UdpInputListener.cs @@ -20,6 +20,7 @@ namespace TimberWinR.Inputs private long _parseErrors; private long _receiveErrors; private long _parsedMessages; + private TimberWinR.Parser.UdpParameters _arguments; public override JObject ToJson() { @@ -35,10 +36,14 @@ namespace TimberWinR.Inputs return json; } - public UdpInputListener(CancellationToken cancelToken, int port = 5140) : base(cancelToken, "Win32-Udp") + public UdpInputListener(TimberWinR.Parser.UdpParameters arguments, CancellationToken cancelToken, int port = 5140) : base(cancelToken, "Win32-Udp") { _port = port; _receivedMessages = 0; + _arguments = arguments; + + if (!string.IsNullOrEmpty(arguments.Type)) + SetTypeName(arguments.Type); // setup raw data processor _unprocessedRawData = new BlockingCollection(); @@ -141,6 +146,32 @@ namespace TimberWinR.Inputs Finished(); } + // + // Renames, and AddFields + // + private void ApplyFilters(JObject json) + { + if (_arguments.Renames != null) + { + for (int i=0; i<_arguments.Renames.Length; i += 2) + { + var oldName = ExpandField(_arguments.Renames[i], json); + var newName = ExpandField(_arguments.Renames[i + 1], json); + RenameProperty(json, oldName, newName); + } + } + + if (_arguments.AddFields != null) + { + for (int i = 0; i < _arguments.AddFields.Length; i += 2) + { + var fieldName = ExpandField(_arguments.AddFields[i], json); + var fieldValue = ExpandField(_arguments.AddFields[i + 1], json); + AddOrModify(json, fieldName, fieldValue); + } + } + } + private void ProcessData(byte[] bytes) { var data = Encoding.UTF8.GetString(bytes, 0, bytes.Length); @@ -148,8 +179,8 @@ namespace TimberWinR.Inputs try { var json = JObject.Parse(data); + ApplyFilters(json); ProcessJson(json); - _parsedMessages++; } catch (Exception ex) diff --git a/TimberWinR/Manager.cs b/TimberWinR/Manager.cs index 31746a0..a678de7 100644 --- a/TimberWinR/Manager.cs +++ b/TimberWinR/Manager.cs @@ -232,7 +232,7 @@ namespace TimberWinR foreach (var tcp in config.Tcps) { - var elistner = new TcpInputListener(cancelToken, tcp.Port); + var elistner = new TcpInputListener(tcp, cancelToken, tcp.Port); Listeners.Add(elistner); foreach (var output in Outputs) output.Connect(elistner); @@ -240,7 +240,7 @@ namespace TimberWinR foreach (var udp in config.Udps) { - var elistner = new UdpInputListener(cancelToken, udp.Port); + var elistner = new UdpInputListener(udp, cancelToken, udp.Port); Listeners.Add(elistner); foreach (var output in Outputs) output.Connect(elistner); diff --git a/TimberWinR/Outputs/Redis.cs b/TimberWinR/Outputs/Redis.cs index b08d77f..1dd0fb8 100644 --- a/TimberWinR/Outputs/Redis.cs +++ b/TimberWinR/Outputs/Redis.cs @@ -79,9 +79,11 @@ namespace TimberWinR.Outputs // Sample the queue and adjust the batch count if needed (ramp up slowly) public int UpdateCurrentBatchCount(int queueSize, int currentBatchCount) { - if (currentBatchCount < _maxBatchCount && currentBatchCount < queueSize && AverageQueueDepth() > currentBatchCount) + var avgQueueDepth = AverageQueueDepth(); + + if (currentBatchCount < _maxBatchCount && currentBatchCount < queueSize && avgQueueDepth > currentBatchCount) { - currentBatchCount += Math.Max(_maxBatchCount / _batchCount, 1); + currentBatchCount += Math.Max(avgQueueDepth / _batchCount, _batchCount / 5); if (currentBatchCount >= _maxBatchCount && !_warnedReachedMax) { LogManager.GetCurrentClassLogger().Warn("Maximum Batch Count of {0} reached.", currentBatchCount); @@ -314,6 +316,9 @@ namespace TimberWinR.Outputs { _batchCounter.SampleQueueDepth(_jsonQueue.Count); // Re-compute current batch size + + LogManager.GetCurrentClassLogger().Trace("{0}: Average Queue Depth: {1}, Current Length: {2}", Thread.CurrentThread.ManagedThreadId, _batchCounter.AverageQueueDepth(), _jsonQueue.Count); + _currentBatchCount = _batchCounter.UpdateCurrentBatchCount(_jsonQueue.Count, _currentBatchCount); messages = _jsonQueue.Take(_currentBatchCount).ToArray(); diff --git a/TimberWinR/Parser.cs b/TimberWinR/Parser.cs index 9ab9d12..47cd82f 100644 --- a/TimberWinR/Parser.cs +++ b/TimberWinR/Parser.cs @@ -12,6 +12,7 @@ using Microsoft.SqlServer.Server; using Newtonsoft.Json; using Newtonsoft.Json.Linq; using NLog; +using NLog.Config; using TimberWinR.Outputs; using System.CodeDom.Compiler; @@ -42,11 +43,9 @@ namespace TimberWinR.Parser { JToken token = json[oldName]; if (token != null) - { + { + json.Add(newName, token.DeepClone()); json.Remove(oldName); - JToken newToken = json[newName]; - if (newToken == null) - json.Add(newName, token); } } @@ -269,7 +268,7 @@ namespace TimberWinR.Parser public string Type { get; set; } [JsonProperty(PropertyName = "codec")] - public CodecArguments CodecArguments { get; set; } + public CodecArguments CodecArguments { get; set; } [JsonProperty(PropertyName = "message")] public string Message { get; set; } @@ -281,7 +280,7 @@ namespace TimberWinR.Parser public int Rate { get; set; } public void Validate() - { + { } public GeneratorParameters() @@ -336,9 +335,9 @@ namespace TimberWinR.Parser [JsonProperty(PropertyName = "type")] public string Type { get; set; } [JsonProperty(PropertyName = "location")] - public string Location { get; set; } + public string Location { get; set; } [JsonProperty(PropertyName = "recurse")] - public int Recurse { get; set; } + public int Recurse { get; set; } [JsonProperty(PropertyName = "fields")] public List Fields { get; set; } [JsonProperty(PropertyName = "interval")] @@ -403,15 +402,21 @@ namespace TimberWinR.Parser { [JsonProperty(PropertyName = "port")] public int Port { get; set; } + [JsonProperty(PropertyName = "type")] + public string Type { get; set; } + [JsonProperty("add_field")] + public string[] AddFields { get; set; } + [JsonProperty("rename")] + public string[] Renames { get; set; } public TcpParameters() { Port = 5140; + Type = "Win32-Tcp"; } public void Validate() { - } } @@ -420,15 +425,21 @@ namespace TimberWinR.Parser { [JsonProperty(PropertyName = "port")] public int Port { get; set; } + [JsonProperty(PropertyName = "type")] + public string Type { get; set; } + [JsonProperty("add_field")] + public string[] AddFields { get; set; } + [JsonProperty("rename")] + public string[] Renames { get; set; } public UdpParameters() { Port = 5142; + Type = "Win32-Udp"; } public void Validate() { - } } public class W3CLogParameters : IValidateSchema @@ -557,9 +568,9 @@ namespace TimberWinR.Parser [JsonProperty(PropertyName = "max_queue_size")] public int MaxQueueSize { get; set; } [JsonProperty(PropertyName = "queue_overflow_discard_oldest")] - public bool QueueOverflowDiscardOldest { get; set; } + public bool QueueOverflowDiscardOldest { get; set; } [JsonProperty(PropertyName = "enable_ping")] - public bool EnablePing { get; set; } + public bool EnablePing { get; set; } [JsonProperty(PropertyName = "ping_timeout")] public int PingTimeout { get; set; } @@ -650,7 +661,6 @@ namespace TimberWinR.Parser Host = new string[] { "localhost" }; Timeout = 10000; BatchCount = 200; - MaxBatchCount = BatchCount*10; NumThreads = 1; Interval = 5000; QueueOverflowDiscardOldest = true; @@ -755,7 +765,7 @@ namespace TimberWinR.Parser public override void Validate() { - if (Match == null || Match.Length != 2) + if (Match == null || Match.Length % 2 != 0) throw new GrokFilterException(); if (AddTag != null && AddTag.Length % 2 != 0) @@ -896,7 +906,7 @@ namespace TimberWinR.Parser } } - + public partial class Json : LogstashFilter { public class JsonMissingSourceException : Exception @@ -980,7 +990,7 @@ namespace TimberWinR.Parser [JsonProperty("grokFilters")] public Grok[] Groks { get; set; } - + [JsonProperty("mutateFilters")] public Mutate[] Mutates { get; set; } @@ -991,7 +1001,7 @@ namespace TimberWinR.Parser public Json[] Jsons { get; set; } [JsonProperty("geoipFilters")] - public GeoIP[] GeoIPs { get; set; } + public GeoIP[] GeoIPs { get; set; } } public class TimberWinR diff --git a/TimberWinR/ReleaseNotes.md b/TimberWinR/ReleaseNotes.md index 27aa2ca..7056a71 100644 --- a/TimberWinR/ReleaseNotes.md +++ b/TimberWinR/ReleaseNotes.md @@ -3,6 +3,12 @@ A Native Windows to Redis/Elasticsearch Logstash Agent which runs as a service. Version / Date +### 1.3.25.0 - 2015-04-30 +1. Fixed Issue [#49](https://github.com/Cimpress-MCP/TimberWinR/issues/49) +2. Fixed potential non-thread safe when renaming properties +3. Added add_field, rename support to Udp/Tcp Input Listeners +4. Fixed issue with multiple renames (was previousy only renaming the first one) + ### 1.3.24.0 - 2015-04-29 1. Fixed potential bug in TailFiles when tailing log files which are partially flushed to disk, it now will not process the line until the \r\n has been seen. diff --git a/TimberWinR/mdocs/GrokFilter.md b/TimberWinR/mdocs/GrokFilter.md index 6bfaa63..a03a537 100644 --- a/TimberWinR/mdocs/GrokFilter.md +++ b/TimberWinR/mdocs/GrokFilter.md @@ -26,14 +26,14 @@ The following operations are allowed when mutating a field. | Operation | Type | Description | :---------------|:----------------|:-----------------------------------------------------------------------| -| *type* | property:string |Type to which this filter applyes, if empty, applies to all types. -| *condition* | property:string |C# expression -| *rename* | property:array |Rename one or more fields -| *match* | property:string |Required field must match before any subsequent grok operations are executed. | *add_field* | property:array |If the filter is successful, add an arbitrary field to this event. Field names can be dynamic and include parts of the event using the %{field} syntax. This property must be specified in pairs. -| *remove_field* | property:array |If the filter is successful, remove arbitrary fields from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. | *add_tag* | property:array |If the filter is successful, add an arbitrary tag to this event. Tag names can be dynamic and include parts of the event using the %{field} syntax. +| *condition* | property:string |C# expression +| *match* | property:array |Required field must match (any) before any subsequent grok operations are executed. +| *remove_field* | property:array |If the filter is successful, remove arbitrary fields from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. | *remove_tag* | property:array |If the filter is successful, remove arbitrary tags from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. +| *rename* | property:array |Rename one or more fields +| *type* | property:string |Type to which this filter applyes, if empty, applies to all types. ## Operation Details ### match @@ -67,6 +67,28 @@ Given this configuration } ] ``` + +Given this configuration +```json + "Filters": [ + { + "grok": { + "matches": [ + "message", + "%{IP:client} %{WORD:method} %{URIPATHPARAM:request} %{NUMBER:bytes} %{NUMBER:duration}" + ], + "add_tag": [ + "http_log" + ], + "add_field": [ + "verb", "%{method}" + ] + } + } + ] +``` + + And if the message matches, then 6 fields would be added to the event: 1. client=55.3.244.1 2. method=GET diff --git a/TimberWinR/mdocs/JsonFilter.md b/TimberWinR/mdocs/JsonFilter.md index 6ee9348..8f04c0b 100644 --- a/TimberWinR/mdocs/JsonFilter.md +++ b/TimberWinR/mdocs/JsonFilter.md @@ -7,25 +7,27 @@ The following operations are allowed when mutating a field. | Operation | Type | Description | :---------------|:----------------|:-----------------------------------------------------------------------| -| *type* | property:string |Type to which this filter applies, if empty, applies to all types. -| *condition* | property:string |C# expression, if the expression is true, continue, otherwise, ignore -| *remove_source* | property:bool |If true, the source property is removed, default: true -| *source* | property:string |Required field indicates which field contains the Json to be parsed -| *promote* | property:string |If supplied any properties named *promote* will be promoted to top-level -| *target* | property:string |If suppled, the parsed json will be contained underneath a propery named *target* | *add_field* | property:array |If the filter is successful, add an arbitrary field to this event. Field names can be dynamic and include parts of the event using the %{field} syntax. This property must be specified in pairs. -| *remove_field* | property:array |If the filter is successful, remove arbitrary fields from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. | *add_tag* | property:array |If the filter is successful, add an arbitrary tag to this event. Tag names can be dynamic and include parts of the event using the %{field} syntax. +| *condition* | property:string |C# expression, if the expression is true, continue, otherwise, ignore +| *promote* | property:string |If supplied any properties named *promote* will be promoted to top-level +| *remove_field* | property:array |If the filter is successful, remove arbitrary fields from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. | *remove_tag* | property:array |If the filter is successful, remove arbitrary tags from this event. Field names can be dynamic and include parts of the event using the %{field} syntax. +| *remove_source* | property:bool |If true, the source property is removed, default: true +| *rename* | property:array |Rename one or more fields +| *source* | property:string |Required field indicates which field contains the Json to be parsed +| *target* | property:string |If suppled, the parsed json will be contained underneath a propery named *target* +| *type* | property:string |Type to which this filter applies, if empty, applies to all types. ## Operation Details ### source -The match field is required, the first argument is the field to inspect, and compare to the expression specified by the second -argument. In the below example, the message is spected to be something like this from a fictional sample log: +The source field is required, and indicates what Field contains the target Json, In the +below example, the [Logs](https://github.com/Cimpress-MCP/TimberWinR/blob/master/TimberWinR/mdocs/Logs.md) input produces a Text field, +which contains a line to be parsed as Json. Given this input configuration: -Lets assume that a newline such as the following is appended to foo.jlog: +Lets assume that a new line such as the following is appended to foo.jlog:, this would end up being the Text field ``` {"Email":"james@example.com","Active":true,"CreatedDate":"2013-01-20T00:00:00Z","Roles":["User","Admin"]} ``` @@ -54,7 +56,7 @@ Lets assume that a newline such as the following is appended to foo.jlog: } ``` -In the above example, the file foo.jlog is being tailed, and when a newline is appended, it is assumed +In the above example, the file foo.jlog is being tailed, and when a new line is appended, it is assumed to be Json and is parsed from the Text field, the parsed Json is then inserted underneath a property *stuff* The resulting output would be: @@ -84,8 +86,8 @@ The fields must be in pairs with oldname first and newname second. "target": "stuff", "source": "Text", "rename": [ - "Text", - "Data" + "level", + "Level" ] } } @@ -96,7 +98,9 @@ The fields must be in pairs with fieldName first and value second. ```json "Filters": [ { - "json": { + "json": { + "type": "Win32-FileLog", + "source": "Text", "add_field": [ "ComputerName", "Host", "Username", "%{SID}" @@ -112,7 +116,9 @@ Remove the fields. More than one field can be specified at a time. "Filters": [ { "json": { - "remove_tag": [ + "type": "Win32-FileLog", + "source": "Text", + "remove_field": [ "static_tag1", "Computer_%{Host}" ] @@ -128,6 +134,8 @@ Adds the tag(s) to the tag array. "Filters": [ { "json": { + "type": "Win32-FileLog", + "source": "Text", "add_tag": [ "foo_%{Host}", "static_tag1" @@ -143,6 +151,8 @@ Remove the tag(s) to the tag array. More than one tag can be specified at a tim "Filters": [ { "json": { + "type": "Win32-FileLog", + "source": "Text", "remove_tag": [ "static_tag1", "Username" diff --git a/TimberWinR/mdocs/Logs.md b/TimberWinR/mdocs/Logs.md index e66f34e..e871cd8 100644 --- a/TimberWinR/mdocs/Logs.md +++ b/TimberWinR/mdocs/Logs.md @@ -7,11 +7,12 @@ The following parameters are allowed when configuring WindowsEvents. | Parameter | Type | Description | Details | Default | | :---------------- |:---------------| :----------------------------------------------------------------------- | :--------------------------- | :-- | +| *iCodepage* | integer |Codepage of the text file. | 0 is the system codepage, -1 is UNICODE. | 0 | | *location* | string |Location of file(s) to monitor | Path to text file(s) including wildcards. | | | *logSource* | string |Source name | Used for conditions | | | *recurse* | integer |Max subdirectory recursion level. | 0 disables subdirectory recursion; -1 enables unlimited recursion. | 0 | | *splitLongLines* | boolean |Behavior when event messages or event category names cannot be resolved. |When a text line is longer than 128K characters, the format truncates the line and either discards the remaining of the line (when this parameter is set to "false"), or processes the remainder of the line as a new line (when this parameter is set to "true").| false | -| *iCodepage* | integer |Codepage of the text file. | 0 is the system codepage, -1 is UNICODE. | 0 | +| *type* | string |Typename for this Input | | Win32-FileLog | | [codec](https://github.com/Cimpress-MCP/TimberWinR/blob/master/TimberWinR/mdocs/Codec.md) | object | Codec to use | Example Input: Monitors all files (recursively) located at C:\Logs1\ matching *.log as a pattern. I.e. C:\Logs1\foo.log, C:\Logs1\Subdir\Log2.log, etc. @@ -39,3 +40,4 @@ After a successful parse of an event, the following fields are added: | LogFilename | STRING |Full path of the file containing this line | | Index | INTEGER | Line number | | Text | STRING | Text line content | +| type | STRING | Win32-FileLog | diff --git a/TimberWinR/mdocs/RedisOutput.md b/TimberWinR/mdocs/RedisOutput.md index 7b868d6..dcdb9c8 100644 --- a/TimberWinR/mdocs/RedisOutput.md +++ b/TimberWinR/mdocs/RedisOutput.md @@ -7,15 +7,15 @@ The following parameters are allowed when configuring the Redis output. | Parameter | Type | Description | Details | Default | | :-------------|:---------|:------------------------------------------------------------| :--------------------------- | :-- | -| *threads* | string | Location of log files(s) to monitor | Number of worker theads to send messages | 1 | | *batch_count* | integer | Sent as a single message | Number of messages to aggregate | 200 | -| *max_batch_count* | integer | Dynamically adjusted count maximum | Increases over time | batch_count*10 | -| *interval* | integer | Interval in milliseconds to sleep during batch sends | Interval | 5000 | +| *host* | string | The hostname(s) of your Redis server(s) | IP or DNS name | | | *index* | string | The name of the redis list | logstash index name | logstash | -| *host* | [string] | The hostname(s) of your Redis server(s) | IP or DNS name | | -| *port* | integer | Redis port number | This port must be open | 6379 | +| *interval* | integer | Interval in milliseconds to sleep during batch sends | Interval | 5000 | +| *max_batch_count* | integer | Dynamically adjusted count maximum | Increases over time | batch_count * 10 | | *max_queue_size* | integer | Maximum redis queue depth | | 50000 | +| *port* | integer | Redis port number | This port must be open | 6379 | | *queue_overflow_discard_oldest* | bool | If true, discard oldest messages when max_queue_size reached otherwise discard newest | | true | +| *threads* | string | Location of log files(s) to monitor | Number of worker theads to send messages | 1 | Example Input: ```json diff --git a/TimberWinR/mdocs/TailFiles.md b/TimberWinR/mdocs/TailFiles.md index b2b57fb..5a72b6e 100644 --- a/TimberWinR/mdocs/TailFiles.md +++ b/TimberWinR/mdocs/TailFiles.md @@ -8,6 +8,7 @@ The following parameters are allowed when configuring WindowsEvents. | Parameter | Type | Description | Details | Default | | :---------------- |:---------------| :----------------------------------------------------------------------- | :--------------------------- | :-- | +| *type* | string |Typename for this Input | | Win32-TailLog | | *location* | string |Location of file(s) to monitor | Path to text file(s) including wildcards. | | | *logSource* | string |Source name | Used for conditions | | | *recurse* | integer |Max subdirectory recursion level. | 0 disables subdirectory recursion; -1 enables unlimited recursion. | 0 | @@ -39,3 +40,4 @@ After a successful parse of an event, the following fields are added: | LogFilename | STRING |Full path of the file containing this line | | Index | INTEGER | Line number | | Text | STRING | Text line content | +| type | STRING | Win32-TailLog | diff --git a/TimberWinR/mdocs/TcpInput.md b/TimberWinR/mdocs/TcpInput.md index cb1ea76..2378537 100644 --- a/TimberWinR/mdocs/TcpInput.md +++ b/TimberWinR/mdocs/TcpInput.md @@ -5,9 +5,12 @@ The Tcp input will open a port and listen for properly formatted JSON and will f ## Parameters The following parameters are allowed when configuring the Tcp input. -| Parameter | Type | Description | Details | Default | -| :---------------- |:---------------| :----------------------------------------------------------------------- | :--------------------------- | :-- | -| *port* | integer |Port number to open | Must be an available port | | +| Parameter | Type | Description | Details | Default | +| :---------------- |:-----------------| :----------------------------------------------------------------------- | :--------------------------- | :-- | +| *add_field* | property:array |Add field(s) to this event. Field names can be dynamic and include parts of the event using the %{field} syntax. This property must be specified in pairs. | | +| *port* | integer |Port number to open | Must be an available port | | +| *rename* | property:array |Rename one or more fields | | | +| *type* | string |Typename for this Input | | Win32-Tcp | Example Input: Listen on Port 5140 diff --git a/TimberWinR/mdocs/UdpInput.md b/TimberWinR/mdocs/UdpInput.md index 499f4fc..8ef123b 100644 --- a/TimberWinR/mdocs/UdpInput.md +++ b/TimberWinR/mdocs/UdpInput.md @@ -7,7 +7,10 @@ The following parameters are allowed when configuring the Udp input. | Parameter | Type | Description | Details | Default | | :---------------- |:---------------| :----------------------------------------------------------------------- | :--------------------------- | :-- | -| *port* | integer |Port number to open | Must be an available port | | +| *add_field* | property:array |Add field(s) to this event. Field names can be dynamic and include parts of the event using the %{field} syntax. This property must be specified in pairs. | | +| *port* | integer |Port number to open | Must be an available port | | +| *rename* | property:array |Rename one or more fields | | | +| *type* | string |Typename for this Input | | Win32-Udp | Example Input: Listen on Port 5142