Parsing expression grammar and Abstract syntax tree for Logstash pipeline syntax.
Project description
About The Project
How Logstash Pipeline Works
The Logstash event processing pipeline has three stages: inputs → filters → outputs.
Inputs generate events, filters modify them, and outputs ship them elsewhere.
Inputs and outputs support codecs that enable you to encode or decode the data as it enters or exits the pipeline without having to use a separate filter.
The pipeline configuration file is a custom format developed by the Logstash folks using Treetop. The grammar itself is described in the source file grammar.treetop and compiled using Treetop into the custom grammar.rb parser. That parser is then used to set up the pipeline from the Logstash configuration.
See also:
Documentation
The latest documentation is at https://tomaskoutek.github.io/logstash-pipeline-parser/ and contains description of all methods, classes with individual examples and their results. Or you can display description directly with the help function.
For example:
from logstash_pipeline_parser import Pipeline
help(Pipeline.parse)
Getting Started
Installing
Install from pip:
pip install logstash-pipeline-parser
Dependencies
Quick Example
For full documentation with examples please see documentation.
Let's try pipeline with two input plugins:
from logstash_pipeline_parser import Pipeline
data = r"""
input {
beats {
host => "0.0.0.0"
port => 5044
client_inactivity_timeout => 3600
include_codec_tag => true
enrich => [source_metadata, ssl_peer_metadata]
ssl => true
ssl_key => "/some/path/my.key"
id => "input_beats"
}
udp {
port => 5045
host => "0.0.0.0"
}
}
"""
pipeline = Pipeline(data)
ast = pipeline.parse()
will produce Abstract syntax tree:
from ipaddress import IPv4Address
from pathlib import Path
[
["input", [
["beats", [
["host", [IPv4Address("0.0.0.0")]],
["port", [5044]],
["client_inactivity_timeout", [3600]],
["include_codec_tag", [True]],
["enrich", [
["source_metadata", "ssl_peer_metadata"]
]],
["ssl", [True]],
["ssl_key", [Path("/some/path/my.key")]],
["id", ["input_beats"]]
]],
["udp", [
["port", [5045]],
["host", [IPv4Address("0.0.0.0")]]
]]
]]
]
Of course, it is possible to parse all kinds of plugins, conditions and data types.
You can also search in the pipeline. The searched key can also contain the wildcard *
, for example "output.*.hosts" will return
(if the pipeline definition contains them):
("output.elasticsearch.hosts", [["127.0.0.1:9200","127.0.0.2:9200"]])
("output.logstash.hosts", ["127.0.0.1:9801"])
results = pipeline.search("input.*.port")
print(list(results))
# [
# ("input.beats.port", [5044]),
# ("input.udp.port", [5045])
# ]
The search
method returns a generator, so we can easily iterate:
for key, value in pipeline.search("*.port"):
print(f"key: {key}, value: {value[0]}")
# key: input.beats.port, value: 5044
# key: input.udp.sub.port, value: 5045
The return value can be any element from the tree (integer, string, field, plugin,...):
results = pipeline.search("input.beats.enrich")
print(list(results))
# [
# ("input.beats.enrich", [["source_metadata", "ssl_peer_metadata"]])
# ]
License
Distributed under the MIT License. See LICENSE for more information.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file logstash-pipeline-parser-0.0.2.tar.gz
.
File metadata
- Download URL: logstash-pipeline-parser-0.0.2.tar.gz
- Upload date:
- Size: 17.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e07d21accd782e50eb83f248821a2a150d99f1a3211524a41153e07ecbab1bbc |
|
MD5 | dc2f0a69a1205c1d15f2b21509dd7e63 |
|
BLAKE2b-256 | b5ab5ae19cbe10f8e385a03d06bdfd1bd498f9efb94b8b52907c86dedc4c5e83 |
File details
Details for the file logstash_pipeline_parser-0.0.2-py3-none-any.whl
.
File metadata
- Download URL: logstash_pipeline_parser-0.0.2-py3-none-any.whl
- Upload date:
- Size: 10.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.2 CPython/3.11.7
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 40e77d8a8505e401186d2f857a1cbc8080f3c578c17128db72fb59a717661965 |
|
MD5 | 73b51b61f2e902d4601961b89a7405c0 |
|
BLAKE2b-256 | 1f501fbadcee0b0bf546cf9c4e98bc20d23eb476729bfa956dab415eb53ed4c9 |