Giter Club home page Giter Club logo

grok-js's Introduction

grok-js

Fork of https://github.com/Beh01der/node-grok

npm version Build Status npm downloads License Greenkeeper badge

This library is inspired by logstash grok filter but it's not a port of it.

More details about usage and implementation here https://memz.co/parsing-log-files-node-js-regex-grok/

This is a templating library that helps reusing existing regular expressions and constructing new, more complex one. The primary goal was to help parsing and transforming plain text logs into JSON objects (one line => one object) based on provided template.

Install

Install locally: npm install grok-js.

Quick start

Following simple snippet

const p = '%{IP:client} \\[%{TIMESTAMP_ISO8601:timestamp}\\] "%{WORD:method} %{URIHOST:site}%{URIPATHPARAM:url}" %{INT:code} %{INT:request} %{INT:response} - %{NUMBER:took} \\[%{DATA:cache}\\] "%{DATA:mtag}" "%{DATA:agent}"';
const str = '203.35.135.165 [2016-03-15T12:42:04+11:00] "GET memz.co/cloud/" 304 962 0 - 0.003 [MISS] "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"';

require('grok-js').loadDefault((err, patterns) => {
  if (err) {
    console.error(err);
    return;
  }

  const pattern = patterns.createPattern(p);

  pattern.parse(str, (err, obj) => {
    if (err) {
      console.error(err);
      return;
    }

    console.log(obj);
  });
});

will transform string

203.35.135.165 [2016-03-15T12:42:04+11:00] "GET memz.co/cloud/" 304 962 0 - 0.003 [MISS] "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"

into object

{ 
  "client": "203.35.135.165",
  "timestamp": "2016-03-15T12:42:04+11:00",
  "method": "GET",
  "site": "memz.co",
  "url": "/cloud/",
  "code": "304",
  "request": "962",
  "response": "0",
  "took": "0.003",
  "cache": "MISS",
  "mtag": "-",
  "agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36" 
}

Synchronous version of code

const p = '%{IP:client} \\[%{TIMESTAMP_ISO8601:timestamp}\\] "%{WORD:method} %{URIHOST:site}%{URIPATHPARAM:url}" %{INT:code} %{INT:request} %{INT:response} - %{NUMBER:took} \\[%{DATA:cache}\\] "%{DATA:mtag}" "%{DATA:agent}"';
const str = '203.35.135.165 [2016-03-15T12:42:04+11:00] "GET memz.co/cloud/" 304 962 0 - 0.003 [MISS] "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"';

try {
  const patterns = require('grok-js').loadDefaultSync();
  const pattern = patterns.createPattern(p);

  console.log(pattern.parseSync(str));
} catch (err) {
  console.error(err);
}

Promises

Experimental

const p = '%{IP:client} \\[%{TIMESTAMP_ISO8601:timestamp}\\] "%{WORD:method} %{URIHOST:site}%{URIPATHPARAM:url}" %{INT:code} %{INT:request} %{INT:response} - %{NUMBER:took} \\[%{DATA:cache}\\] "%{DATA:mtag}" "%{DATA:agent}"';
const str = '203.35.135.165 [2016-03-15T12:42:04+11:00] "GET memz.co/cloud/" 304 962 0 - 0.003 [MISS] "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36"';

require('grok-js').loadDefault().then(patterns => {
  return patterns.createPattern(p).parse(str);
}).then(obj => {
  console.log(obj);
}).catch(err => {
  console.log(err);
})

API

  • loadDefault([loadModules,] callback) - creates new pattern collection including all built-in patterns from ./patterns folder. By providing loadModules parameter you can limit number of loaded patterns: loadDefault(['grok-patterns'] ,...);. Callback receives patterns collection filled in with default templates: function(err, patterns).

  • loadDefaultSync([loadModules]) - creates new default pattern collection and returns it GrokCollection.

  • new GrokCollection() - creates a new empty pattern collection.

  • GrokCollection.createPattern(expression, [id]) - creates new pattern and adds it to the collection. Find out more about pattern syntax here and about regular expression syntax here

  • GrokCollection.getPattern(id) - returns existing pattern GrokPattern

  • GrokCollection.load(filePath, callback) - asynchronously loads patterns from file. Callback is function(err).

  • GrokCollection.loadSync(filePath) - loads patterns from file and returns number of newly loaded patterns number

  • GrokPattern.parse(str, callback) - parses string using corresponding pattern. Callback function receives optional error and resulting object result: function(error, result)

  • GrokPattern.parseSync(str) - parses string using corresponding pattern and returns resulting object object

Find out more about grok-js https://memz.co/parsing-log-files-node-js-regex-grok/

License

ISC License (ISC)

Copyright (c) 2019, Andrey Chausenko [email protected]

Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

grok-js's People

Contributors

beh01der avatar dependabot[bot] avatar greenkeeper[bot] avatar honzahommer avatar moander avatar netoneko avatar raghuchandrasekaran avatar simkall avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

raghuchandrasekaran kaminchu metowolf cjslack okuryu

grok-js's Issues

Supported Features

I am trying to implement this grok pattern. It includes custom regex and patterns referencing other patterns. Is this possible in grok-js? The file seems to load fine but all I seem to be getting as a return is null.

Multi-line patterns?

Does this library support any multi-line pattern that can be used to capture stack traces?

Parsing Bug?

Using the below pattern:

%{TIMESTAMP_ISO8601:timestamp}%{SPACE}%{WORD:severity}%{SPACE}%{WORD:component}%{SPACE}\[%{DATA:context}\]%{SPACE}%{GREEDYDATA:message}

To parse the below string:

2019-12-10T17:20:54.504-0500 I  COMMAND  [conn949] command test.$cmd appName: "MongoDB Compass Community" command: delete { delete: "tests", deletes: [ { q: { _id: ObjectId('5ddc2d9c830c46e8a2b4591e') }, limit: 1 } ], ordered: true, lsid: { id: UUID("11efa940 - 8535 - 4a8e - 8f61 - 147f3403a770") }, $db: "test" } numYields:0 reslen:45 locks:{ ParallelBatchWriterMode: { acquireCount: { r: 2 } }, ReplicationStateTransition: { acquireCount: { w: 2 } }, Global: { acquireCount: { r: 1, w: 1 } }, Database: { acquireCount: { w: 1 } }, Collection: { acquireCount: { w: 1 } }, Mutex: { acquireCount: { r: 3 } } } flowControl:{ acquireCount: 1 } storage:{} protocol:op_msg 0ms

and grok-js returns null. However when I remove the \[ and \] the string is parsed but the context variable is not. Is there something wrong with my pattern or is this a bug?

Conflict With KafkaJs

Importing grok-js to an app with kafkajs will break kafkajs. await producer.send() will fail and return an empty array.

See minimal example here.

In this example, if const grok = require('grok-js'); is uncommented kafkajs will stop working.

Issue submitted to kafkajs here.

An in-range update of husky is breaking the build 🚨

The devDependency husky was updated from 4.1.0 to 4.2.0.

🚨 View failing branch.

This version is covered by your current version range and after updating it in your project the build failed.

husky is a devDependency of this project. It might not break your production code or affect downstream projects, but probably breaks your build or test tools, which may prevent deploying or publishing.

Status Details
  • ❌ continuous-integration/travis-ci/push: The Travis CI build could not complete due to an error (Details).
Release Notes for v4.2.0
  • Check Git version during install and log an error if it's <2.13.0
Commits

The new version differs by 4 commits.

See the full diff

FAQ and help

There is a collection of frequently asked questions. If those don’t help, you can always ask the humans behind Greenkeeper.

Your Greenkeeper Bot 🌴

Type not working

Hello,

I'm trying to use the grok-js module with the following pattern :
%{TIMESTAMP_ISO8601:date} \| %{IP:client} \| %{WORD:method} \| %{URIPATHPARAM:request} \| %{NUMBER:bytes:int} \| %{NUMBER:duration:int}

and the following line :
2018-04-11 15:26:04.756 | 192.168.0.19 | GET | /uri | 18 | 2

Unfortunately, the module doesn't work with types. If I change the pattern like this
%{TIMESTAMP_ISO8601:date} \| %{IP:client} \| %{WORD:method} \| %{URIPATHPARAM:request} \| %{NUMBER:bytes} \| %{NUMBER:duration}

Everything works.

So to fix this issue, I had to change the subPatternsRegex

From

 const subPatternsRegex = /%\{[A-Z0-9_]+(?::[A-Za-z0-9_]+)?\}/g;

To

const subPatternsRegex = /%\{[A-Z0-9_]+(?::[A-Za-z0-9_]+)?(?::[a-z]+)?\}/g;

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.