[Lognorm] Tokenized-multivalue field-type for liblognorm
Pavel Levshin
pavel at levshin.spb.ru
Fri Oct 31 07:35:17 CET 2014
Hi,
I'll look at this little later.
Do you use it in production? Is this (JSON arrays) compatible with
lognormalizer tool? Can a %tokenized field contain another %tokenized
fields (i.e., allow for recursion)? Would you write some docs on the
feature?
Why do you use 'const' modifier for non-pointer arguments, for example,
'const unsigned char c'?
--
Pavel
30.10.2014 14:03, singh.janmejay:
> Hi,
>
> This patch-set introduces a log-norm field-type called tokenized,
> which allows parsing of token-separated values.
>
> A lot of applications such as nginx write fields in logs that are
> comma+space separated etc. For instance, nginx upstream_addrs field
> writes comma-separated ip+port combinations to access logs.
>
> Parsing such logs takes significant amount of regex and exec-template
> work and leads to rather ugly solution for something as simple as
> tokenized string.
>
> With this patch, parsing a list of ip-addresses separated by ',
> '(comma + space) for instance, would require a rule similar to:
>
> rule=ips:%my_ips:tokenized:, :ipv4%
>
> This requires a small patch to libestr as well, so this mail has 3
> patches attached.
>
> libestr patch:
>
> 0001-Changed-some-functions-that-don-t-modify-their-arg-t.patch
>
> liblognorm patch:
>
> 0001-Moved-from-parser-receving-data-as-escaped-string-to.patch
> 0002-added-support-for-field_type-tokenized-which-parses-.patch
>
> Patches go in order of prefix-number.
>
> --
> Regards,
> Janmejay
> http://codehunk.wordpress.com
>
>
> _______________________________________________
> Lognorm mailing list
> Lognorm at lists.adiscon.com
> http://lists.adiscon.net/mailman/listinfo/lognorm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.adiscon.net/pipermail/lognorm/attachments/20141031/eee33103/attachment.html>
More information about the Lognorm
mailing list