Add regex processor plugin (#3839)

2018-05-22 01:46:10 +03:00
parent 3be9cad309
commit ccc4a85fd6
4 changed files with 430 additions and 0 deletions
--- a/plugins/processors/regex/README.md
+++ b/plugins/processors/regex/README.md
@@ -0,0 +1,46 @@
+# Regex Processor Plugin
+
+The `regex` plugin transforms tag and field values with regex pattern. If `result_key` parameter is present, it can produce new tags and fields from existing ones.
+
+### Configuration:
+
+```toml
+[[processors.regex]]
+  namepass = ["nginx_requests"]
+
+  # Tag and field conversions defined in a separate sub-tables
+  [[processors.regex.tags]]
+    ## Tag to change
+    key = "resp_code"
+    ## Regular expression to match on a tag value
+    pattern = "^(\\d)\\d\\d$"
+    ## Pattern for constructing a new value (${1} represents first subgroup)
+    replacement = "${1}xx"
+
+  [[processors.regex.fields]]
+    key = "request"
+    ## All the power of the Go regular expressions available here
+    ## For example, named subgroups
+    pattern = "^/api(?P<method>/[\\w/]+)\\S*"
+    replacement = "${method}"
+    ## If result_key is present, a new field will be created
+    ## instead of changing existing field
+    result_key = "method"
+
+  # Multiple conversions may be applied for one field sequentially
+  # Let's extract one more value
+  [[processors.regex.fields]]
+    key = "request"
+    pattern = ".*category=(\\w+).*"
+    replacement = "${1}"
+    result_key = "search_category"
+```
+
+### Tags:
+
+No tags are applied by this processor.
+
+### Example Output:
+```
+nginx_requests,verb=GET,resp_code=2xx request="/api/search/?category=plugins&q=regex&sort=asc",method="/search/",search_category="plugins",referrer="-",ident="-",http_version=1.1,agent="UserAgent",client_ip="127.0.0.1",auth="-",resp_bytes=270i 1519652321000000000
+```