Skip to content

Latest commit

 

History

History
39 lines (28 loc) · 1.74 KB

README.md

File metadata and controls

39 lines (28 loc) · 1.74 KB

Frogsplash

Frogsplash is rhyming slang for Minimal Logstash. It tries to satisfy the minimum use case of tailing a log file, parsing it with grok, and indexing in ElasticSearch (using Logstash's format, which can be read by tools like Kibana).

logo

Installation

sudo setup.py install

Usage

frogsplash [-H HOST] [-p PORT] [-v] [-d] [-t TYPE] [-s SOURCE] -m PATTERN -g PATTERN file

where

  • -H, --host is the ElasticSearch host
  • -p, --port is the ElasticSearch port
  • -v, --verbose enables verbose output
  • -d, --dry-run dry-runs FrogSplash, meaning it won't send anything to ElasticSearch
  • -t, --type is the "type", as sent to ElasticSearch (e.g. "apache")
  • -s, --source is the "source", as sent to ElasticSearch (e.g. "10.0.1.27")
  • -m, --multiline is a multiline grok pattern. If matched, appends the line to the subject of the previous match. Useful for exceptions that span multiple lines, etc. This parameter can be used multiple times
  • -g, --grok is a grok pattern. You can use this parameter more than once for multiple patterns, but only the first match will be used.
  • file is the log file to tail

Caveats

Frogsplash uses inotify to tail log files, so Linux is (currently) the only supported platform.

Instead of re, it uses the experimental regex module. So far I haven't encountered any problems, but there may be bugs.