[FLUME-2800] Multiline log events for Taildir Source - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Duplicate
Affects Version/s: 1.6.0, 1.7.0
Fix Version/s: None
Component/s: Sinks+Sources
Labels:
None

Description

This a proposal of implementation to handle multiline log messages for new tailing source ~~FLUME-2498~~.
Based on an idea FLUME-2779 MultiLine Deserializer for Spooling DIrectory Source.

Config.

multiLineRegex: Regular expression to handle multiline log messages (grok expressions permitted)
grokDictionaryDir: Custom Grok dictionaries directory
maxNumberLines: Max number of lines per event in multiline log messages. Default 100. Remaining lines is never transferred to sink.

For Regex expressions use Java regex engine.

Include a functionality for extracting grok expressions into a pure named regex (inspired by the logstash inteceptor)
By default load the included built-in grok dictionaries with pre-defined patterns.
https://github.com/aicer/grok

Attached patch includes a config documentation and unit tests.
Also attached a completed port/patch for Flume 1.6 a Java 1.6

Attachments

FLUME-2800.patch
22/Sep/15 09:59
89 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-2.patch
09/Dec/15 08:25
88 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-2-Flume1.6.patch
09/Dec/15 08:25
149 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-Flume1.6.patch
22/Sep/15 10:00
149 kB
David Burgos. Isban (Banco Santander)