[FLUME-2800] Multiline log events for Taildir Source - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Duplicate
Affects Version/s: 1.6.0, 1.7.0
Fix Version/s: None
Component/s: Sinks+Sources
Labels:
None

Description

This a proposal of implementation to handle multiline log messages for new tailing source ~~FLUME-2498~~.
Based on an idea FLUME-2779 MultiLine Deserializer for Spooling DIrectory Source.

Config.

multiLineRegex: Regular expression to handle multiline log messages (grok expressions permitted)
grokDictionaryDir: Custom Grok dictionaries directory
maxNumberLines: Max number of lines per event in multiline log messages. Default 100. Remaining lines is never transferred to sink.

For Regex expressions use Java regex engine.

Include a functionality for extracting grok expressions into a pure named regex (inspired by the logstash inteceptor)
By default load the included built-in grok dictionaries with pre-defined patterns.
https://github.com/aicer/grok

Attached patch includes a config documentation and unit tests.
Also attached a completed port/patch for Flume 1.6 a Java 1.6

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

FLUME-2800.patch
22/Sep/15 09:59
89 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-2.patch
09/Dec/15 08:25
88 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-2-Flume1.6.patch
09/Dec/15 08:25
149 kB
David Burgos. Isban (Banco Santander)
FLUME-2800-Flume1.6.patch
22/Sep/15 10:00
149 kB
David Burgos. Isban (Banco Santander)

Issue Links

duplicates

FLUME-2961 Make TaildirSource work with multiline

Patch Available

Activity

People

Assignee:: Unassigned

Reporter:: David Burgos. Isban (Banco Santander)

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 22/Sep/15 09:56

Updated:: 12/Aug/16 13:24

Resolved:: 12/Aug/16 13:23