Class: Fluent::Plugin::ConcatenatedSplunkJSONFilter

Inherits:

Filter

• Object
• Filter
• Fluent::Plugin::ConcatenatedSplunkJSONFilter

Defined in:

lib/fluent/plugin/filter_concatenated_splunk_json.rb

Instance Method Summary

• #configure(conf) ⇒ Object
• #filter_stream(tag, es) ⇒ Object
• #parse_splunk_timestamp(timestamp) ⇒ Object

Instance Method Details

#configure(conf) ⇒ Object

# File 'lib/fluent/plugin/filter_concatenated_splunk_json.rb', line 33

def configure(conf)
  super
  @message_accessor = record_accessor_create(@message_key)
  @timestamp_accessor = record_accessor_create(@time_key)
end

#filter_stream(tag, es) ⇒ Object

# File 'lib/fluent/plugin/filter_concatenated_splunk_json.rb', line 48

def filter_stream(tag, es)
  new_es = Fluent::MultiEventStream.new
  es.each do |time, record|
    message = @message_accessor.call(record)
    text = message.gsub("}{", "},{")
    array = Yajl.load("[" + text + "]")
    array.each do |element|
      time = @timestamp_accessor.call(element)
      new_es.add(parse_splunk_timestamp(time), element)
    end
  end
  new_es
end

#parse_splunk_timestamp(timestamp) ⇒ Object

# File 'lib/fluent/plugin/filter_concatenated_splunk_json.rb', line 39

def parse_splunk_timestamp(timestamp)
  if !timestamp.nil?
    timestamp = Float(timestamp)
    Fluent::EventTime.from_time(Time.at(timestamp.to_r))
  else
    Fluent::EventTime.now
  end
end