[−][src]Struct redeye::parser::CombinedLogLineParser
Implementation of a LogLineParser that parses access logs in the
NCSA Combined Log Format into an object suitable for being serialized
into Logstash compatible JSON.
This format is nearly identical to the Common Log Format except for the addition of two extra fields: The referrer (spelled as "referer") and the user agent.
An example of the Common Log Format and the resulting fields that will be parsed by this implementation are given below.
Logs
An example of a log line in this format is given below.
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /index.html HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"
In this log line, the fields of a parsed LogEvent object would be
(in JSON).
{
"remote_host": "127.0.0.1",
"remote_user": "frank",
"@timestamp": "2000-10-10T13:55:36-07:00",
"requested_url": "GET /index.html HTTP/1.0",
"method": "GET",
"requested_uri": "/index.html",
"protocol": "HTTP/1.0",
"status_code": 200,
"content_length": 2326,
"request_headers": {
"referer": "http://www.example.com/start.html",
"user-agent": "Mozilla/4.08 [en] (Win98; I ;Nav)"
},
"@version": "1",
"message": "127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] \"GET /index.html HTTP/1.0\" 200 2326 \"http://www.example.com/start.html\" \"Mozilla/4.08 [en] (Win98; I ;Nav)\""
}
Some things to note about this example:
- The request portion of the log line has been parsed into method, path, and protocol components.
- The second field (the "-" in the original log line) has been omitted because the "-" represents a missing value.
- The timestamp field has a
@prefix because it has special meaning to Logstash. - The extra fields come from request headers and so are in a nested object.
- The field
@versionhas been added and has special meaning to Logstash. - The field
messagecontains the entire original log line.
See the Apache docs for the specifics of the log line format.
Example
use redeye::parser::{LogLineParser, CombinedLogLineParser}; use redeye::types::LogFieldValue; let parser = CombinedLogLineParser::new(); let event = parser.parse("127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] \"GET /index.html HTTP/1.0\" 200 2326 \"http://www.example.com/start.html\" \"Mozilla/4.08 [en] (Win98; I ;Nav)\"").unwrap(); let fields = event.fields(); let request_headers = fields.get("request_headers").unwrap(); let headers = match request_headers { LogFieldValue::Mapping(map) => map, _ => { panic!("Should be a mapping!"); }, }; assert_eq!( &LogFieldValue::Text("http://www.example.com/start.html".to_string()), headers.get("referer").unwrap(), );
Methods
impl CombinedLogLineParser[src]
Trait Implementations
impl Clone for CombinedLogLineParser[src]
fn clone(&self) -> CombinedLogLineParser[src]
fn clone_from(&mut self, source: &Self)1.0.0[src]
impl Debug for CombinedLogLineParser[src]
impl Default for CombinedLogLineParser[src]
impl LogLineParser for CombinedLogLineParser[src]
fn parse(&self, line: &str) -> RedeyeResult<LogEvent>[src]
Auto Trait Implementations
impl !RefUnwindSafe for CombinedLogLineParser
impl Send for CombinedLogLineParser
impl Sync for CombinedLogLineParser
impl Unpin for CombinedLogLineParser
impl UnwindSafe for CombinedLogLineParser
Blanket Implementations
impl<T> Any for T where
T: 'static + ?Sized, [src]
T: 'static + ?Sized,
impl<T> Borrow<T> for T where
T: ?Sized, [src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized, [src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T[src]
impl<T> From<T> for T[src]
impl<T, U> Into<U> for T where
U: From<T>, [src]
U: From<T>,
impl<T> ToOwned for T where
T: Clone, [src]
T: Clone,
type Owned = T
The resulting type after obtaining ownership.
fn to_owned(&self) -> T[src]
fn clone_into(&self, target: &mut T)[src]
impl<T, U> TryFrom<U> for T where
U: Into<T>, [src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>, [src]
U: TryFrom<T>,