docker run -it --rm logstash logstash -e 'input { stdin { } } output { stdout { } }'
- test hello world
- test this is awesome
- test
docker run -it --rm -v "$PWD/config-dir":/config-dir logstash logstash -f /config-dir/logstash-2.conf
- test hello world
- test this is awesome
- test
docker run -it --rm -v "$PWD/config-dir":/config-dir logstash logstash --configtest --config /config-dir/logstash-3.conf
docker run -it --rm -v "$PWD/rspec":/rspec-dir gunmetalz/logstash:2.1 rspec /rspec-dir/logstash-rspec-4.rb
Created a docker image which has logstash development tools installed. See rspec/readme.md
- https://www.elastic.co/guide/en/logstash/current/plugins-filters-grok.html
- https://www.elastic.co/blog/logstash-functionality-through-testing
- https://raw.githubusercontent.com/logstash-plugins/logstash-filter-grok/master/spec/filters/grok_spec.rb
Exercise 5: Create a grok pattern to take stdin "test hello world" and the output should have field msg with "hello world" as content. Anything after test should become content. Write a spec file to test out the grok pattern and then test out the same with a logstash config. If there is no matching pattern add to a tag called "no match found for pattern", no need for @version
docker run -it --rm -v "$PWD/rspec":/rspec-dir gunmetalz/logstash:2.1 rspec /rspec-dir/logstash-rspec-5.rb
docker run -it --rm -v "$PWD/config-dir":/config-dir logstash logstash --configtest --config /config-dir/logstash-5.conf
docker run -it --rm -v "$PWD/config-dir":/config-dir logstash logstash -f /config-dir/logstash-5.conf
- test hello world
- test this is awesome
- test
docker run -it --rm -v "$PWD/rspec":/rspec gunmetalz/logstash:2.1 rspec /rspec/logstash-rspec-6.rb
docker run -it --rm -v "$PWD/config-dir":/config-dir logstash logstash --configtest --config /config-dir/logstash-6.conf
docker run -it --rm -v "$PWD/config-dir":/config-dir -v "$PWD/data":/data-dir logstash logstash -f /config-dir/logstash-6.conf
- Large set of public data to play with ** http://www.flcdatacenter.com/CaseH1B.aspx ** http://www.foreignlaborcert.doleta.gov/performancedata.cfm
- Make sure of the line terminator of the input file. LF seems to be working fine.