Created
January 19, 2016 13:38
-
-
Save rgevaert/3026e57f88d79bd76a14 to your computer and use it in GitHub Desktop.
logstash rspec rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- encoding : utf-8 -*- | |
| # Checks the configuration of the apache.conf logstash file | |
| require 'spec_helper' | |
| require 'logstash/filters/grok' | |
| describe "apache common log format" do | |
| config <<-CONFIG | |
| filter { | |
| grok { | |
| pattern => "%{COMBINEDAPACHELOG}" | |
| singles => true | |
| } | |
| date { | |
| match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"] | |
| } | |
| } | |
| CONFIG | |
| sample('198.151.8.4 - - [29/Aug/2012:20:17:38 -0400] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1"' | |
| ) do | |
| # These 'insist' and 'reject' calls use my 'insist' rubygem. | |
| # See http://rubydoc.info/gems/insist for more info. | |
| # Require that grok does not fail to parse this event. | |
| insist { subject["tags"] }.nil? | |
| # Ensure that grok captures certain expected fields. | |
| insist { subject }.include?("clientip") | |
| # Ensure that those fields match expected values from the event. | |
| insist { subject["clientip"] } == "198.151.8.4" | |
| # Verify date parsing | |
| insist { subject.timestamp } == Time.iso8601("2012-08-30T00:17:38.000Z") | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # -*- encoding : utf-8 -*- | |
| # Checks the configuration of the apache.conf logstash file | |
| require 'spec_helper' | |
| require 'logstash/filters/grok' | |
| describe "apache common log format" do | |
| config <<-CONFIG | |
| filter { | |
| if [type] == "apache-access" { | |
| grok { | |
| pattern => "%{COMBINEDAPACHELOG}" | |
| singles => true | |
| } | |
| date { | |
| match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"] | |
| } | |
| } | |
| } | |
| CONFIG | |
| sample( { @message => '198.151.8.4 - - [29/Aug/2012:20:17:38 -0400] "GET /favicon.ico HTTP/1.1" 200 3638 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1"', | |
| @type => 'apache-access'} | |
| ) do | |
| # These 'insist' and 'reject' calls use my 'insist' rubygem. | |
| # See http://rubydoc.info/gems/insist for more info. | |
| # Require that grok does not fail to parse this event. | |
| insist { subject["tags"] }.nil? | |
| # Ensure that grok captures certain expected fields. | |
| insist { subject }.include?("clientip") | |
| # Ensure that those fields match expected values from the event. | |
| insist { subject["clientip"] } == "198.151.8.4" | |
| # Verify date parsing | |
| insist { subject.timestamp } == Time.iso8601("2012-08-30T00:17:38.000Z") | |
| end | |
| end |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Using Accessor#strict_set for specs | |
| Run options: exclude {:redis=>true, :socket=>true, :performance=>true, :couchdb=>true, :elasticsearch=>true, :elasticsearch_secure=>true, :export_cypher=>true, :integration=>true, :windows=>true} | |
| F | |
| Failures: | |
| 1) apache common log format "{"":"apache-access"}" when processed | |
| Failure/Error: insist { subject }.include?("clientip") | |
| Insist::Failure: | |
| Expected "clientip" in #<LogStash::Event:0x17c4b046 @metadata={}, @accessors=#<LogStash::Util::Accessors:0x7210cfda @store={nil=>"apache-access", "@version"=>"1", "@timestamp"=>"2016-01-19T13:36:34.178Z"}, @lut={"[type]"=>[{nil=>"apache-access", "@version"=>"1", "@timestamp"=>"2016-01-19T13:36:34.178Z"}, "type"], "tags"=>[{nil=>"apache-access", "@version"=>"1", "@timestamp"=>"2016-01-19T13:36:34.178Z"}, "tags"], "clientip"=>[{nil=>"apache-access", "@version"=>"1", "@timestamp"=>"2016-01-19T13:36:34.178Z"}, "clientip"]}>, @data={nil=>"apache-access", "@version"=>"1", "@timestamp"=>"2016-01-19T13:36:34.178Z"}, @metadata_accessors=#<LogStash::Util::Accessors:0x3e37cf88 @store={}, @lut={}>, @cancelled=false> | |
| # ./logstash/vendor/bundle/jruby/1.9/gems/insist-1.0.0/lib/insist/assert.rb:8:in `assert' | |
| # ./logstash/vendor/bundle/jruby/1.9/gems/insist-1.0.0/lib/insist/enumerables.rb:12:in `include?' | |
| # ./rspec/apache_type.rb:34:in `(root)' | |
| # ./logstash/vendor/bundle/jruby/1.9/gems/rspec-wait-0.0.8/lib/rspec/wait.rb:46:in `(root)' | |
| # ./logstash/lib/bootstrap/rspec.rb:11:in `(root)' | |
| Finished in 0.686 seconds (files took 6.23 seconds to load) | |
| 1 example, 1 failure | |
| Failed examples: | |
| rspec ./rspec/apache_type.rb:25 # apache common log format "{"":"apache-access"}" when processed | |
| Randomized with seed 35401 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment