search

kcmerrill / alfred

(v0.2) Even Batman needs a little help. Task runner. Automator. Build system.
MIT License
63 stars 14 forks source link

Add support for grok patterns #39

Open iilyak opened 7 years ago

iilyak commented 7 years ago

Alfred is a great tool. Thank you for developing it.

This is not an issue but a feature request It would be really nice to add automatic parsing of an output of a job and store the parsed groups in the variables. The idea is inspired by filebit

With this feature it would be possible to specify something like (using logstash grok):

node.ps:
  summary: Return list of processes on remote node
  register: node.ps
  command: |
    ssh {{ index .Args 0 }} ps -elf
  ok: node.ps.ok
  fail: node.ps.fail
  grok:
    ssh_error: "ssh: (?<ERROR>[^\,]*)"
    process: "%{F} %{S} %{UID}        %{PID}  %{PPID}  %{C} %{PRI}  %{NI} %{ADDR} %{SZ} %{WCHAN  STIME} %{TTY}          %{TIME} %{CMD}"

node.ps.ok:
  register: node.ps.ok
  command:
    echo '{{ index .Vars "node.ps[*][CMD]" }}'  ### <<--- NOT sure about exact syntax here
  private: true

node.ps.fail:

   tasks: node.ping

There are plenty logstash grok patterns here https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/

There are few grok engines written in go already.

kcmerrill commented 7 years ago

The idea being, grok would look for specific file patters and pass/fail depending if it found it or not?

khia commented 7 years ago

The idea would be to match the output of the command (stdout) against grok pattern. Extract named groups and bind them to the variables, so the parsed results would be available for ok/fail commands.