Github user markap14 commented on a diff in the pull request:
https://github.com/apache/nifi/pull/1682#discussion_r112449062
--- Diff:
nifi-nar-bundles/nifi-standard-services/nifi-record-serialization-services-bundle/nifi-record-serialization-services/src/main/java/org/apache/nifi/grok/GrokReader.java
---
@@ -23,38 +23,58 @@
import java.io.Reader;
import java.util.ArrayList;
import java.util.List;
+import java.util.Map;
+import java.util.regex.Matcher;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
import org.apache.nifi.annotation.lifecycle.OnEnabled;
+import org.apache.nifi.components.AllowableValue;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.controller.ConfigurationContext;
import org.apache.nifi.flowfile.FlowFile;
import org.apache.nifi.logging.ComponentLog;
import org.apache.nifi.processor.util.StandardValidators;
+import org.apache.nifi.schema.access.SchemaAccessStrategy;
+import org.apache.nifi.schema.access.SchemaNotFoundException;
+import org.apache.nifi.schemaregistry.services.SchemaRegistry;
import org.apache.nifi.serialization.RecordReader;
-import org.apache.nifi.serialization.RowRecordReaderFactory;
-import org.apache.nifi.serialization.SchemaRegistryRecordReader;
+import org.apache.nifi.serialization.RecordReaderFactory;
+import org.apache.nifi.serialization.SchemaRegistryService;
+import org.apache.nifi.serialization.SimpleRecordSchema;
+import org.apache.nifi.serialization.record.DataType;
+import org.apache.nifi.serialization.record.RecordField;
+import org.apache.nifi.serialization.record.RecordFieldType;
import org.apache.nifi.serialization.record.RecordSchema;
import io.thekraken.grok.api.Grok;
+import io.thekraken.grok.api.GrokUtils;
import io.thekraken.grok.api.exception.GrokException;
@Tags({"grok", "logs", "logfiles", "parse", "unstructured", "text",
"record", "reader", "regex", "pattern", "logstash"})
@CapabilityDescription("Provides a mechanism for reading unstructured text
data, such as log files, and structuring the data "
+ "so that it can be processed. The service is configured using Grok
patterns. "
+ "The service reads from a stream of data and splits each message
that it finds into a separate Record, each containing the fields that are
configured. "
- + "If a line in the input does not match the expected message pattern,
the line of text is considered to be part of the previous "
- + "message, with the exception of stack traces. A stack trace that is
found at the end of a log message is considered to be part "
- + "of the previous message but is added to the 'STACK_TRACE' field of
the Record. If a record has no stack trace, it will have a NULL value "
- + "for the STACK_TRACE field. All fields that are parsed are
considered to be of type String by default. If there is need to change the type
of a field, "
- + "this can be accomplished by configuring the Schema Registry to use
and adding the appropriate schema.")
-public class GrokReader extends SchemaRegistryRecordReader implements
RowRecordReaderFactory {
+ + "If a line in the input does not match the expected message pattern,
the line of text is either considered to be part of the previous "
+ + "message or is skipped, depending on the configuration,, with the
exception of stack traces. A stack trace that is found at the end of "
+ + "a log message is considered to be part of the previous message but
is added to the 'stackTrace' field of the Record. If a record has "
+ + "no stack trace, it will have a NULL value for the stackTrace field.
All fields that are parsed are considered to be of type String by default. "
--- End diff --
I'll preface this comment with the disclaimer that I have little experience
with LogStash and Grok. However, through my "extensive" google-based research,
it looks like Grok itself doesn't really provide all of the necessary means for
easily capturing stack traces. LogStash, for instance, adds on top of that to
allow for multiline filters, multiline codecs, etc. There are several different
approaches used in LogStash to capture stack traces, though, and it appears to
be one of the very common problems that people run into. Perhaps it would make
sense to introduce a LogStash reader at some point that could add more of those
capabilities into reading log messages. But for now it made sense to me to
instead simply check for a stack trace ourselves, since it is such a very
common problem and I wanted to make it as easy as possible for users
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
