circolog/filtering/filter.go

// +build !nofilter

package filtering

import (
	"fmt"
	"os"

	"github.com/araddon/qlbridge/datasource"
	"github.com/araddon/qlbridge/expr"
	"github.com/araddon/qlbridge/value"
	"github.com/araddon/qlbridge/vm"
)

type ExprValue struct {
	node       expr.Node
	expression string
}

func (e *ExprValue) String() string {
	if e.node != nil {
		return e.node.String()
	} else {
		return "<Empty Expression>"
	}
}
func (e *ExprValue) Set(value string) error {
	if value == "" {
		e.node = nil
		e.expression = value
		return nil
	}
	ast, err := expr.ParseExpression(value)
	if err != nil {
		return err
	}
	e.node = ast
	e.expression = value
	return nil
}

// Validate answers the question whether to include a log line or not.
func (e *ExprValue) Validate(logLine map[string]interface{}) bool {
	if e.node == nil {
		return true
	}
	line := translateMap(logLine)
	context := datasource.NewContextSimpleNative(line)
	val, ok := vm.Eval(context, e.node)
	if !ok || val == nil { // errors when evaluating
		return false
	}
	if bv, isBool := val.(value.BoolValue); isBool {
		return bv.Val()
	}
	fmt.Fprintln(os.Stderr, "WARNING: The 'where' expression doesn't return a boolean")
	return false
}

func translateMap(lineInput map[string]interface{}) map[string]interface{} {
	lineOutput := make(map[string]interface{})
	lineOutput["prog"] = lineInput["app_name"]
	lineOutput["msg"] = lineInput["message"]
	lineOutput["facility"] = lineInput["facility"]
	lineOutput["host"] = lineInput["hostname"]
	lineOutput["time"] = lineInput["timestamp"]
	lineOutput["sev"] = lineInput["severity"]
	return lineOutput
}
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`// +build !nofilter`

refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`package filtering`

			`import (`
			`"fmt"`
			`"os"`

			`"github.com/araddon/qlbridge/datasource"`
			`"github.com/araddon/qlbridge/expr"`
			`"github.com/araddon/qlbridge/value"`
			`"github.com/araddon/qlbridge/vm"`
			`)`

			`type ExprValue struct {`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`node expr.Node`
			`expression string`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`}`

			`func (e *ExprValue) String() string {`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`if e.node != nil {`
			`return e.node.String()`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`} else {`
			`return "<Empty Expression>"`
			`}`
			`}`
			`func (e *ExprValue) Set(value string) error {`
server-side filtering circologctl filter lets you load filters on circologd 2018-12-25 03:52:53 +01:00			`if value == "" {`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`e.node = nil`
			`e.expression = value`
server-side filtering circologctl filter lets you load filters on circologd 2018-12-25 03:52:53 +01:00			`return nil`
			`}`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`ast, err := expr.ParseExpression(value)`
			`if err != nil {`
			`return err`
			`}`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`e.node = ast`
			`e.expression = value`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`return nil`
			`}`

Fix typo and more meaningful var name. 2019-01-09 16:55:58 +01:00			`// Validate answers the question whether to include a log line or not.`
			`func (e *ExprValue) Validate(logLine map[string]interface{}) bool {`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`if e.node == nil {`
server-side filtering circologctl filter lets you load filters on circologd 2018-12-25 03:52:53 +01:00			`return true`
			`}`
Fix typo and more meaningful var name. 2019-01-09 16:55:58 +01:00			`line := translateMap(logLine)`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`context := datasource.NewContextSimpleNative(line)`
filtering can be disabled with -tags nofilter it will make your binaries way smaller 2018-12-26 01:29:39 +01:00			`val, ok := vm.Eval(context, e.node)`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`if !ok \|\| val == nil { // errors when evaluating`
			`return false`
			`}`
filtering code cleanup 2018-12-26 01:54:30 +01:00			`if bv, isBool := val.(value.BoolValue); isBool {`
			`return bv.Val()`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`}`
filtering code cleanup 2018-12-26 01:54:30 +01:00			`fmt.Fprintln(os.Stderr, "WARNING: The 'where' expression doesn't return a boolean")`
			`return false`
refactor filtering code goal: use filters server-side, too 2018-12-25 03:17:14 +01:00			`}`
Translate the keywords for the QL. 2019-01-09 16:39:06 +01:00
			`func translateMap(lineInput map[string]interface{}) map[string]interface{} {`
			`lineOutput := make(map[string]interface{})`
			`lineOutput["prog"] = lineInput["app_name"]`
			`lineOutput["msg"] = lineInput["message"]`
			`lineOutput["facility"] = lineInput["facility"]`
			`lineOutput["host"] = lineInput["hostname"]`
			`lineOutput["time"] = lineInput["timestamp"]`
			`lineOutput["sev"] = lineInput["severity"]`
			`return lineOutput`
			`}`