Frogsplash is rhyming slang for Minimal Logstash. It tries to satisfy the minimum use case of tailing a log file, parsing it with grok, and indexing in ElasticSearch (using Logstash's format, which can be read by tools like Kibana).
sudo setup.py install
frogsplash [-H HOST] [-p PORT] [-v] [-d] [-t TYPE] [-s SOURCE] -m PATTERN -g PATTERN file
where
- -H, --host is the ElasticSearch host
- -p, --port is the ElasticSearch port
- -v, --verbose enables verbose output
- -d, --dry-run dry-runs FrogSplash, meaning it won't send anything to ElasticSearch
- -t, --type is the "type", as sent to ElasticSearch (e.g. "apache")
- -s, --source is the "source", as sent to ElasticSearch (e.g. "10.0.1.27")
- -m, --multiline is a multiline grok pattern. If matched, appends the line to the subject of the previous match. Useful for exceptions that span multiple lines, etc. This parameter can be used multiple times
- -g, --grok is a grok pattern. You can use this parameter more than once for multiple patterns, but only the first match will be used.
- file is the log file to tail
Frogsplash uses inotify to tail log files, so Linux is (currently) the only supported platform.
Instead of re, it uses the experimental regex module. So far I haven't encountered any problems, but there may be bugs.