-
Notifications
You must be signed in to change notification settings - Fork 11
Testing
Fabrice Bacchella edited this page Dec 9, 2025
·
6 revisions
Running LogHub with the argument :
java -jar .../loghub.jar --test|-t --config|-c .../loghub.conf
Will just parse the configuration for syntax error and then stop.
Run LogHub with the argument :
java -jar .../loghub.jar --grok|-g $PATTERNDIR
It will read the first line of standard input as the grok pattern and will try to match all the following lines against it until interrupted.
For example:
java -jar target/LogHub-0.0.1-SNAPSHOT-jar-with-dependencies.jar --grok src/main/resources/patterns << __EOF__
%{SYSLOG_LINE}
<1>Jan 15 03:24:22 localhost sendmail[46758]: v0F2OMVc046757: to=me@example.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31637, relay=mx.example.com. [169.254.1.1], dsn=2.0.0, stat=Sent (<201701150224.v0F2OM3E025099@host.example.com> [InternalId=177872597] Queued mail for delivery)
__EOF__
will output on standard output:
{pid=46758, program=sendmail, logsource=localhost, message=v0F2OMVc046757: to=me@example.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31637, relay=mx.example.com. [169.254.1.1], dsn=2.0.0, stat=Sent (<201701150224.v0F2OM3E025099@host.example.com> [InternalId=177872597] Queued mail for delivery), syslog_pri=1, timestamp=Jan 15 03:24:22}
Run LogHub with the argument :
java -jar .../loghub.jar --config|-c .../loghub.conf test --pipeline|-p $PIPELINENAME <jsonfiles>+
It will read the files as a stream of JSON objects, deserialize as events and send events to the given pipeline. The resulting events will be printed on standard output.
For example, if in your config file loghub.conf, there is:
pipeline[syslog] {
[type] = "syslog" |
loghub.processors.Grok {
pattern: "%{SYSLOG_LINE}",
field: [message],
} |
loghub.processors.SyslogPriority {
field: [syslog_pri],
} |
loghub.processors.DateParser {
field: [timestamp],
destination: [@timestamp],
timezone: "CET",
success: [timestamp]-
} |
[#processed] = true
}
One can launch:
cat >> try.json << __EOF__
{
"loghub.Event": {
"@timestamp": "2025-12-08T10:46:32.918Z",
"@fields": {
"message": "<1>Jan 15 03:24:22 localhost sendmail[46758]: v0F2OMVc046757: to=me@example.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31637, relay=mx.example.com. [169.254.1.1], dsn=2.0.0, stat=Sent (<201701150224.v0F2OM3E025099@host.example.com> [InternalId=177872597] Queued mail for delivery)"
},
"@METAS": {
}
}
}
__EOF__
java -jar .../loghub.jar -c .../loghub.conf test --pipeline syslog
will output on standard output:
{
"loghub.Event" : {
"@METAS" : {
"processed" : true
},
"@fields" : {
"logsource" : "localhost",
"message" : "v0F2OMVc046757: to=me@example.com, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=31637, relay=mx.example.com. [169.254.1.1], dsn=2.0.0, stat=Sent (<201701150224.v0F2OM3E025099@host.example.com> [InternalId=177872597] Queued mail for delivery)",
"pid" : "46758",
"program" : "sendmail",
"syslog_pri" : {
"facility" : "kernel",
"severity" : "alert"
},
"type" : "syslog"
},
"@timestamp" : "2025-01-15T02:24:22Z"
}
}