Modify

    As an example using JSON notation to,

    • Rename to RenamedKey
    • Add a key OtherKey with value Value3 if OtherKey does not yet exist

    Example (input)

    1. {
    2.   "Key1"       : "Value1",
    3.   "RenamedKey" : "Value2",
    4.   "OtherKey"   : "Value3"
    5. }

    The plugin supports the following rules:

    • Rules are case insensitive, parameters are not
    • Any number of rules can be set in a filter instance.
    • Rules are applied in the order they appear, with each rule operating on the result of the previous rule.

    Conditions

    The plugin supports the following conditions:

    Condition Parameter Parameter 2 Description
    Key_exists STRING:KEY NONE Is true if KEY exists
    Key_does_not_exist STRING:KEY STRING:VALUE Is true if does not exist
    A_key_matches REGEXP:KEY NONE Is true if a key matches regex KEY
    No_key_matches REGEXP:KEY NONE Is true if no key matches regex KEY
    Key_value_equals STRING:KEY STRING:VALUE Is true if KEY exists and its value is VALUE
    Key_value_does_not_equal STRING:KEY STRING:VALUE Is true if KEY exists and its value is not VALUE
    Key_value_matches STRING:KEY REGEXP:VALUE Is true if key KEY exists and its value matches VALUE
    Key_value_does_not_match STRING:KEY REGEXP:VALUE Is true if key KEY exists and its value does not match VALUE
    Matching_keys_have_matching_values REGEXP:KEY REGEXP:VALUE Is true if all keys matching KEY have values that match VALUE
    Matching_keys_do_not_have_matching_values REGEXP:KEY REGEXP:VALUE Is true if all keys matching KEY have values that do not match VALUE
    • Conditions are case insensitive, parameters are not
    • Any number of conditions can be set.
    • All conditions have to be true for the rules to be applied.
    1. [0] memory: [1488543156, {"Mem.total"=>1016044, "Mem.used"=>841388, "Mem.free"=>174656, "Swap.total"=>2064380, "Swap.used"=>139888, "Swap.free"=>1924492}]
    2. [1] memory: [1488543157, {"Mem.total"=>1016044, "Mem.used"=>841420, "Mem.free"=>174624, "Swap.total"=>2064380, "Swap.used"=>139888, "Swap.free"=>1924492}]
    3. [2] memory: [1488543158, {"Mem.total"=>1016044, "Mem.used"=>841420, "Mem.free"=>174624, "Swap.total"=>2064380, "Swap.used"=>139888, "Swap.free"=>1924492}]
    4. [3] memory: [1488543159, {"Mem.total"=>1016044, "Mem.used"=>841420, "Mem.free"=>174624, "Swap.total"=>2064380, "Swap.used"=>139888, "Swap.free"=>1924492}]

    Using command Line

    1. [INPUT]
    2.     Name mem
    3.     Tag  mem.local
    5. [OUTPUT]
    6.     Name  stdout
    7.     Match *
    9. [FILTER]
    10.     Name modify
    12.     Add Service1 SOMEVALUE
    13.     Add Service3 SOMEVALUE3
    14.     Add Mem.total2 TOTALMEM2
    15.     Rename Mem.free MEMFREE
    16.     Rename Mem.used MEMUSED
    17.     Rename Swap.total SWAPTOTAL
    18.     Add Mem.total TOTALMEM

    Result

    The output of both the command line and configuration invocations should be identical and result in the following output.

    1. [2018/04/06 01:35:13] [ info] [engine] started
    2. [0] mem.local: [1522980610.006892802, {"Mem.total"=>4050908, "MEMUSED"=>738100, "MEMFREE"=>3312808, "SWAPTOTAL"=>1046524, "Swap.used"=>0, "Swap.free"=>1046524, "Service1"=>"SOMEVALUE", "Service3"=>"SOMEVALUE3", "Mem.total2"=>"TOTALMEM2"}]
    3. [1] mem.local: [1522980611.000658288, {"Mem.total"=>4050908, "MEMUSED"=>738068, "MEMFREE"=>3312840, "SWAPTOTAL"=>1046524, "Swap.used"=>0, "Swap.free"=>1046524, "Service1"=>"SOMEVALUE", "Service3"=>"SOMEVALUE3", "Mem.total2"=>"TOTALMEM2"}]
    4. [3] mem.local: [1522980613.000122671, {"Mem.total"=>4050908, "MEMUSED"=>738068, "MEMFREE"=>3312840, "SWAPTOTAL"=>1046524, "Swap.used"=>0, "Swap.free"=>1046524, "Service1"=>"SOMEVALUE", "Service3"=>"SOMEVALUE3", "Mem.total2"=>"TOTALMEM2"}]

    Configuration File

    1. [2018/06/14 07:37:34] [ info] [engine] started (pid=1493)
    2. [0] mem.local: [1528925855.000223110, {"cpustats"=>"UNKNOWN", "sourcetype"=>"memstats", "cpustats_more"=>"STILL_UNKNOWN"}]
    3. [1] mem.local: [1528925856.000064516, {"cpustats"=>"UNKNOWN", "sourcetype"=>"memstats", "cpustats_more"=>"STILL_UNKNOWN"}]
    4. [2] mem.local: [1528925857.000165965, {"cpustats"=>"UNKNOWN", "sourcetype"=>"memstats", "cpustats_more"=>"STILL_UNKNOWN"}]
    5. [3] mem.local: [1528925858.000152319, {"cpustats"=>"UNKNOWN", "sourcetype"=>"memstats", "cpustats_more"=>"STILL_UNKNOWN"}]

    Configuration File

    1. [INPUT]
    2.     Name mem
    3.     Tag  mem.local
    5. [OUTPUT]
    6.     Name  stdout
    7.     Match *
    9. [FILTER]
    10.     Name modify
    11.     Match *
    13.     Remove_Wildcard Mem
    14.     Remove_Wildcard Swap
    15.     Set This_plugin_is_on 🔥
    16.     Set 🔥 is_hot
    17.     Copy 🔥 💦
    18.     Rename  💦 ❄️
    19.     Set ❄️ is_cold
    20.     Set 💦 is_wet

    Result