CPAN::Groonga

package eris::log::decoder::json;
# ABSTRACT: Decodes any detected JSON in a log line from then opening curly brace

use JSON::MaybeXS;
use Moo;
use namespace::autoclean;

with qw(
    eris::role::dec

 JSON Docs will start with a '{', check for it.
    my $start = index($msg, '{');
    if( $start >= 0 ) {
        my $json_str = substr($msg, $start);
        eval {
            $decoded = decode_json

( $json_str );
            1;
        };
    }
    return $decoded;
}


1;

__END__

=pod

=encoding UTF-8

=head1 NAME

eris::log::decoder::json - Decodes any detected JSON in a log line from then op

kage eris::log::context::attacks::url;
# ABSTRACT: Inspects URL's for common attack patterns

use JSON::MaybeXS;
use Const::Fast;
use Moo;

use namespace::autoclean;
with qw(
    eris::role::context
)

d_matcher { qr/(?:_ur[li]$)|(?:^resource$)/ }


sub sample_messages {
    my @msgs = map { encode_json($_) } (
        { resource => "https://www.example.com/?t='%20OR%201=1;--" },
        { resource 

ract role which implements a decoder.

=item L<eris::log::decoder::syslog>, L<eris::log::decoder::json>

Default implementations of decoders.

=back

=head2 CONTEXT

Contexts are pluggable and are sea

package eris::role::schema;
# ABSTRACT: Role for implementing a schema

use eris::dictionary;
use JSON::MaybeXS;
use Moo::Role;
use POSIX qw(strftime);
use Types::Standard qw(Bool HashRef InstanceOf I

}


sub as_bulk {
    my ($self,$log) = @_;

    return sprintf "%s\n%s\n",
        map { encode_json($_) }
        {
            index => {
                _index => strftime($self->index_name, gmti

ead1 METHODS

=head2 as_bulk

Takes an L<eris::log> object and returns the bulk newline delimited JSON to add
that object to the cluster.

=head2 to_document

Takes an L<eris::log> object and returns 

 necessary to
bulk index the instance of an L<eris::log> object as an array of new-line delimited
JSON.

=head2 to_document()

Takes an instance of an L<eris::log> to index into ElasticSearch.

Using 

g::decoders>, L<eris::log::contextualizer>, L<eris::log::decoders::syslog>,
L<eris::log::decoder::json>

=head1 AUTHOR

Brad Lhotsky <brad@divisionbyzero.net>

=head1 COPYRIGHT AND LICENSE

This softw

ctionary::hash;
# ABSTRACT: Simple dictionary implementation based off a hash

use Moo::Role;
use JSON::MaybeXS;
use namespace::autoclean;
with qw(eris::role::dictionary);

our $VERSION = '0.008'; # V

      my $field = decode_json($line);
            $k = lc delete $field->{name};
            $v = $field;
        } or do {
            my $err = $@;
            warn "BAD JSON: $err\n\n$line\n";
    

:dictionary::cee;
# ABSTRACT: Contains fields in the Common Event Expression syntax

use Moo;
use JSON::MaybeXS;
use namespace::autoclean;
with qw(
    eris::role::dictionary::hash
);

our $VERSION = 

izer>, L<eris::role::decoder>, L<eris::log>,
L<eris::log::decoder::syslog>, L<eris::log::decoder::json>

=head1 AUTHOR

Brad Lhotsky <brad@divisionbyzero.net>

=head1 COPYRIGHT AND LICENSE

This softw

se warnings;

use CLI::Helpers qw(:output);
use Data::Printer;
use Hash::Flatten qw(flatten);
use JSON::MaybeXS;
use Getopt::Long::Descriptive;
use YAML;

use eris::log::contextualizer;
use eris::sche

['bulk|b',      "Show the bulk output from the schema match instead." ],
    ['json|j',      "Show the structure are JSON." ],
    ['flatten|F',   "Flatten the hash keys, defaults to false."],
    ['c

lk ) {
        output({data=>1}, $schm->as_bulk($l));
    }
    elsif( $opt->json ) {
        output({data=>1}, encode_json($v));
    }
    else {
        p($v);
    }
}

__END__

=pod

=encoding UTF-