Quine Logs Recipe

Shared by
Michael Aglietti
Advanced

This recipe processes Quine log lines using a regular expression.

or pass -Dthatdot.loglevel=DEBUG to java when at runtime.

To run this recipe:

java -jar quine-x.x.x.jar -r quine-logs-recipe --recipe-value in_file=quineLog.log
Download quine
Recipe code:
version: 1
title: Quine Log Reader
contributor: michael@thatdot.com
summary: "Ingest Quine Log Lines"
description: |-
  "This recipe processes Quine log lines using a regular expression. 
  or pass `-Dthatdot.loglevel=DEBUG` to java when at runtime."
ingestStreams:
  - type: FileIngest
    path: $in_file
    format:
      type: CypherLine
      query: |-
        // Quine log pattern "%date %level [%mdc{akkaSource:-NotFromActor}] [%thread] %logger - %msg%n%ex"
        WITH text.regexFirstMatch($that, "(^\\d{4}-\\d{2}-\\d{2} \\d{1,2}:\\d{2}:\\d{2},\\d{3}) (FATAL|ERROR|WARN|INFO|DEBUG) \\[(\\S*)\\] \\[(\\S*)\\] (\\S*) - (.*)") AS r 
        WHERE r IS NOT NULL 
        // 0: whole matched line
        // 1: date time string
        // 2: log level
        // 3: actor address. Might be inside of `akka.stream.Log(…)`
        // 4: thread name
        // 5: logging class
        // 6: Message
        WITH *, split(r[3], "/") as path, split(r[6], "(") as msgPts
        WITH *, replace(COALESCE(split(path[2], "@")[-1], 'No host'),")","") as qh
        MATCH (actor), (msg), (class), (host)
        WHERE id(host)  = idFrom("host", qh)
          AND id(actor) = idFrom("actor", r[3])
          AND id(msg)   = idFrom("msg", r[0])
          AND id(class) = idFrom("class", r[5])
        SET host: Host, host.address = split(qh, ":")[0], host.port = split(qh, ":")[-1], host.host = qh,
            actor: Actor, actor.address = r[3], actor.id = replace(path[-1],")",""), actor.shard = path[-2], actor.type = path[-3],
            msg: Message, msg.msg = r[6], msg.type = split(msgPts[0], " ")[0], msg.level = r[2],
            class: Class, class.class = r[5]
        WITH * CALL reify.time(datetime({date: localdatetime(r[1], "yyyy-MM-dd HH:mm:ss,SSS")})) YIELD node AS time
        CREATE (actor)-[:sent]->(msg),
               (actor)-[:of_class]->(class),
               (actor)-[:on_host]->(host),
               (msg)-[:at_time]->(time)
standingQueries: []
nodeAppearances:
  - predicate:
      propertyKeys: []
      knownValues: {}
      dbLabel: Actor
    label:
      key: id
      type: Property
  - predicate:
      propertyKeys: []
      knownValues: {}
      dbLabel: Message
    label:
      key: type
      type: Property
  - predicate:
      propertyKeys: []
      knownValues: {}
      dbLabel: Host
    label:
      key: host
      type: Property
  - predicate:
      propertyKeys: []
      knownValues: {}
      dbLabel: Class
    label:
      key: class
      type: Property
quickQueries:
  - predicate:
      propertyKeys: []
      knownValues: {}
    quickQuery:
      name: Adjacent Nodes
      querySuffix: MATCH (n)--(m) RETURN DISTINCT m
      queryLanguage: Cypher
      sort: Node
  - predicate:
      propertyKeys: []
      knownValues: {}
      dbLabel: Actor
    quickQuery:
      name: Host
      querySuffix: MATCH (n)-[:on_host]->(m) RETURN DISTINCT m
      queryLanguage: Cypher
      sort: Node
      edgeLable: On Host
  - predicate:
      propertyKeys: []
      knownValues: {}
    quickQuery:
      name: Refresh
      querySuffix: RETURN n
      queryLanguage: Cypher
      sort: Node
  - predicate:
      propertyKeys: []
      knownValues: {}
    quickQuery:
      name: Local Properties
      querySuffix: RETURN id(n), properties(n)
      queryLanguage: Cypher
      sort: Text
sampleQueries:
  - name: Get Actors
    query: "MATCH (a: Actor) RETURN a"
statusQuery:
DOWNLOAD recipeCUSTOMIZE recipe
SlackTwitterGitHubLinkedInFacebook
© 2022 thatDot, Inc.
The Quine logo - a Q with an arrow, like a graph edge, as the stroke in the Q. White version.
Code of Conduct