Skip to content

Punchlets

Now that you have a sense of what Elasticsearch, Kibana and Beats can do, let us move on to punch features. First we will explore punchlets. A punchlet is a small function in charge of transforming your data. A typical example is log parsing. If you are familiar with logstash, think of punchlet as the filter part of a logstash configuration.

The standalone ships in with simple examples. Run one as follows:

1
cd $PUNCHPLATFORM_CONF_DIR/samples/punch

1
punchplatform-puncher.sh operators_ipmatch.punch

You will get

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{
  "check": true,
  "logs": {
    "log": "172.16.0.2"
  }
}
{
  "check": false,
  "logs": {
    "log": "5.36.18.2"
  }
}

The code of that particular punchlet is quite simple. It checks if an IP address belongs to some defined range.

1
2
3
4
{
  Tuple ipRange = getResourceTuple("ranges");
  [check] = ipmatch(ipRange).contains([logs][log]);
}

The resources file ranges.json simply contains:

1
2
3
4
5
6
[
    "10.0.0.0/8",
    "172.16.0.0/12",
    "192.168.0.0/16",
    "127.0.0.1/32"
]

Have a look at that example file as well as other examples, they are self-explanatory. The Punch language is powerful and comes with a complete online documentation.

You will later on see how to invoke it from various stream or batch applications.