Skip to content

Punchlets

Now that you have a sense of what Elasticsearch, Kibana and Beats can do, let us move on to punch features. First we will explore punchlets. A punchlet is a small function in charge of transforming your data. A typical example is log parsing. If you are familiar with logstash, think of punchlet as the filter part of a logstash configuration.

Basics

The standalone ships in with simple examples. Run one as follows:

cd $PUNCHPLATFORM_CONF_DIR/samples/punchlets
punchplatform-puncher.sh $PUNCHPLATFORM_CONF_DIR/samples/punchlets/operators_ipmatch.punch

You will get

{
  "check": true,
  "logs": {
    "log": "172.16.0.2"
  }
}
{
  "check": false,
  "logs": {
    "log": "5.36.18.2"
  }
}

The code of that particular punchlet is quite simple. It checks if an IP address belongs to some defined range.

{
  Tuple ipRange = getResourceTuple("ranges");
  [check] = ipmatch(ipRange).contains([logs][log]);
}

The resources file ranges.json simply contains:

[
    "10.0.0.0/8",
    "172.16.0.0/12",
    "192.168.0.0/16",
    "127.0.0.1/32"
]

Have a look at that example file as well as other examples, they are self-explanatory. The Punch language is powerful and comes with a complete online documentation.

You will later on see how to invoke it from various stream or batch applications.

Using the Punch UI

Thew Punch Resource Manager UI lets you execute punchlets from your browser. Checkout the Punch UI documentation.

All you need to do is to load sample punchlets. For example the ones in

$PUNCHPLATFORM_CONF_DIR/samples/punchlets/dates/

From there the Punch UI is simple and intuitive to use.