add a `parse_apache_casandra_log()` to VRL

[kquinsland]

A note for the community

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

The docs for parse_regex() has this call-out:

VRL aims to provide purpose-specific parsing functions for common log formats. Before reaching for the parse_regex function, see if a VRL parse_* function already exists for your format. If not, we recommend opening an issue to request support for the desired format.

So that's what i'm doing with this ticket.

For reference, apache cassandra has a default logback config:

<!-- ... -->
    <encoder>
      <pattern>%-5level [%thread] %date{ISO8601} %F:%L - %msg%n</pattern>
    </encoder>
<!-- ... -->

Which emits logs like this:

INFO  [ScheduledTasks:1] 2025-08-05 18:27:04,016 TokenMetadata.java:527 - Updating topology for all endpoints that have changed
INFO  [StorageServiceShutdownHook] 2025-08-05 18:27:15,792 HintsService.java:210 - Paused hints dispatch
INFO  [StorageServiceShutdownHook] 2025-08-05 18:27:15,795 Server.java:179 - Stop listening for CQL clients
INFO  [StorageServiceShutdownHook] 2025-08-05 18:27:15,795 Gossiper.java:1720 - Announcing shutdown

Which can be parsed with this regex:

matches, err = parse_regex(.message, r'^(?P<level>\w+)\s+\[(?P<thread>[^\]]+)\]\s+(?P<ts>\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3})\s+(?P<file>\S+):(?P<line>\d+)\s+-\s+(?P<msg>.+)$')

Attempted Solutions

No response

Proposal

No response

References

No response

Version

vector 0.47.0 (aarch64-unknown-linux-musl 3d5af22 2025-05-20 13:53:41.638057046)