From 26904630e39b627c498b54614041c82d1d4dda93 Mon Sep 17 00:00:00 2001
From: Conner Peirce <me@connerpeirce.com>
Date: Thu, 11 May 2017 09:49:58 -0400
Subject: [PATCH] add '--raw' flag

enables spitting out straight json

useful for piping into another tool for formatting/processing (e.g. the
excellent `jq`)
---
 configuration.go |  6 ++++++
 elktail.go       | 10 ++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/configuration.go b/configuration.go
index 573d8be..a4f9272 100644
--- a/configuration.go
+++ b/configuration.go
@@ -22,6 +22,7 @@ type SearchTarget struct {
 type QueryDefinition struct {
 	Terms          []string
 	Format         string
+        Raw            bool
 	TimestampField string
 	AfterDateTime  string  `json:"-"`
 	BeforeDateTime string  `json:"-"`
@@ -159,6 +160,11 @@ func (config *Configuration) Flags() []cli.Flag {
 			Usage:       "(*) Message format for the entries - field names are referenced using % sign, for example '%@timestamp %message'",
 			Destination: &config.QueryDefinition.Format,
 		},
+		cli.BoolFlag{
+			Name:        "raw",
+			Usage:       "Just print raw JSON lines",
+			Destination: &config.QueryDefinition.Raw,
+		},
 		cli.StringFlag{
 			Name:        "i,index-pattern",
 			Value:       "logstash-[0-9].*",
diff --git a/elktail.go b/elktail.go
index 69886e5..bc26772 100644
--- a/elktail.go
+++ b/elktail.go
@@ -254,8 +254,14 @@ func (t *Tail) processHit(hit *elastic.SearchHit) map[string]interface{} {
 	if err != nil {
 		Error.Fatalln("Failed parsing ElasticSearch response.", err)
 	}
-	t.printResult(entry)
-	return entry;
+
+	if t.queryDefinition.Raw {
+		fmt.Println(string(*hit.Source))
+	} else {
+		t.printResult(entry)
+	}
+
+	return entry
 }