fluent-plugin-elastic-log 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6ef4e2a586f566d7b309ef59d3c754bbccaffe6ba545eb31a4715683403f67af
-  data.tar.gz: fd5f957963bb03ca6bc4c2f456c8cf3c9053f35a53cadb2594280bc5899858c1
+  metadata.gz: f99628e3afa35a188a2f1b94cf56b44a1cbac89f541852cd1791d4a635b6e658
+  data.tar.gz: ae773fc1151757b4b1ebdc5ef463c05c722ab1d50e89d7e5b01f8c5187505252
 SHA512:
-  metadata.gz: 482176de12204c607485f80d2234106e20c6d618f8bd6c04155105ff335a20e8d04c71778e9e3bc1382e3efbacda46b2aa1c95fbc2521cebe061503970cdecab
-  data.tar.gz: f1a408614e789248cc1486ca9af9a11c3c8a66502c2bfbd3fe655e9dcd60f66bfbf3853082f99f78b368b39dfe15d67ae223b3a4574b1fdd8018e4651e1e3944
+  metadata.gz: e9b473e3db2182d81103f0b5a39c8c7a240c2bcc00dd2e01f852baa55aca426c3edc466595c6feb878ead856cb3f787c9f0cd7f2d182bfb0dcc38d9d5b0498f7
+  data.tar.gz: 544ddb9b34eed81fe9e758b65736ab4335b975ee575afddf36083ec91a026f506b1edea1d6f6a68fb914a88b12e234b375e58dcf84db1f89cd5615088a115ae4

data/.rubocop.yml

@@ -10,6 +10,10 @@ Metrics/BlockLength:
     - fluent-plugin-elastic-log.gemspec
     - test/**/*.rb
 
+Metrics/ClassLength:
+  Exclude:
+    - test/**/*.rb
+
 Metrics/MethodLength:
   Max: 20
 

data/fluent-plugin-elastic-log.gemspec

@@ -5,7 +5,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name    = 'fluent-plugin-elastic-log'
-  spec.version = '0.2.0'
+  spec.version = '0.3.0'
   spec.authors = ['Thomas Tych']
   spec.email   = ['thomas.tych@gmail.com']
 

data/lib/fluent/plugin/elastic_log/granted_privileges_metric.rb

@@ -21,24 +21,26 @@ module Fluent
         #   data/write/*  => write
         #   monitor/*     => monitor
         PRIVILEGE_MAP = {
-          "cluster:admin/" => 'admin_query',
-          "cluster:monitor/" => 'monitor_query',
-          "indices:admin/" => 'admin_query',
-          "indices:data/read/" => 'read_query',
-          "indices:data/write/" => 'write_query',
-          "indices:monitor/" => 'monitor_query'
+          'cluster:admin/' => 'admin',
+          'cluster:monitor/' => 'monitor',
+          'indices:admin/' => 'admin',
+          'indices:data/read/' => 'read',
+          'indices:data/write/' => 'write',
+          'indices:monitor/' => 'monitor'
         }.freeze
 
         ILM_PATTERN = /^(.*)-\d{6}$/.freeze
 
-        attr_reader :time, :record, :conf
+        attr_reader :time, :record, :conf, :prefix
 
-        def initialize(time:, record:, conf:)
+        def initialize(time:, record:, conf:, prefix: '')
           @time = time
           @record = record
           @conf = conf
+          @prefix = prefix
         end
 
+        # rubocop:disable Metrics/AbcSize
         def timestamp
           begin
             timestamp = Time.parse(record[:timestamp])
@@ -46,25 +48,28 @@ module Fluent
             timestamp = time.to_time
           end
 
-          return timestamp.utc.strftime('%s%3N') if conf.timestamp_format == :epochmillis
+          return (timestamp.utc.to_f * 1000).to_i if conf.timestamp_format == :epochmillis
+          return timestamp.utc.strftime('%s%3N') if conf.timestamp_format == :epochmillis_str
 
           timestamp.utc.iso8601(3)
         end
+        # rubocop:enable Metrics/AbcSize
 
-        def metric_name
+        def query_type
           PRIVILEGE_MAP.each do |pattern, name|
-            return "#{name}_count" if record[:privilege].to_s.start_with?(pattern)
+            return name if record[:privilege].to_s.start_with?(pattern)
           end
-          "unknown_count"
+          'unknown_count'
         end
 
         def base
           {
             'timestamp' => timestamp,
-            'metric_name' => metric_name,
+            'metric_name' => 'query_count',
             'metric_value' => 1,
-            'tags_user' => record[:user],
-            'tags_cluster' => record[:cluster]
+            "#{prefix}user" => record[:user],
+            "#{prefix}cluster" => record[:cluster],
+            "#{prefix}query_type" => query_type
           }
         end
 
@@ -82,7 +87,7 @@ module Fluent
         def generate_event_stream
           metric_es = MultiEventStream.new
           indices.each do |indice|
-            metric_es.add(time, base.merge(tags_technical_name: indice))
+            metric_es.add(time, base.merge("#{prefix}technical_name" => indice))
           end
           metric_es
         end

data/lib/fluent/plugin/out_elastic_audit_log_metric.rb

@@ -42,6 +42,7 @@ module Fluent
       DEFAULT_R_INDICES_KEY = 'audit_trace_resolved_indices'
       DEFAULT_TIMESTAMP_KEY = '@timestamp'
       DEFAULT_PRIVILEGE_KEY = 'audit_request_privilege'
+      DEFAULT_PREFIX = ''
 
       # REQUEST PRIVILEGE:
       # cluster:
@@ -78,8 +79,9 @@ module Fluent
       config_param :privilege_key, :string, default: DEFAULT_PRIVILEGE_KEY
 
       desc 'Timestamp format'
-      config_param :timestamp_format, :enum, list: %i[iso epochmillis], default: :iso
-
+      config_param :timestamp_format, :enum, list: %i[iso epochmillis epochmillis_str], default: :iso
+      desc 'Attribute prefix'
+      config_param :prefix, :string, default: DEFAULT_PREFIX
       desc 'Aggregate ILM'
       config_param :aggregate_ilm, :bool, default: true
 
@@ -142,7 +144,8 @@ module Fluent
             layer: record[layer_key],
             request_type: record[request_type_key]
           },
-          conf: self
+          conf: self,
+          prefix: prefix
         ).generate_event_stream
       end
       # rubocop:enable Metrics/AbcSize

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-elastic-log
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Thomas Tych
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-06-08 00:00:00.000000000 Z
+date: 2023-06-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bump