fluent-plugin-spectrum 0.0.3 → 0.0.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2d4288f068c625207769f4fa29e28d38f942ad83
-  data.tar.gz: fb7cbc18c897472e626cea9320d0680cfc2de45d
+  metadata.gz: b6ce4a6b4bf074348bde00e83c87e8559e07549c
+  data.tar.gz: cf2079f18bffc80dee8fe1c547d26460ff2a862e
 SHA512:
-  metadata.gz: 52fa80683e053aea5ae9cbc7a4575a6c7076fa72f01ebc6f650028e0ee36cc908cf6f7119c975de14f8099b4a5d50f11877ea6a726795b728dc27525851cf56c
-  data.tar.gz: 270493f647b3fa8d156941e27772b2f9f3662b8eb91f4c256edea218e72b5c1db04e54189b474884afa15505de36136ddc534f8ed11704aab8da8908fc8ff365
+  metadata.gz: dde69f607871058aa60138bd5a177323a0e0fac45ff6b62c0f13ef74699a5b948974161759b1417609abf02f0e01fc16bb26c5da60971da4dcbc85e6909c83dd
+  data.tar.gz: 656594019157e6a2555673e9d61094d89a420533c7fca7b1c0d6b909d5e669701edd895618c0b75e47af5c2c5438504dcab801101bbb0486dde1d14578aab052

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.travis.yml

@@ -0,0 +1,14 @@
+language: ruby
+rvm:
+  - 2.0.0
+  - 2.0.0-p451
+  - 2.1.0
+
+gemfile:
+ - Gemfile
+
+branches:
+  only:
+    - master
+
+script: bundle exec rake test

data/README.md

@@ -2,6 +2,11 @@
 
 fluent-plugin-spectrum is an input plug-in for [Fluentd](http://fluentd.org)
 
+## Status
+[![Gem Version](https://badge.fury.io/rb/fluent-plugin-spectrum.png)](http://badge.fury.io/rb/fluent-plugin-spectrum)
+[![Build Status](https://travis-ci.org/Bigel0w/fluent-plugin-spectrum.png?branch=master)](https://travis-ci.org/Bigel0w/fluent-plugin-spectrum)
+[![Coverage Status](https://coveralls.io/repos/Bigel0w/fluent-plugin-spectrum/badge.png?branch=master)](https://coveralls.io/r/Bigel0w/fluent-plugin-spectrum?branch=master)
+
 ## Installation
 
 These instructions assume you already have fluentd installed. 
@@ -77,9 +82,16 @@ Now startup fluentd
 
     $ sudo fluentd -c fluent.conf &
 
-Send a test
+Verify:
+
+		You should see output like the following if you have events in spectrum and connectivity works.
+
+		FluentD Log Lines:
+		2015-03-05 15:04:02 -0800 [info]: Spectrum :: Polling alerts for time period: 1425596639 - 1425596642
+		2015-03-05 15:04:07 -0800 [info]: Spectrum :: returned 1 alarms for period 1425596639 - 1425596647
 
-	TBD: Still need to create an example
+		Output:
+		2015-03-05 15:04:00 -0800 alert.spectrum: {"event_type":"alert.spectrum","intermediary_source":"spectrumapi001.corp.yourdomain.net","ALARM_ID":"54f8e0e0-e706-12c2-0165-005056a07ac5","CREATION_DATE":"1425596640","SEVERITY":"3","ALARM_TITLE":"LOGMATCH TRAPSEND CRIT","HOSTNAME":"yourhost001.corp.yourdomain.net","IP_ADDRESS":"10.10.0.14","ORIGINATING_EVENT_ATTR":"A SEC logmatch trapsend CRIT Your Alert Message here","MODEL_STRING":"Host_Device","ACKNOWLEDGED":"false","ALARM_STATUS":"","OCCURRENCES":"1","TROUBLE_SHOOTER":"","USER_CLEARABLE":"true","TROUBLE_TICKET_ID":"","PERSISTENT":"true","GC_NAME":"Your_Global_Collection"}
 
 ## To Do
 * Add retry login. On timeout/failure retry, how often, increasing delay? (how would that affect polling time, possible duplicates?)

data/fluent-plugin-spectrum.gemspec

@@ -3,12 +3,12 @@ $:.push File.expand_path("../lib", __FILE__)
 
 Gem::Specification.new do |gem|
   gem.name          = "fluent-plugin-spectrum"
-  gem.version       = "0.0.3"
-  gem.date          = '2015-02-24'
+  gem.version       = "0.0.5"
+  gem.date          = '2015-03-31'
   gem.authors       = ["Alex Pena"]
-  gem.email         = ["alex_pena@intuit.com"]
-  gem.summary       = %q{Fluentd input plugin for Spectrum Alerts}
-  gem.description   = %q{Fluentd plugin for Spectrum Alerts... WIP}
+  gem.email         = ["pena.alex@gmail.com"]
+  gem.summary       = %q{Fluentd input plugin for pulling alerts from CA Spectrum}
+  gem.description   = %q{Fluentd plugin for pulling monitoring alerts from CA Spectrum}
   gem.homepage      = 'https://github.com/Bigel0w/fluent-plugin-spectrum'
   gem.license       = 'MIT'
 

data/lib/fluent/plugin/in_spectrum.rb

@@ -1,27 +1,72 @@
 module Fluent
-# TODO:
-# Add a fields all or list option
-# error checking in every section  
-    # class for handling interval in loop
-  class TimerWatcher < Coolio::TimerWatcher
-    def initialize(interval, repeat, &callback)
-      @callback = callback
-      super(interval, repeat)
-    end # def initialize
-    def on_timer
-      @callback.call
-    end # def on_timer
-  end
-
   class SpectrumInput < Input
     Fluent::Plugin.register_input('spectrum', self)
     config_param :tag, :string, :default => "alert.spectrum"
-    config_param :endpoint, :string, :default => "pleasechangeme.com" #fqdn of endpoint
-    config_param :interval, :integer, :default => '300' #Default 5 minutes
-    config_param :user, :string, :default => "username"
-    config_param :pass, :string, :default => "password"
-    config_param :include_raw, :string, :default => "false" #Include original object as raw
-    config_param :attributes, :string, :default => "ALL" # fields to include, ALL for... well, ALL.
+    config_param :endpoint, :string, :default => nil
+    config_param :username, :string, :default => nil
+    config_param :password, :string, :default => nil
+    config_param :interval, :integer, :default => 300 # shoud stay above 10, avg response is 5-7 seconds
+
+    config_param :state_file, :string, :default => nil
+    config_param :include_raw, :string, :default => "false"
+    config_param :attributes, :string, :default => "ALL"
+    config_param :select_limit, :time, :default => 10000
+
+    # Classes
+    class TimerWatcher < Coolio::TimerWatcher
+      def initialize(interval, repeat, &callback)
+        @callback = callback
+        super(interval, repeat)
+      end # def initialize
+      
+      def on_timer
+        @callback.call
+      rescue
+        $log.error $!.to_s
+        $log.error_backtrace
+      end # def on_timer
+    end
+
+    class StateStore
+      def initialize(path)
+        require 'yaml'
+        @path = path
+        if File.exists?(@path)
+          @data = YAML.load_file(@path)
+          if @data == false || @data == []
+            # this happens if an users created an empty file accidentally
+            @data = {}
+          elsif !@data.is_a?(Hash)
+            raise "state_file on #{@path.inspect} is invalid"
+          end
+        else
+          @data = {}
+        end
+      end
+
+      def last_records
+        @data['last_records'] ||= {}
+      end
+
+      def update!
+        File.open(@path, 'w') {|f|
+          f.write YAML.dump(@data)
+        }
+      end
+    end
+
+    class MemoryStateStore
+      def initialize
+        @data = {}
+      end
+      
+      def last_records
+        @data['last_records'] ||= {}
+      end
+      
+      def update!
+      end
+    end
 
     # function to UTF8 encode
     def to_utf8(str)
@@ -45,6 +90,11 @@ module Fluent
     def configure(conf)
       super 
       @conf = conf
+
+      unless @state_file
+        $log.warn "'state_file PATH' parameter is not set to a valid source."
+        $log.warn "this parameter is highly recommended to save the last known good timestamp to resume event consuming"
+      end
       # map of Spectrum attribute codes to names
       @spectrum_access_code={
         "0x11f9c" => "ALARM_ID",
@@ -64,7 +114,6 @@ module Fluent
         "0x12942" => "PERSISTENT",
         "0x12adb" => "GC_NAME",
         "0x57f0105" => "Custom_Project",
-        "0x11f4d" => "ACKNOWLEDGED",
         #{}"0x11f51" => "CLEARED_BY_USER_NAME",
         #{}"0x11f52" => "EVENT_ID_LIST",
         #{}"0x11f53" => "MODEL_HANDLE",
@@ -95,78 +144,124 @@ module Fluent
       @spectrum_access_code.each do |key, array|
         @attr_of_interest += " <rs:requested-attribute id=\"#{key}\"/>"
       end
+      
       # Setup URL Resource
-      @url = 'http://' + @endpoint.to_s + '/spectrum/restful/alarms'
-      def spectrumEnd
-        RestClient::Resource.new(@url,@user,@pass)
+      def resource
+        @url = 'http://' + @endpoint.to_s + '/spectrum/restful/alarms'
+        RestClient::Resource.new(@url, :user => @username, :password => @password, :open_timeout => 3, :timeout => (@interval * 2))
       end
+
+      ### need to add this but first figure out how to pass a one time override for timeout since get takes a longtime to return
+      #test = resource.get
+      #if test.code.to_s == 200
+      #  $log.info "Spectrum :: Config testing #{@endpoint} succeeded with #{test.code.to_s} response code"
+      #else
+      #  raise Fluent::ConfigError, "http test failed"
+      #end
     end # def configure
 
-    def start 
-      super 
+    def start
+      @stop_flag = false
+      @state_store = @state_file.nil? ? MemoryStateStore.new : StateStore.new(@state_file)
       @loop = Coolio::Loop.new
-      timer_trigger = TimerWatcher.new(@interval, true, &method(:input))
-      timer_trigger.attach(@loop)
+      @loop.attach(TimerWatcher.new(@interval, true, &method(:on_timer)))
       @thread = Thread.new(&method(:run))
-      $log.info "Spectrum :: starting poller, endpoint #{@endpoint} interval #{@interval}"
     end # def start
 
     def shutdown
-      super
+      #@loop.watchers.each {|w| w.detach}
+      @stop_flag = true
       @loop.stop
       @thread.join
-    rescue
-      $log.error "Spectrum :: unexpected error", :error=>$!.to_s
-      $log.error_backtrace
     end # def shutdown
 
     def run
       @loop.run
     rescue
-        $log.error "Spectrum :: unexpected error", :error=>$!.to_s
-        $log.error_backtrace
+      $log.error "unexpected error", :error=>$!.to_s
+      $log.error_backtrace
     end # def run
 
-    def input
-      alertStartTime = Engine.now.to_i - @interval.to_i 
-      $log.info "Spectrum :: Polling alerts for time period: #{alertStartTime.to_i} - #{Engine.now.to_i}"
-
-      # Format XML for spectrum post
-      @xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
-      <rs:alarm-request throttlesize=\"10000\"
-      xmlns:rs=\"http://www.ca.com/spectrum/restful/schema/request\"
-      xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
-      xsi:schemaLocation=\"http://www.ca.com/spectrum/restful/schema/request ../../../xsd/Request.xsd \">
-      <rs:attribute-filter>
-        <search-criteria xmlns=\"http://www.ca.com/spectrum/restful/schema/filter\">
-        <filtered-models>
-          <greater-than>
-            <attribute id=\"0x11f4e\">
-              <value> #{alertStartTime} </value>
-            </attribute>
-          </greater-than>
-        </filtered-models>
-        </search-criteria>
-      </rs:attribute-filter>
-      #{@attr_of_interest}
-      </rs:alarm-request>"
-
-      # Post to Spectrum and parse results  
-      responsePost=spectrumEnd.post @xml,:content_type => 'application/xml',:accept => 'application/json'
-      body = JSON.parse(responsePost.body)
-
-      # Processing for multiple alerts returned
-      if body['ns1.alarm-response-list']['@total-alarms'].to_i > 1
-        $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period #{alertStartTime.to_i} - #{Engine.now.to_i}"
-        # iterate through each alarm
-        body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm'].each do |alarm|
+    def on_timer
+      if not @stop_flag
+        pollingStart = Engine.now.to_i
+        if @state_store.last_records.has_key?("spectrum") 
+          alertStartTime = @state_store.last_records['spectrum']
+          #$log.info "Spectrum :: Got time record from state_store - #{alertStartTime}" 
+        else
+          alertStartTime = (pollingStart.to_i - @interval.to_i)
+          #$log.info "Spectrum :: Got time record from initial config - #{alertStartTime}"
+        end
+        pollingEnd = ''
+        pollingDuration = ''
+        #$log.info "Spectrum :: Polling alerts for time period < #{alertStartTime.to_i}"
+
+        # Format XML for spectrum post
+        @xml = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>
+        <rs:alarm-request throttlesize=\"#{select_limit}\"
+        xmlns:rs=\"http://www.ca.com/spectrum/restful/schema/request\"
+        xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"
+        xsi:schemaLocation=\"http://www.ca.com/spectrum/restful/schema/request ../../../xsd/Request.xsd \">
+        <rs:attribute-filter>
+          <search-criteria xmlns=\"http://www.ca.com/spectrum/restful/schema/filter\">
+          <filtered-models>
+            <greater-than>
+              <attribute id=\"0x11f4e\">
+                <value> #{alertStartTime} </value>
+              </attribute>
+            </greater-than>
+          </filtered-models>
+          </search-criteria>
+        </rs:attribute-filter>
+        #{@attr_of_interest}
+        </rs:alarm-request>"
+
+        # Post to Spectrum and parse results
+        begin
+          res=resource.post @xml,:content_type => 'application/xml',:accept => 'application/json'
+          #$log.info "Response code #{res.code.to_s}"
+          body = JSON.parse(res.body)
+          pollingEnd = Engine.now.to_i
+          @state_store.last_records['spectrum'] = pollingEnd
+          pollingDuration = pollingEnd - pollingStart
+        end  
+
+        # Processing for multiple alerts returned
+        if body['ns1.alarm-response-list']['@total-alarms'].to_i > 1
+          $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period < #{alertStartTime.to_i} took #{pollingDuration.to_i} seconds, ended at #{pollingEnd}"
+          # iterate through each alarm
+          body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm'].each do |alarm|
+            # Create initial structure
+            record_hash = Hash.new # temp hash to hold attributes of alarm
+            raw_array = Array.new # temp hash to hold attributes of alarm for raw
+            record_hash['event_type'] = @tag.to_s
+            record_hash['intermediary_source'] = @endpoint.to_s
+            record_hash['recieved_time_input'] = pollingEnd.to_s
+            # iterate though alarm attributes
+            alarm['ns1.attribute'].each do |attribute|
+              key,value = parseAttributes(attribute)
+              record_hash[key] = value
+              if @include_raw.to_s == "true"
+                raw_array << { "#{key}" => "#{value}" }
+              end
+            end
+            # append raw object
+            if @include_raw.to_s == "true"  
+              record_hash[:raw] = raw_array
+            end
+            Engine.emit(@tag, record_hash['CREATION_DATE'].to_i,record_hash)
+          end
+        # Processing for single alarm returned  
+        elsif body['ns1.alarm-response-list']['@total-alarms'].to_i == 1
+          $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period < #{alertStartTime.to_i} took #{pollingDuration.to_i} seconds, ended at #{pollingEnd}"
           # Create initial structure
           record_hash = Hash.new # temp hash to hold attributes of alarm
           raw_array = Array.new # temp hash to hold attributes of alarm for raw
           record_hash['event_type'] = @tag.to_s
           record_hash['intermediary_source'] = @endpoint.to_s
-          # iterate though alarm attributes
-          alarm['ns1.attribute'].each do |attribute|
+          record_hash['recieved_time_input'] = pollingEnd.to_s
+          # iterate though alarm attributes and add to temp hash  
+          body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm']['ns1.attribute'].each do |attribute|
             key,value = parseAttributes(attribute)
             record_hash[key] = value
             if @include_raw.to_s == "true"
@@ -178,33 +273,14 @@ module Fluent
             record_hash[:raw] = raw_array
           end
           Engine.emit(@tag, record_hash['CREATION_DATE'].to_i,record_hash)
+        # No alarms returned
+        else
+          $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period < #{alertStartTime.to_i} took #{pollingDuration.to_i} seconds, ended at #{pollingEnd}"
         end
-      # Processing for single alarm returned  
-      elsif body['ns1.alarm-response-list']['@total-alarms'].to_i == 1
-        $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period #{alertStartTime.to_i} - #{Engine.now.to_i}"
-        # Create initial structure
-        record_hash = Hash.new # temp hash to hold attributes of alarm
-        raw_array = Array.new # temp hash to hold attributes of alarm for raw
-        record_hash['event_type'] = @tag.to_s
-        record_hash['intermediary_source'] = @endpoint.to_s
-        # iterate though alarm attributes and add to temp hash  
-        body['ns1.alarm-response-list']['ns1.alarm-responses']['ns1.alarm']['ns1.attribute'].each do |attribute|
-          key,value = parseAttributes(attribute)
-          record_hash[key] = value
-          if @include_raw.to_s == "true"
-            raw_array << { "#{key}" => "#{value}" }
-          end
-        end
-        # append raw object
-        if @include_raw.to_s == "true"  
-          record_hash[:raw] = raw_array
-        end
-        Engine.emit(@tag, record_hash['CREATION_DATE'].to_i,record_hash)
-      # No alarms returned
-      else
-        $log.info "Spectrum :: returned #{body['ns1.alarm-response-list']['@total-alarms'].to_i} alarms for period #{alertStartTime.to_i} - #{Engine.now.to_i}"
-      end    
-    
+        @state_store.update!
+        #return 
+        #exit   
+      end
     end # def input
   end # class SpectrumInput
 end # module Fluent

data/lib/fluent/plugin/out_spectrum.rb

@@ -0,0 +1,193 @@
+module Fluent
+  class SpectrumOut < Output
+    # First, register the plugin. NAME is the name of this plugin
+    # and identifies the plugin in the configuration file.
+    Fluent::Plugin.register_output('spectrum', self)
+    
+    config_param :tag, :string, default:'alert.spectrum.out' 
+    #config_param :tag, :string, :default => "alert.spectrum"
+    config_param :endpoint, :string, :default => "pleasechangeme.com" #fqdn of endpoint
+    config_param :interval, :integer, :default => '300' #Default 5 minutes
+    config_param :user, :string, :default => "username"
+    config_param :pass, :string, :default => "password"
+    config_param :include_raw, :string, :default => "false" #Include original object as raw
+    config_param :attributes, :string, :default => "ALL" # fields to include, ALL for... well, ALL.
+
+    def parseAttributes(alarmAttribute)
+      key = @spectrum_access_code[alarmAttribute['@id'].to_s].to_s
+      value = ((to_utf8(alarmAttribute['$'].to_s)).strip).gsub(/\r?\n/, " ")
+      return key,value
+    end
+
+    def initialize
+      require 'rest-client'
+      require 'json'
+      require 'pp'
+      require 'cgi'
+      super
+    end # def initialize
+
+
+    # This method is called before starting.
+    def configure(conf)
+      super 
+      # Read property file and create a hash
+      @rename_rules = []
+      conf_rename_rules = conf.keys.select { |k| k =~ /^rename_rule(\d+)$/ }
+      conf_rename_rules.sort_by { |r| r.sub('rename_rule', '').to_i }.each do |r|
+        key_regexp, new_key = parse_rename_rule conf[r]
+
+        if key_regexp.nil? || new_key.nil?
+          raise Fluent::ConfigError, "Failed to parse: #{r} #{conf[r]}"
+        end
+
+        if @rename_rules.map { |r| r[:key_regexp] }.include? /#{key_regexp}/
+          raise Fluent::ConfigError, "Duplicated rules for key #{key_regexp}: #{@rename_rules}"
+        end
+
+        #@rename_rules << { key_regexp: /#{key_regexp}/, new_key: new_key }
+        @rename_rules << { key_regexp: key_regexp, new_key: new_key }
+        $log.info "Added rename key rule: #{r} #{@rename_rules.last}"
+      end
+
+      raise Fluent::ConfigError, "No rename rules are given" if @rename_rules.empty?
+      @conf = conf
+      # map of Spectrum attribute codes to names
+      @spectrum_access_code={
+        "0x11f9c" => "ALARM_ID",
+        "0x11f4e" => "CREATION_DATE",
+        "0x11f56" => "SEVERITY",
+        "0x12b4c" => "ALARM_TITLE",
+        "0x1006e" => "HOSTNAME",
+        "0x12d7f" => "IP_ADDRESS",
+        "0x1296e" => "ORIGINATING_EVENT_ATTR",
+        "0x10000" => "MODEL_STRING",  
+        "0x11f4d" => "ACKNOWLEDGED",
+        "0x11f4f" => "ALARM_STATUS",
+        "0x11fc5" => "OCCURRENCES",
+        "0x11f57" => "TROUBLE_SHOOTER",
+        "0x11f9b" => "USER_CLEARABLE",
+        "0x12022" => "TROUBLE_TICKET_ID",
+        "0x12942" => "PERSISTENT",
+        "0x12adb" => "GC_NAME",
+        "0x57f0105" => "Custom_Project",
+        "0x11f4d" => "ACKNOWLEDGED",
+        "0xffff00ed" => "application_name",
+        "0xffff00f1" => "business_unit_l1",
+        "0xffff00f2" => "business_unit_l2",
+        "0xffff00f3" => "business_unit_l3",
+        "0xffff00f4" => "business_unit_l4",
+        "0xffff00f0" => "cmdb_ci_sysid",
+
+        #{}"0x11f51" => "CLEARED_BY_USER_NAME",
+        #{}"0x11f52" => "EVENT_ID_LIST",
+        #{}"0x11f53" => "MODEL_HANDLE",
+        #{}"0x11f54" => "PRIMARY_ALARM",
+        #{}"0x11fc4" => "ALARM_SOURCE",
+        #{}"0x11fc6" => "TROUBLE_SHOOTER_MH",
+        #{}"0x12a6c" => "TROUBLE_SHOOTER_EMAIL",
+        #{}"0x1290d" => "IMPACT_SEVERITY",
+        #{}"0x1290e" => "IMPACT_SCOPE",
+        #{}"0x1298a" => "IMPACT_TYPE_LIST",
+        #{}"0x12948" => "DIAGNOSIS_LOG",
+        #{}"0x129aa" => "MODEL_ID",
+        #{}"0x129ab" => "MODEL_TYPE_ID",
+        #{}"0x129af" => "CLEAR_DATE",
+        #{}"0x12a04" => "SYMPTOM_LIST_ATTR",
+        #{}"0x12a6f" => "EVENT_SYMPTOM_LIST_ATTR",
+        #{}"0x12a05" => "CAUSE_LIST_ATTR",
+        #{}"0x12a06" => "SYMPTOM_COUNT_ATTR",
+        #{}"0x12a70" => "EVENT_SYMPTOM_COUNT_ATTR",
+        #{}"0x12a07" => "CAUSE_COUNT_ATTR",
+        #{}"0x12a63" => "WEB_CONTEXT_URL",
+        #{}"0x12a6b" => "COMBINED_IMPACT_TYPE_LIST",
+        #{}"0x11f50" => "CAUSE_CODE",
+        #{}"0x10009" => "SECURITY_STRING"
+      }
+      # Create XML chunk for attributes we care about
+      @attr_of_interest=""
+      @spectrum_access_code.each do |key, array|
+        @attr_of_interest += " <rs:requested-attribute id=\"#{key}\"/>"
+      end
+
+
+      # Setup URL Resource
+      	@url = 'http://' + @endpoint.to_s + '/spectrum/restful/alarms/'
+   end
+
+  def parse_rename_rule rule
+    if rule.match /^([^\s]+)\s+(.+)$/
+      return $~.captures
+    end
+  end
+
+    # This method is called when starting.
+    def start
+      super
+    end
+
+    # This method is called when shutting down.
+    def shutdown
+      super
+    end
+
+    # This method is called when an event reaches Fluentd.
+    # 'es' is a Fluent::EventStream object that includes multiple events.
+    # You can use 'es.each {|time,record["event"]| ... }' to retrieve events.
+    # 'chain' is an object that manages transactions. Call 'chain.next' at
+    # appropriate points and rollback if it raises an exception.
+    #
+    # NOTE! This method is called by Fluentd's main thread so you should not write slow routine here. It causes Fluentd's performance degression.
+    def emit(tag, es, chain)
+      chain.next
+      es.each {|time,record|
+        $stderr.puts "OK!"
+	## Check if the incoming event already has an event id (alarm id) and a corresponding tag of spectrum 
+	if (record["event"].has_key?("source_event_id") && record["event"].has_key?("event_type"))  
+		# If the value on event_type is spectrum, then it means that ti is already from spectrum and needs an update		
+		if (record["event"].has_value?("alert.spectrum"))
+
+			# Create an empty hash
+			alertUpdateHash=Hash.new
+
+			# Parse thro the array hash that contains name value pairs for hash mapping and add new records to a new hash
+			@rename_rules.each { |rule| 
+				pp rule[:new_key]
+				alertUpdateHash[rule[:key_regexp]]=record["event"][rule[:new_key]]
+			}
+			# construct the url and iterate to construct the uri
+			@urlrest = @url + record["event"]["source_event_id"]
+       			alertUpdateHash.each do |attr, val| 
+				if (val.nil? || val.empty?)
+					next
+				else
+					if (@urlrest =~ /#{record["event"]["source_event_id"]}\s*$/)
+						@urlrest = @urlrest + "?attr=" + attr + "&val=" + CGI.escape(val.to_s)
+					else
+						@urlrest = @urlrest + "&attr=" + attr + "&val=" + CGI.escape(val.to_s)
+					end
+				end
+			end	
+			
+			$log.info "Rest url " + @urlrest
+       			#RestClient::Resource.new(@user,@pass)
+			begin		
+				responsePostAffEnt=RestClient::Resource.new(@urlrest,@user,@pass).put(@urlrest,:content_type => 'application/json')
+			rescue Exception => e 
+				$log.error "Error in restful put call."
+				log.error e.backtrace.inspect
+				$log.error responsePostAffEnt
+			end
+		
+		else
+
+			# For now just throw to stdout
+			$log.info record["event"]
+
+		end		
+
+	end
+      }
+    end
+  end
+end

data/sample/spectrum.conf.advanced_sample

@@ -0,0 +1,35 @@
+<source>
+	type spectrum
+    endpoint spectrum.changeme.com
+    user changeme
+    pass changeme
+    tag alert.spectrum
+    interval 60
+    include_raw true
+</source>
+
+<match alert.spectrum>
+    type rename_key
+    deep_rename false
+    remove_tag_prefix alert.spectrum
+    append_tag alert
+    rename_rule1 HOSTNAME source_hostname
+    rename_rule2 IP_ADDRESS source_ip
+    rename_rule3 ALARM_TITLE event_name
+    rename_rule4 SEVERITY criticality
+    rename_rule5 CREATION_DATE creation_time
+    rename_rule6 ORIGINATING_EVENT_ATTR alert_description
+    rename_rule7 MODEL_STRING source_type
+    rename_rule8 ALARM_ID source_event_id
+    rename_rule9 GC_NAME environment
+</match>
+
+<match alert>
+    type key_picker
+    keys event_type,intermediary_source,source_event_id,creation_time,criticality,event_name,source_hostname,source_ip,alert_description,source_type,environment,raw
+    add_tag_prefix processed.
+</match>
+
+<match processed.alert>
+    type stdout
+</match>

data/sample/spectrum.conf.sample

@@ -1,8 +1,13 @@
 <source>
-  type spectrum
-  tag alert.spectrum
+	type spectrum
+	endpoint spectrum.changeme.com
+	user changeme
+    pass changeme
+    tag alert.spectrum
+    interval 60
+    include_raw false
 </source>
 
-<match alert.spectrum*>
-  type stdout
-</match>
+<match alert.spectrum>
+    type stdout
+</match>

data/test/plugin/test_in_spectrum.rb

@@ -6,9 +6,6 @@ class SpectrumInputTest < Test::Unit::TestCase
   end
 
   CONFIG = %[
-    host 0
-    port 1062
-    tag alert.spectrum
   ]
 
   def create_driver(conf=CONFIG)
@@ -17,8 +14,11 @@ class SpectrumInputTest < Test::Unit::TestCase
 
   def test_configure
     d = create_driver('')
-    assert_equal "0".to_i, d.instance.host
-    assert_equal "1062".to_i, d.instance.port
+    #assert_equal "pleasechangeme.com", d.instance.endpoint
+    #assert_equal "username", d.instance.user
+    #assert_equal "password", d.instance.pass
+    assert_equal "300".to_i, d.instance.interval
+    assert_equal "false", d.instance.include_raw
     assert_equal 'alert.spectrum', d.instance.tag
   end
 end

metadata

@@ -1,107 +1,111 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-spectrum
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.5
 platform: ruby
 authors:
 - Alex Pena
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-02-24 00:00:00.000000000 Z
+date: 2015-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.6
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.9'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.6
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.10'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.10.52
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '0.10'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 0.10.52
 - !ruby/object:Gem::Dependency
   name: json
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.2
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.1'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.8.2
 - !ruby/object:Gem::Dependency
   name: rest-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.7.3
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.7'
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: 1.7.3
-description: Fluentd plugin for Spectrum Alerts... WIP
+description: Fluentd plugin for pulling monitoring alerts from CA Spectrum
 email:
-- alex_pena@intuit.com
+- pena.alex@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".gitignore"
+- ".travis.yml"
 - Gemfile
 - README.md
 - Rakefile
 - fluent-plugin-spectrum.gemspec
 - lib/fluent/plugin/in_spectrum.rb
+- lib/fluent/plugin/out_spectrum.rb
+- sample/spectrum.conf.advanced_sample
 - sample/spectrum.conf.sample
 - test/helper.rb
 - test/plugin/test_in_spectrum.rb
@@ -115,20 +119,20 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.3.0
+rubygems_version: 2.4.5
 signing_key: 
 specification_version: 4
-summary: Fluentd input plugin for Spectrum Alerts
+summary: Fluentd input plugin for pulling alerts from CA Spectrum
 test_files:
 - test/helper.rb
 - test/plugin/test_in_spectrum.rb