fluent-plugin-unomaly 0.1.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 4a41939225a6e96abf03128b090d945ec10d565df3d6f918c0fa7acae6c454b3
4
+ data.tar.gz: b6fbaa7088611b174780cf37127ba38c53a19cb8f57f6ef0b39f0f9e571f7962
5
+ SHA512:
6
+ metadata.gz: d910ee8cfcc29d653528376e5b998a49f3c41e05c9693b1d37e48ccecf4fcfe05448f3c8d2c11b918021078ac885afef6c53c80aad9ab6cac5bfd0b1ab191131
7
+ data.tar.gz: 7162b2702e21e161fb09c2ff45ac3cb5dbc60e4360ae3b76ebfd5e4c3cf9afd270f15b7abf4304b73d5cfec8a9ab3b7f103b38d557e1c08f13d986cbc18a3522
data/.gitignore ADDED
@@ -0,0 +1,2 @@
1
+ *.gem
2
+ *.lock
data/.travis.yml ADDED
@@ -0,0 +1,19 @@
1
+ language: ruby
2
+ rvm:
3
+ - 2.5.0
4
+ gemfile:
5
+ - Gemfile
6
+
7
+ before_install: gem update bundler
8
+ script:
9
+ - bundle install
10
+ - bundle exec rake test
11
+ sudo: false
12
+
13
+ deploy:
14
+ provider: rubygems
15
+ api_key:
16
+ secure: LfVGVLEVibxY7IlJAP5T04O02Lz2xT0Z60EVCR3kLy4oaEJowHptuv3F0FF7kZlSJOKmFc1Ibvtebx7vsqIpcNCPt/wOKUQ/fjf1KRBkEuaDwRq/rOpHlBJNJtdF7PrquzuRV2Y7UKGfKjGVgn9rjykzHxFwtuWiDnMxaMADAqMPK3p7CLBixEHQ2Wpyi5/wNJo2k5YIyd/SSIiYiP5ey0n981cBNVTQnjMbhyBoWSjn4GFkmRflPht04ZrF8jyFOYkC7HvQsz3d0oBB+GOXXiZlhb1xZvH2ScRi/2U/rzw61Lqi0mZjEiavtmNgco2bR3+AfgikAI+iH0+lZqPhwZkig2X7SwZYHQIrPUxPp4C1Iwbe6TJgQXgxQ7Fa624p0DmkJan96yqN3iKLm9rz3A64nncyAJLN+2UfngLLtGhGzNeT8w9q/SNmX3N92qQKNH4qqXIe+gCxtxXiJUwbFxn66AY+2s007M9K8xK1iHn6twsQYk5c6Q+j+x3S1JbBvJflM1XQjivoAJ73R2TTui+H5QKo4ZePuESKYkdtxl+qn34OY23HuCJtd5S0YDY9YhlRyot0uqAYtijroEsR53of9KF3nbebKZGnOml6yohSGPx/wTuCDpRKszSfJfjHvoF1ntlM2d+xA/T7LxqFDJbmZkEtaQjp4c9gpCfy05M=
17
+ gem: fluent-plugin-unomaly
18
+ on:
19
+ tags: true
data/CHANGELOG.md ADDED
@@ -0,0 +1,3 @@
1
+ # v0.1.2
2
+
3
+ - First public release on rubygems
data/Dockerfile ADDED
@@ -0,0 +1,7 @@
1
+ FROM ruby:latest
2
+ RUN mkdir /unomaly
3
+ COPY ./ unomaly
4
+ WORKDIR /unomaly
5
+ RUN bundle install
6
+ RUN bundle exec rake test
7
+ RUN gem build fluent-plugin-unomaly.gemspec
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2018 Unomaly
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,36 @@
1
+ # fluent-plugin-unomaly
2
+
3
+ [![Build Status](https://travis-ci.org/unomaly/fluent-plugin-unomaly.svg?branch=master)](https://travis-ci.org/unomaly/fluent-plugin-unomaly)
4
+
5
+ This plugin sends Fluents records to the [Unomaly](https://www.unomaly.com) ingestion API (min version Unomaly 2.27).
6
+
7
+ ## Getting started
8
+
9
+ - Install plugin `gem install fluent-plugin-unomaly`
10
+ - Add to `fluent.conf`
11
+
12
+ Minimal configuration:
13
+
14
+ ```
15
+ <match tag>
16
+ @type unomaly
17
+ host https://my-unomaly.instance
18
+ flush_interval 1s
19
+ source_key host
20
+ message_key message
21
+ </match>
22
+ ```
23
+
24
+ # Important configuration options
25
+
26
+ | Option | Description | Default |
27
+ | ------------------------ | --------------------------------------------------------------------------------- | ---------- |
28
+ | host | Unomaly instance address. Must define full path such as "https://my-instance:443" | No default |
29
+ | message_key | The key in the Logstash event that Unomaly should use for anomaly detection. | "message" |
30
+ | source_key | The event key defining the Unomaly system. | "host" |
31
+ | accept_self_signed_certs | Accept self signed SSL certificate | "false" |
32
+
33
+ ## Contributing
34
+
35
+ Bug reports and pull requests are welcome. This project is intended to
36
+ be a safe, welcoming space for collaboration.
data/Rakefile ADDED
@@ -0,0 +1,12 @@
1
+ require 'bundler'
2
+ Bundler::GemHelper.install_tasks
3
+
4
+ require 'rake/testtask'
5
+
6
+ Rake::TestTask.new(:test) do |test|
7
+ test.libs << 'lib' << 'test'
8
+ test.test_files = FileList['test/plugin/test_*.rb']
9
+ test.verbose = true
10
+ end
11
+
12
+ task :default => [:build]
@@ -0,0 +1,6 @@
1
+ ruby:
2
+ build: .
3
+ volumes:
4
+ - ./:/unomaly
5
+ command:
6
+ - sh
@@ -0,0 +1,27 @@
1
+ Gem::Specification.new do |spec|
2
+ spec.name = 'fluent-plugin-unomaly'
3
+ spec.version = '0.1.2'
4
+
5
+ spec.summary = "Fluentd output plugin for Unomaly"
6
+ spec.description = "Fluentd output plugin for Unomaly"
7
+ spec.authors = ['Unomaly']
8
+ spec.email = 'support@unomaly.com'
9
+ spec.files = []
10
+ spec.homepage = 'https://github.com/unomaly/fluent-plugin-unomaly'
11
+ spec.license = 'MIT'
12
+
13
+ spec.files = `git ls-files -z`.split("\x0").reject do |f|
14
+ f.match(%r{^(test|spec|features)/})
15
+ end
16
+ spec.require_paths = ["lib"]
17
+
18
+ spec.required_ruby_version = '>= 2.0.0'
19
+
20
+ spec.add_runtime_dependency "fluentd", "~> 0.12"
21
+ spec.add_runtime_dependency "http", "< 3"
22
+
23
+ spec.add_development_dependency "bundler", "~> 1.7"
24
+ spec.add_development_dependency "rake", "~> 10.0"
25
+ spec.add_development_dependency "webmock", "~> 2.1"
26
+ spec.add_development_dependency "test-unit"
27
+ end
@@ -0,0 +1,133 @@
1
+ require 'fluent/output'
2
+ require 'date'
3
+ require 'time'
4
+ require 'uri'
5
+ require 'net/http'
6
+ require 'net/https'
7
+
8
+ module Fluent
9
+ class UnomalyOutput < BufferedOutput
10
+ Fluent::Plugin.register_output('unomaly', self)
11
+
12
+ # config_param defines a parameter. You can refer a parameter via @path instance variable
13
+
14
+ # Event batch size to send to Unomaly. Increasing the batch size can increase throughput by reducing HTTP overhead
15
+ config_param :batch_size, :integer, :default => 50
16
+
17
+ # Unomaly host to send the logs to
18
+ config_param :host, :string
19
+
20
+ # Key that will be used by Unomaly as the log message
21
+ config_param :message_key, :string, :default => "message"
22
+
23
+ # Key that will be used by Unomaly as the log message
24
+ config_param :date_key, :string, :default => nil
25
+
26
+ # Key that will be used by Unomaly as the system key
27
+ config_param :source_key, :string, :default => "host"
28
+
29
+ # Unomaly api path to push events
30
+ config_param :api_path, :string, :default => "/v1/batch"
31
+
32
+ # Display debug logs
33
+ config_param :debug, :bool, :default => false
34
+
35
+ config_param :accept_self_signed_certs, :bool, :default => false
36
+
37
+ # This method is called before starting.
38
+ # 'conf' is a Hash that includes configuration parameters.
39
+ # If the configuration is invalid, raise Fluent::ConfigError.
40
+ def configure(conf)
41
+ super
42
+ conf["buffer_chunk_limit"] ||= "500k"
43
+ conf["flush_interval"] ||= "1s"
44
+ end
45
+
46
+ # This method is called when starting.
47
+ # Open sockets or files here.
48
+ def start
49
+ super
50
+ end
51
+
52
+ # This method is called when shutting down.
53
+ # Shutdown the thread and close sockets or files here.
54
+ def shutdown
55
+ super
56
+ end
57
+
58
+ # This method is called when an event reaches to Fluentd.
59
+ # Convert the event to a raw string.
60
+ def format(tag, time, record)
61
+ [tag, time, record].to_msgpack
62
+ end
63
+
64
+ # This method is called every flush interval. Write the buffer chunk
65
+ # to files or databases here.
66
+ # 'chunk' is a buffer chunk that includes multiple formatted
67
+ # events. You can use 'data = chunk.read' to get all events and
68
+ # 'chunk.open {|io| ... }' to get IO objects.
69
+ #
70
+ # NOTE! This method is called by internal thread, not Fluentd's main thread. So IO wait doesn't affect other plugins.
71
+ def write(chunk)
72
+ documents = []
73
+ chunk.msgpack_each do |(tag, time, record)|
74
+ unomaly_event = {
75
+ message: record[@message_key],
76
+ source: record[@source_key],
77
+ timestamp: Time.at(time).utc.to_datetime.rfc3339
78
+ }
79
+ metadata = record.to_hash
80
+
81
+ metadata.delete(@source_key)
82
+ metadata.delete(@message_key)
83
+ metadata["tag"]=tag
84
+
85
+ unomaly_event["metadata"]=flatten(metadata,"")
86
+
87
+ documents.push(unomaly_event)
88
+ end
89
+ send_batch(documents)
90
+ end
91
+
92
+ def send_batch(events)
93
+ url = @host + @api_path
94
+ body = events.to_json
95
+ uri = URI.parse(url)
96
+ header = {'Content-Type' => 'application/json'}
97
+
98
+ http = Net::HTTP.new(uri.host, uri.port)
99
+ http.use_ssl = true
100
+ if @accept_self_signed_certs
101
+ http.verify_mode = OpenSSL::SSL::VERIFY_NONE
102
+ end
103
+
104
+ request = Net::HTTP::Post.new(uri.request_uri, header)
105
+ request.body = body
106
+
107
+ resp = http.request(request)
108
+ if !resp.kind_of? Net::HTTPSuccess
109
+ log.error "Error sending batch #{resp.to_s}"
110
+ end
111
+ end
112
+
113
+
114
+ def flatten(data, prefix)
115
+ ret = {}
116
+ if data.is_a? Hash
117
+ data.each { |key, value|
118
+ if prefix.to_s.empty?
119
+ ret.merge! flatten(value, "#{key.to_s}")
120
+ else
121
+ ret.merge! flatten(value, "#{prefix}.#{key.to_s}")
122
+ end
123
+ }
124
+ elsif data.is_a? Array
125
+ data.each_with_index {|val,index | ret.merge! flatten(val, "#{prefix}.#{index}")}
126
+ else
127
+ return {prefix => data.to_s}
128
+ end
129
+
130
+ ret
131
+ end
132
+ end
133
+ end
metadata ADDED
@@ -0,0 +1,138 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: fluent-plugin-unomaly
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.2
5
+ platform: ruby
6
+ authors:
7
+ - Unomaly
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2018-12-04 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ name: fluentd
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - "~>"
18
+ - !ruby/object:Gem::Version
19
+ version: '0.12'
20
+ type: :runtime
21
+ prerelease: false
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '0.12'
27
+ - !ruby/object:Gem::Dependency
28
+ name: http
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "<"
32
+ - !ruby/object:Gem::Version
33
+ version: '3'
34
+ type: :runtime
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "<"
39
+ - !ruby/object:Gem::Version
40
+ version: '3'
41
+ - !ruby/object:Gem::Dependency
42
+ name: bundler
43
+ requirement: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - "~>"
46
+ - !ruby/object:Gem::Version
47
+ version: '1.7'
48
+ type: :development
49
+ prerelease: false
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - "~>"
53
+ - !ruby/object:Gem::Version
54
+ version: '1.7'
55
+ - !ruby/object:Gem::Dependency
56
+ name: rake
57
+ requirement: !ruby/object:Gem::Requirement
58
+ requirements:
59
+ - - "~>"
60
+ - !ruby/object:Gem::Version
61
+ version: '10.0'
62
+ type: :development
63
+ prerelease: false
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: '10.0'
69
+ - !ruby/object:Gem::Dependency
70
+ name: webmock
71
+ requirement: !ruby/object:Gem::Requirement
72
+ requirements:
73
+ - - "~>"
74
+ - !ruby/object:Gem::Version
75
+ version: '2.1'
76
+ type: :development
77
+ prerelease: false
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - "~>"
81
+ - !ruby/object:Gem::Version
82
+ version: '2.1'
83
+ - !ruby/object:Gem::Dependency
84
+ name: test-unit
85
+ requirement: !ruby/object:Gem::Requirement
86
+ requirements:
87
+ - - ">="
88
+ - !ruby/object:Gem::Version
89
+ version: '0'
90
+ type: :development
91
+ prerelease: false
92
+ version_requirements: !ruby/object:Gem::Requirement
93
+ requirements:
94
+ - - ">="
95
+ - !ruby/object:Gem::Version
96
+ version: '0'
97
+ description: Fluentd output plugin for Unomaly
98
+ email: support@unomaly.com
99
+ executables: []
100
+ extensions: []
101
+ extra_rdoc_files: []
102
+ files:
103
+ - ".gitignore"
104
+ - ".travis.yml"
105
+ - CHANGELOG.md
106
+ - Dockerfile
107
+ - Gemfile
108
+ - LICENSE
109
+ - README.md
110
+ - Rakefile
111
+ - docker-compose.yml
112
+ - fluent-plugin-unomaly.gemspec
113
+ - lib/fluentd/plugin/out_unomaly.rb
114
+ homepage: https://github.com/unomaly/fluent-plugin-unomaly
115
+ licenses:
116
+ - MIT
117
+ metadata: {}
118
+ post_install_message:
119
+ rdoc_options: []
120
+ require_paths:
121
+ - lib
122
+ required_ruby_version: !ruby/object:Gem::Requirement
123
+ requirements:
124
+ - - ">="
125
+ - !ruby/object:Gem::Version
126
+ version: 2.0.0
127
+ required_rubygems_version: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - ">="
130
+ - !ruby/object:Gem::Version
131
+ version: '0'
132
+ requirements: []
133
+ rubyforge_project:
134
+ rubygems_version: 2.7.8
135
+ signing_key:
136
+ specification_version: 4
137
+ summary: Fluentd output plugin for Unomaly
138
+ test_files: []