logstash-filter-dns 0.1.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    ZGQ1ZTdjOWUwOTFhNTljZDA2MTZkZWY4ZDIwMTI0N2Y3Mzg1YjJkMw==
+  data.tar.gz: !binary |-
+    MDlmNGYyMzQ0MGY3MjE0MWY3NWE4NzUwMTZhMTc2MjMyMjcxMDdkNw==
+SHA512:
+  metadata.gz: !binary |-
+    ZjNjNTNlMzE4N2YxMzQ3YWQ2OWNhOWNkMjdlNWQ3MmNmYWNkZTIwMmI3ODVk
+    NmE2ODlkOGZlNjE1NTg5MmY0NTdkODI2YTdiYTg3ZWQ4ZDEwMWQ5ZDc5ZWVi
+    Mjc5YzEwOTVkMDRkOGY2ZDk4OGU4Y2FiOTQxM2E3MzhkODlmYjg=
+  data.tar.gz: !binary |-
+    MDYwNjI5YWY2Y2RmMDIzOGMwZTgxNDJjMjQ1MjExODU3NzMxMDVlZGZiZjA0
+    ZjA2Zjk1MDc4NmIyYWM1YTM0MzMzN2VlZmI0YzkyMWFmZmJkYjY2MTE2ODQ0
+    ZWRlODM1NTQzYjc1NzMwY2U2YjM5OTk1Y2E4NDIwYTVkNzBjOGU=

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+Gemfile.lock
+.bundle
+vendor

data/1795.patch

@@ -0,0 +1,61 @@
+From 2fae9033755a082b282d9f2e070e0e026154d88a Mon Sep 17 00:00:00 2001
+From: Joao Duarte <jsvduarte@gmail.com>
+Date: Sat, 27 Sep 2014 23:59:50 +0200
+Subject: [PATCH] Fix add_tag behaviour in dns filter
+
+The filter should only modify the event's fields and tags if and only if
+all resolves/reverses succeed. So we clone the event, modify the new
+copy and return it if all operations succeed. Otherwise the original
+event is not modified.
+
+For performance reasons we could reverse the clone logic: clone the
+event, modify the original event and, it case of failure, return the
+backup.
+
+Note: this changes the dns filter behaviour towards add_tag
+---
+ lib/logstash/filters/dns.rb | 12 ++++++---
+ spec/filters/dns_spec.rb         | 60 ++++++++++++++++++++++++++++++++++++++++++++-
+ 2 files changed, 68 insertions(+), 4 deletions(-)
+
+diff --git a/lib/logstash/filters/dns.rb b/lib/logstash/filters/dns.rb
+index 46bb075..f23b819 100644
+--- a/lib/logstash/filters/dns.rb
++++ b/lib/logstash/filters/dns.rb
+@@ -70,11 +70,14 @@ def register
+   def filter(event)
+     return unless filter?(event)
+ 
++    new_event = event.clone
++
+     if @resolve
+       begin
+         status = Timeout::timeout(@timeout) {
+-          resolve(event)
++          resolve(new_event)
+         }
++        return if status.nil?
+       rescue Timeout::Error
+         @logger.debug("DNS: resolve action timed out")
+         return
+@@ -84,15 +87,18 @@ def filter(event)
+     if @reverse
+       begin
+         status = Timeout::timeout(@timeout) {
+-          reverse(event)
++          reverse(new_event)
+         }
++        return if status.nil?
+       rescue Timeout::Error
+         @logger.debug("DNS: reverse action timed out")
+         return
+       end
+     end
+ 
+-    filter_matched(event)
++    filter_matched(new_event)
++    yield new_event
++    event.cancel
+   end
+ 
+   private

data/Gemfile

@@ -0,0 +1,3 @@
+source 'http://rubygems.org'
+gem 'rake'
+gem 'gem_publisher'

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012-2014 Elasticsearch <http://www.elasticsearch.org>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/Rakefile

@@ -0,0 +1,6 @@
+@files=[]
+
+task :default do
+  system("rake -T")
+end
+

data/lib/logstash/filters/dns.rb

@@ -0,0 +1,209 @@
+# encoding: utf-8
+# DNS Filter
+#
+# This filter will resolve any IP addresses from a field of your choosing.
+#
+
+require "logstash/filters/base"
+require "logstash/namespace"
+
+# The DNS filter performs a lookup (either an A record/CNAME record lookup
+# or a reverse lookup at the PTR record) on records specified under the
+# "reverse" and "resolve" arrays.
+#
+# The config should look like this:
+#
+#     filter {
+#       dns {
+#         type => 'type'
+#         reverse => [ "source_host", "field_with_address" ]
+#         resolve => [ "field_with_fqdn" ]
+#         action => "replace"
+#       }
+#     }
+#
+# Caveats: at the moment, there's no way to tune the timeout with the 'resolv'
+# core library.  It does seem to be fixed in here:
+#
+#   http://redmine.ruby-lang.org/issues/5100
+#
+# but isn't currently in JRuby.
+class LogStash::Filters::DNS < LogStash::Filters::Base
+
+  config_name "dns"
+  milestone 2
+
+  # Reverse resolve one or more fields.
+  config :reverse, :validate => :array
+
+  # Forward resolve one or more fields.
+  config :resolve, :validate => :array
+
+  # Determine what action to do: append or replace the values in the fields
+  # specified under "reverse" and "resolve."
+  config :action, :validate => [ "append", "replace" ], :default => "append"
+
+  # Use custom nameserver.
+  config :nameserver, :validate => :string
+
+  # TODO(sissel): make 'action' required? This was always the intent, but it
+  # due to a typo it was never enforced. Thus the default behavior in past
+  # versions was 'append' by accident.
+
+  # resolv calls will be wrapped in a timeout instance
+  config :timeout, :validate => :number, :default => 2
+
+  public
+  def register
+    require "resolv"
+    require "timeout"
+    if @nameserver.nil?
+      @resolv = Resolv.new
+    else
+      @resolv = Resolv.new(resolvers=[::Resolv::Hosts.new, ::Resolv::DNS.new(:nameserver => [@nameserver], :search => [], :ndots => 1)])
+    end
+
+    @ip_validator = Resolv::AddressRegex
+  end # def register
+
+  public
+  def filter(event)
+    return unless filter?(event)
+
+    new_event = event.clone
+
+    if @resolve
+      begin
+        status = Timeout::timeout(@timeout) {
+          resolve(new_event)
+        }
+        return if status.nil?
+      rescue Timeout::Error
+        @logger.debug("DNS: resolve action timed out")
+        return
+      end
+    end
+
+    if @reverse
+      begin
+        status = Timeout::timeout(@timeout) {
+          reverse(new_event)
+        }
+        return if status.nil?
+      rescue Timeout::Error
+        @logger.debug("DNS: reverse action timed out")
+        return
+      end
+    end
+
+    filter_matched(new_event)
+    yield new_event
+    event.cancel
+  end
+
+  private
+  def resolve(event)
+    @resolve.each do |field|
+      is_array = false
+      raw = event[field]
+      if raw.is_a?(Array)
+        is_array = true
+        if raw.length > 1
+          @logger.warn("DNS: skipping resolve, can't deal with multiple values", :field => field, :value => raw)
+          return
+        end
+        raw = raw.first
+      end
+
+      begin
+        # in JRuby 1.7.11 outputs as US-ASCII
+        address = @resolv.getaddress(raw).force_encoding(Encoding::UTF_8)
+      rescue Resolv::ResolvError
+        @logger.debug("DNS: couldn't resolve the hostname.",
+                      :field => field, :value => raw)
+        return
+      rescue Resolv::ResolvTimeout
+        @logger.debug("DNS: timeout on resolving the hostname.",
+                      :field => field, :value => raw)
+        return
+      rescue SocketError => e
+        @logger.debug("DNS: Encountered SocketError.",
+                      :field => field, :value => raw)
+        return
+      rescue NoMethodError => e
+        # see JRUBY-5647
+        @logger.debug("DNS: couldn't resolve the hostname.",
+                      :field => field, :value => raw,
+                      :extra => "NameError instead of ResolvError")
+        return
+      end
+
+      if @action == "replace"
+        if is_array
+          event[field] = [address]
+        else
+          event[field] = address
+        end
+      else
+        if !is_array
+          event[field] = [event[field], address]
+        else
+          event[field] << address
+        end
+      end
+
+    end
+  end
+
+  private
+  def reverse(event)
+    @reverse.each do |field|
+      raw = event[field]
+      is_array = false
+      if raw.is_a?(Array)
+          is_array = true
+          if raw.length > 1
+            @logger.warn("DNS: skipping reverse, can't deal with multiple values", :field => field, :value => raw)
+            return
+          end
+          raw = raw.first
+      end
+
+      if ! @ip_validator.match(raw)
+        @logger.debug("DNS: not an address",
+                      :field => field, :value => event[field])
+        return
+      end
+      begin
+        # in JRuby 1.7.11 outputs as US-ASCII
+        hostname = @resolv.getname(raw).force_encoding(Encoding::UTF_8)
+      rescue Resolv::ResolvError
+        @logger.debug("DNS: couldn't resolve the address.",
+                      :field => field, :value => raw)
+        return
+      rescue Resolv::ResolvTimeout
+        @logger.debug("DNS: timeout on resolving address.",
+                      :field => field, :value => raw)
+        return
+      rescue SocketError => e
+        @logger.debug("DNS: Encountered SocketError.",
+                      :field => field, :value => raw)
+        return
+      end
+
+      if @action == "replace"
+        if is_array
+          event[field] = [hostname]
+        else
+          event[field] = hostname
+        end
+      else
+        if !is_array
+          event[field] = [event[field], hostname]
+        else
+          event[field] << hostname
+        end
+      end
+    end
+  end
+end # class LogStash::Filters::DNS

data/logstash-filter-dns.gemspec

@@ -0,0 +1,26 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-filter-dns'
+  s.version         = '0.1.0'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "This filter will resolve any IP addresses from a field of your choosing."
+  s.description     = "The DNS filter performs a lookup (either an A record/CNAME record lookup or a reverse lookup at the PTR record) on records specified under the 'reverse' and 'resolve' arrays."
+  s.authors         = ["Elasticsearch"]
+  s.email           = 'richard.pijnenburg@elasticsearch.com'
+  s.homepage        = "http://logstash.net/"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = `git ls-files`.split($\)+::Dir.glob('vendor/*')
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "group" => "filter" }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
+
+end
+

data/rakelib/publish.rake

@@ -0,0 +1,9 @@
+require "gem_publisher"
+
+desc "Publish gem to RubyGems.org"
+task :publish_gem do |t|
+  gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
+  gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
+  puts "Published #{gem}" if gem
+end
+

data/rakelib/vendor.rake

@@ -0,0 +1,169 @@
+require "net/http"
+require "uri"
+require "digest/sha1"
+
+def vendor(*args)
+  return File.join("vendor", *args)
+end
+
+directory "vendor/" => ["vendor"] do |task, args|
+  mkdir task.name
+end
+
+def fetch(url, sha1, output)
+
+  puts "Downloading #{url}"
+  actual_sha1 = download(url, output)
+
+  if actual_sha1 != sha1
+    fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
+  end
+end # def fetch
+
+def file_fetch(url, sha1)
+  filename = File.basename( URI(url).path )
+  output = "vendor/#{filename}"
+  task output => [ "vendor/" ] do
+    begin
+      actual_sha1 = file_sha1(output)
+      if actual_sha1 != sha1
+        fetch(url, sha1, output)
+      end
+    rescue Errno::ENOENT
+      fetch(url, sha1, output)
+    end
+  end.invoke
+
+  return output
+end
+
+def file_sha1(path)
+  digest = Digest::SHA1.new
+  fd = File.new(path, "r")
+  while true
+    begin
+      digest << fd.sysread(16384)
+    rescue EOFError
+      break
+    end
+  end
+  return digest.hexdigest
+ensure
+  fd.close if fd
+end
+
+def download(url, output)
+  uri = URI(url)
+  digest = Digest::SHA1.new
+  tmp = "#{output}.tmp"
+  Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
+    request = Net::HTTP::Get.new(uri.path)
+    http.request(request) do |response|
+      fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
+      size = (response["content-length"].to_i || -1).to_f
+      count = 0
+      File.open(tmp, "w") do |fd|
+        response.read_body do |chunk|
+          fd.write(chunk)
+          digest << chunk
+          if size > 0 && $stdout.tty?
+            count += chunk.bytesize
+            $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
+          end
+        end
+      end
+      $stdout.write("\r      \r") if $stdout.tty?
+    end
+  end
+
+  File.rename(tmp, output)
+
+  return digest.hexdigest
+rescue SocketError => e
+  puts "Failure while downloading #{url}: #{e}"
+  raise
+ensure
+  File.unlink(tmp) if File.exist?(tmp)
+end # def download
+
+def untar(tarball, &block)
+  require "archive/tar/minitar"
+  tgz = Zlib::GzipReader.new(File.open(tarball))
+  # Pull out typesdb
+  tar = Archive::Tar::Minitar::Input.open(tgz)
+  tar.each do |entry|
+    path = block.call(entry)
+    next if path.nil?
+    parent = File.dirname(path)
+    
+    mkdir_p parent unless File.directory?(parent)
+
+    # Skip this file if the output file is the same size
+    if entry.directory?
+      mkdir path unless File.directory?(path)
+    else
+      entry_mode = entry.instance_eval { @mode } & 0777
+      if File.exists?(path)
+        stat = File.stat(path)
+        # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
+        # expose headers in the entry.
+        entry_size = entry.instance_eval { @size }
+        # If file sizes are same, skip writing.
+        next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
+      end
+      puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
+      File.open(path, "w") do |fd|
+        # eof? check lets us skip empty files. Necessary because the API provided by
+        # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
+        # IO object. Something about empty files in this EntryStream causes
+        # IO.copy_stream to throw "can't convert nil into String" on JRuby
+        # TODO(sissel): File a bug about this.
+        while !entry.eof?
+          chunk = entry.read(16384)
+          fd.write(chunk)
+        end
+          #IO.copy_stream(entry, fd)
+      end
+      File.chmod(entry_mode, path)
+    end
+  end
+  tar.close
+  File.unlink(tarball) if File.file?(tarball)
+end # def untar
+
+def ungz(file)
+
+  outpath = file.gsub('.gz', '')
+  tgz = Zlib::GzipReader.new(File.open(file))
+  begin
+    File.open(outpath, "w") do |out|
+      IO::copy_stream(tgz, out)
+    end
+    File.unlink(file)
+  rescue
+    File.unlink(outpath) if File.file?(outpath)
+   raise
+  end
+  tgz.close
+end
+
+desc "Process any vendor files required for this plugin"
+task "vendor" do |task, args|
+
+  @files.each do |file| 
+    download = file_fetch(file['url'], file['sha1'])
+    if download =~ /.tar.gz/
+      prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
+      untar(download) do |entry|
+        if !file['files'].nil?
+          next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
+          out = entry.full_name.split("/").last
+        end
+        File.join('vendor', out)
+      end
+    elsif download =~ /.gz/
+      ungz(download)
+    end
+  end
+
+end

data/spec/filters/dns_spec.rb

@@ -0,0 +1,209 @@
+# encoding: utf-8
+require "spec_helper"
+require "logstash/filters/dns"
+require "resolv"
+
+describe LogStash::Filters::DNS do
+  before(:each) do
+    allow_any_instance_of(Resolv).to receive(:getaddress).with("carrera.databits.net").and_return("199.192.228.250")
+    allow_any_instance_of(Resolv).to receive(:getaddress).with("does.not.exist").and_raise(Resolv::ResolvError)
+    allow_any_instance_of(Resolv).to receive(:getaddress).with("nonexistanthostname###.net").and_raise(Resolv::ResolvError)
+    allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
+    allow_any_instance_of(Resolv).to receive(:getname).with("127.0.0.1").and_return("localhost")
+    allow_any_instance_of(Resolv).to receive(:getname).with("128.0.0.1").and_raise(Resolv::ResolvError)
+    allow_any_instance_of(Resolv).to receive(:getname).with("199.192.228.250").and_return("carrera.databits.net")
+  end
+
+  describe "dns reverse lookup, replace (on a field)" do
+    config <<-CONFIG
+      filter {
+        dns {
+          reverse => "foo"
+          action => "replace"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "199.192.228.250") do
+      insist { subject["foo"] } == "carrera.databits.net"
+    end
+  end
+
+  describe "dns reverse lookup, append" do
+    config <<-CONFIG
+      filter {
+        dns {
+          reverse => "foo"
+          action => "append"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "199.192.228.250") do
+      insist { subject["foo"][0] } == "199.192.228.250"
+      insist { subject["foo"][1] } == "carrera.databits.net"
+    end
+  end
+
+  describe "dns reverse lookup, not an IP" do
+    config <<-CONFIG
+      filter {
+        dns {
+          reverse => "foo"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "not.an.ip") do
+      insist { subject["foo"] } == "not.an.ip"
+    end
+  end
+
+  describe "dns resolve lookup, replace" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => ["host"]
+          action => "replace"
+          add_tag => ["success"]
+        }
+      }
+    CONFIG
+
+    sample("host" => "carrera.databits.net") do
+      insist { subject["host"] } == "199.192.228.250"
+      insist { subject["tags"] } == ["success"]
+    end
+  end
+
+  describe "dns fail resolve lookup, don't add tag" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => ["host1", "host2"]
+          action => "replace"
+          add_tag => ["success"]
+        }
+      }
+    CONFIG
+
+    sample("host1" => "carrera.databits.net", "host2" => "nonexistanthostname###.net") do
+      insist { subject["tags"] }.nil?
+      insist { subject["host1"] } == "carrera.databits.net"
+      insist { subject["host2"] } == "nonexistanthostname###.net"
+    end
+  end
+
+  describe "dns resolves lookups, adds tag" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => ["host1", "host2"]
+          action => "replace"
+          add_tag => ["success"]
+        }
+      }
+    CONFIG
+
+    sample("host1" => "carrera.databits.net", "host2" => "carrera.databits.net") do
+      insist { subject["tags"] } == ["success"]
+    end
+  end
+
+  describe "dns resolves and reverses, fails last, no tag" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => ["host1"]
+          reverse => ["ip1", "ip2"]
+          action => "replace"
+          add_tag => ["success"]
+        }
+      }
+    CONFIG
+
+    sample("host1" => "carrera.databits.net",
+           "ip1" => "127.0.0.1",
+           "ip2" => "128.0.0.1") do
+      insist { subject["tags"] }.nil?
+      insist { subject["host1"] } == "carrera.databits.net"
+      insist { subject["ip1"] } == "127.0.0.1"
+      insist { subject["ip2"] } == "128.0.0.1"
+    end
+  end
+
+  describe "dns resolve lookup, replace (on a field)" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => "foo"
+          action => "replace"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "carrera.databits.net") do
+      insist { subject["foo"] } == "199.192.228.250"
+    end
+  end
+
+  describe "dns resolve lookup, skip multi-value" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => "foo"
+          action => "replace"
+        }
+      }
+    CONFIG
+
+    sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
+      insist { subject["foo"] } == ["carrera.databits.net", "foo.databits.net"]
+    end
+  end
+
+  describe "dns resolve lookup, append" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => "foo"
+          action => "append"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "carrera.databits.net") do
+      insist { subject["foo"][0] } == "carrera.databits.net"
+      insist { subject["foo"][1] } == "199.192.228.250"
+    end
+  end
+
+  describe "dns resolve lookup, append with multi-value does nothing" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve => "foo"
+          action => "append"
+        }
+      }
+    CONFIG
+
+    sample("foo" => ["carrera.databits.net", "foo.databits.net"]) do
+      insist { subject["foo"] } == ["carrera.databits.net", "foo.databits.net"]
+    end
+  end
+
+  describe "dns resolve lookup, not a valid hostname" do
+    config <<-CONFIG
+      filter {
+        dns {
+          resolve=> "foo"
+        }
+      }
+    CONFIG
+
+    sample("foo" => "does.not.exist") do
+      insist { subject["foo"] } == "does.not.exist"
+    end
+  end
+end

metadata

@@ -0,0 +1,78 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-dns
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Elasticsearch
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-06 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 2.0.0
+description: The DNS filter performs a lookup (either an A record/CNAME record lookup
+  or a reverse lookup at the PTR record) on records specified under the 'reverse'
+  and 'resolve' arrays.
+email: richard.pijnenburg@elasticsearch.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- 1795.patch
+- Gemfile
+- LICENSE
+- Rakefile
+- lib/logstash/filters/dns.rb
+- logstash-filter-dns.gemspec
+- rakelib/publish.rake
+- rakelib/vendor.rake
+- spec/filters/dns_spec.rb
+homepage: http://logstash.net/
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  group: filter
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.1
+signing_key: 
+specification_version: 4
+summary: This filter will resolve any IP addresses from a field of your choosing.
+test_files:
+- spec/filters/dns_spec.rb