logstash-filter-elastic_integration 0.0.2-java → 0.1.0-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/logstash/filters/elastic_integration/geoip_database_provider_bridge.rb +90 -0
- data/lib/logstash/filters/elastic_integration/jar_dependencies.rb +1 -1
- data/lib/logstash/filters/elastic_integration.rb +21 -9
- data/vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/{0.0.2/logstash-filter-elastic_integration-0.0.2.jar → 0.1.0/logstash-filter-elastic_integration-0.1.0.jar} +0 -0
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 844b5987e2e5e28d7e560c80eeec166c3d07651a6b4d167dc449e9639beda926
|
|
4
|
+
data.tar.gz: 6f85d9b9cabda183c6a365f3030876c21990161dbe64e1e82e8d349dccea4b17
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a0e711a5d52416b93fbf88b0658657722b5a63d3be91f1a76125123ff614826705aa9a065f014a2a00489729c15b8ec1a9d654d3ab74235f53e2e4d66aec2225
|
|
7
|
+
data.tar.gz: 0af45a4b9be67629091d3a45d6dd7f8c666cc403ff0e1dee8aa1244a5b27cfc843340b0a61a817181f14b14982786a0b298014936b05fbb3c53aa611e0165fe2
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0
|
|
1
|
+
0.1.0
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
# encoding: utf-8
|
|
2
|
+
|
|
3
|
+
########################################################################
|
|
4
|
+
# Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V.
|
|
5
|
+
# under one or more contributor license agreements. Licensed under the
|
|
6
|
+
# Elastic License 2.0; you may not use this file except in compliance
|
|
7
|
+
# with the Elastic License 2.0.
|
|
8
|
+
########################################################################
|
|
9
|
+
|
|
10
|
+
require_relative "jar_dependencies"
|
|
11
|
+
|
|
12
|
+
##
|
|
13
|
+
# This module encapsulates methods and classes for bridging the gap between the
|
|
14
|
+
# Ruby-API [LogStash::GeoipDatabaseManager] and this plugin's native-Java
|
|
15
|
+
# GeoipDatabaseProvider.
|
|
16
|
+
module LogStash::Filters::ElasticIntegration::GeoipDatabaseProviderBridge
|
|
17
|
+
|
|
18
|
+
GUIDANCE = "integrations that rely on the Geoip Processor will be unable to enrich events with geo data "\
|
|
19
|
+
"unless you either provide your own databases with `geoip_database_directory` or run this pipeline "\
|
|
20
|
+
"in a Logstash with Geoip Database Management enabled."
|
|
21
|
+
|
|
22
|
+
def initialize_geoip_database_provider!
|
|
23
|
+
java_import('co.elastic.logstash.filters.elasticintegration.geoip.GeoIpDatabaseProvider')
|
|
24
|
+
@geoip_database_provider ||= GeoIpDatabaseProvider::Builder.new.tap do |builder|
|
|
25
|
+
if geoip_database_directory
|
|
26
|
+
logger.debug("discovering geoip databases from #{geoip_database_directory}")
|
|
27
|
+
builder.discoverDatabases(java.io.File.new(geoip_database_directory))
|
|
28
|
+
else
|
|
29
|
+
geoip_database_manager = load_geoip_database_manager!
|
|
30
|
+
if :UNAVAILABLE == geoip_database_manager
|
|
31
|
+
logger.warn("Geoip Database Management is not available in the running version of Logstash; #{GUIDANCE}")
|
|
32
|
+
elsif geoip_database_manager.enabled?
|
|
33
|
+
logger.info "by not manually configuring self-managed databases with `geoip_database_directory => ...` "\
|
|
34
|
+
"you accept and agree to the MaxMind EULA, which allows Elastic Integrations to use Logstash's Geoip Database Management service. "\
|
|
35
|
+
"For more details please visit https://www.maxmind.com/en/geolite2/eula"
|
|
36
|
+
|
|
37
|
+
geoip_database_manager.supported_database_types.each do |type|
|
|
38
|
+
logger.debug("subscribing to managed geoip database #{type}")
|
|
39
|
+
builder.setDatabaseHolder("GeoLite2-#{type}.mmdb", ObservingDatabaseHolder.new(type, eula_manager: geoip_database_manager, logger: logger))
|
|
40
|
+
end
|
|
41
|
+
elsif geoip_database_directory.nil?
|
|
42
|
+
logger.warn("Geoip Database Management is disabled; #{GUIDANCE}")
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
end.build
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def load_geoip_database_manager!
|
|
49
|
+
require 'geoip_database_management/manager'
|
|
50
|
+
|
|
51
|
+
LogStash::GeoipDatabaseManagement::Manager.instance
|
|
52
|
+
rescue LoadError
|
|
53
|
+
:UNAVAILABLE
|
|
54
|
+
end
|
|
55
|
+
|
|
56
|
+
java_import('co.elastic.logstash.filters.elasticintegration.geoip.ManagedGeoipDatabaseHolder')
|
|
57
|
+
class ObservingDatabaseHolder < ManagedGeoipDatabaseHolder
|
|
58
|
+
def initialize(simple_database_type, eula_manager:, logger: nil)
|
|
59
|
+
super("GeoLite2-#{simple_database_type}")
|
|
60
|
+
|
|
61
|
+
@simple_database_type = simple_database_type
|
|
62
|
+
@logger = logger
|
|
63
|
+
|
|
64
|
+
@subscription = eula_manager.subscribe_database_path(simple_database_type)
|
|
65
|
+
@subscription.observe(self)
|
|
66
|
+
end
|
|
67
|
+
|
|
68
|
+
def construct(db_info)
|
|
69
|
+
@logger&.debug("CONSTRUCT[#{@simple_database_type} => #{db_info}]")
|
|
70
|
+
self.setDatabasePath(db_info.path)
|
|
71
|
+
end
|
|
72
|
+
|
|
73
|
+
def on_update(db_info)
|
|
74
|
+
@logger&.debug("ON_UPDATE[#{@simple_database_type} => #{db_info}]")
|
|
75
|
+
self.setDatabasePath(db_info.path)
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
def on_expire()
|
|
79
|
+
@logger&.debug("ON_EXPIRE[#{@simple_database_type}]")
|
|
80
|
+
self.setDatabasePath(nil)
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
def close
|
|
84
|
+
super
|
|
85
|
+
ensure
|
|
86
|
+
@subscription&.release!
|
|
87
|
+
end
|
|
88
|
+
|
|
89
|
+
end
|
|
90
|
+
end
|
|
@@ -8,4 +8,4 @@
|
|
|
8
8
|
########################################################################
|
|
9
9
|
|
|
10
10
|
require 'jar_dependencies'
|
|
11
|
-
require_jar('co.elastic.logstash.plugins.filter.elasticintegration', 'logstash-filter-elastic_integration', '0.0
|
|
11
|
+
require_jar('co.elastic.logstash.plugins.filter.elasticintegration', 'logstash-filter-elastic_integration', '0.1.0')
|
|
@@ -18,6 +18,7 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
|
|
|
18
18
|
ELASTICSEARCH_DEFAULT_PATH = '/'.freeze
|
|
19
19
|
HTTP_PROTOCOL = "http".freeze
|
|
20
20
|
HTTPS_PROTOCOL = "https".freeze
|
|
21
|
+
ELASTIC_API_VERSION = "2023-10-31".freeze
|
|
21
22
|
|
|
22
23
|
# Sets the host(s) of the remote instance. If given an array it will load balance
|
|
23
24
|
# requests across the hosts specified in the `hosts` parameter. Hosts can be any of
|
|
@@ -105,8 +106,10 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
|
|
|
105
106
|
|
|
106
107
|
require_relative "elastic_integration/jar_dependencies"
|
|
107
108
|
require_relative "elastic_integration/event_api_bridge"
|
|
109
|
+
require_relative "elastic_integration/geoip_database_provider_bridge"
|
|
108
110
|
|
|
109
111
|
extend EventApiBridge
|
|
112
|
+
extend GeoipDatabaseProviderBridge
|
|
110
113
|
|
|
111
114
|
super
|
|
112
115
|
|
|
@@ -335,10 +338,21 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
|
|
|
335
338
|
|
|
336
339
|
def initialize_elasticsearch_rest_client!
|
|
337
340
|
java_import('co.elastic.logstash.filters.elasticintegration.ElasticsearchRestClientBuilder')
|
|
341
|
+
java_import('co.elastic.logstash.filters.elasticintegration.PreflightCheck')
|
|
338
342
|
|
|
339
|
-
|
|
343
|
+
config = extract_immutable_config
|
|
344
|
+
@elasticsearch_rest_client = ElasticsearchRestClientBuilder.fromPluginConfiguration(config)
|
|
340
345
|
.map(&:build)
|
|
341
346
|
.orElseThrow() # todo: ruby/java bridge better exception
|
|
347
|
+
|
|
348
|
+
if serverless?
|
|
349
|
+
@elasticsearch_rest_client = ElasticsearchRestClientBuilder.fromPluginConfiguration(config)
|
|
350
|
+
.map do |builder|
|
|
351
|
+
builder.configureElasticApi { |elasticApi| elasticApi.setApiVersion(ELASTIC_API_VERSION) }
|
|
352
|
+
end
|
|
353
|
+
.map(&:build)
|
|
354
|
+
.orElseThrow()
|
|
355
|
+
end
|
|
342
356
|
end
|
|
343
357
|
|
|
344
358
|
def initialize_event_processor!
|
|
@@ -353,14 +367,6 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
|
|
|
353
367
|
raise_config_error!("configuration did not produce an EventProcessor: #{exception}")
|
|
354
368
|
end
|
|
355
369
|
|
|
356
|
-
def initialize_geoip_database_provider!
|
|
357
|
-
java_import('co.elastic.logstash.filters.elasticintegration.geoip.GeoIpDatabaseProvider')
|
|
358
|
-
|
|
359
|
-
@geoip_database_provider ||= GeoIpDatabaseProvider::Builder.new.tap do |builder|
|
|
360
|
-
builder.setDatabases(java.io.File.new(@geoip_database_directory)) if @geoip_database_directory
|
|
361
|
-
end.build
|
|
362
|
-
end
|
|
363
|
-
|
|
364
370
|
def perform_preflight_check!
|
|
365
371
|
java_import('co.elastic.logstash.filters.elasticintegration.PreflightCheck')
|
|
366
372
|
|
|
@@ -397,6 +403,12 @@ class LogStash::Filters::ElasticIntegration < LogStash::Filters::Base
|
|
|
397
403
|
raise_config_error!(e.message)
|
|
398
404
|
end
|
|
399
405
|
|
|
406
|
+
def serverless?
|
|
407
|
+
PreflightCheck.new(@elasticsearch_rest_client).isServerless
|
|
408
|
+
rescue => e
|
|
409
|
+
raise_config_error!(e.message)
|
|
410
|
+
end
|
|
411
|
+
|
|
400
412
|
##
|
|
401
413
|
# single-use helper to ensure the running Logstash is a _complete_ distro that has
|
|
402
414
|
# non-OSS features active. Runtime detection mechanism relies on LogStash::OSS,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elastic_integration
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0
|
|
4
|
+
version: 0.1.0
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-12-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -71,9 +71,10 @@ files:
|
|
|
71
71
|
- VERSION
|
|
72
72
|
- lib/logstash/filters/elastic_integration.rb
|
|
73
73
|
- lib/logstash/filters/elastic_integration/event_api_bridge.rb
|
|
74
|
+
- lib/logstash/filters/elastic_integration/geoip_database_provider_bridge.rb
|
|
74
75
|
- lib/logstash/filters/elastic_integration/jar_dependencies.rb
|
|
75
76
|
- logstash-filter-elastic_integration.gemspec
|
|
76
|
-
- vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/0.0
|
|
77
|
+
- vendor/jar-dependencies/co/elastic/logstash/plugins/filter/elasticintegration/logstash-filter-elastic_integration/0.1.0/logstash-filter-elastic_integration-0.1.0.jar
|
|
77
78
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
78
79
|
licenses:
|
|
79
80
|
- ELv2
|
|
@@ -100,7 +101,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
100
101
|
- !ruby/object:Gem::Version
|
|
101
102
|
version: '0'
|
|
102
103
|
requirements: []
|
|
103
|
-
rubygems_version: 3.2.
|
|
104
|
+
rubygems_version: 3.2.33
|
|
104
105
|
signing_key:
|
|
105
106
|
specification_version: 4
|
|
106
107
|
summary: Processes Elastic Integrations
|