logstash-filter-elasticsearch 0.1.0 → 0.1.1

checksums.yaml

@@ -1,15 +1,7 @@
 ---
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    YWFiNDI0NzAxYzY1MGI0NWQxZDU2M2E2MjI3NjgyMDY0ZGQwZDk3Zg==
-  data.tar.gz: !binary |-
-    MGViMTAzMWFhOWQxNTFjYTU1NmIyNmNiYjg3OTI1MmZhYTkxOTM3Ng==
+SHA1:
+  metadata.gz: 6664ba05aa755a5dea1988f48742fb24d932a85f
+  data.tar.gz: 98734a64d6560a7c4876ec5300cf8f71d385b343
 SHA512:
-  metadata.gz: !binary |-
-    ZmZmODQxNTk5MzM3ZjE2ZTgxZjExMTI3NDQwODRmODlkZGFjZmYxMTFkNGQy
-    NzMwYzU5YmQ2ZWIzMTFkM2VjMzg5MDA0OGQyM2UwZDIwOGUwYTNjZDI4ZTZl
-    MThiNTI3MTg3Yzc3ZDYyZTc0MTRlNGViODgyZTkwYjY0NGQyM2E=
-  data.tar.gz: !binary |-
-    NzEzMjMxZWI5MjdhZDBiNTVhZGI1OGI0MTcyNjRkNzBiOGQyMTc5MWVjMzZj
-    ZTI1NTc0OGRiNDg2YTExMjBlZjg5MTY2ZjEyNjA0YTA2ZTBkY2I5N2ZkZmNj
-    MzdlNGNlMDNjMzA5MTVhODE1OGI5ODc3N2E4ODMzNjllYmI3ZjQ=
+  metadata.gz: 2b8306ad27c719ca7f0ba467ccad95bf73efe22f48624e4debfc47b6fc17cb46755f267be5ac6dfe05e61bdeddd11663ed4421a7b6a3247dcab519035790dd9f
+  data.tar.gz: 2b23544f61c59b9f952e979d656c067704367be33e29b628c909c7dbb906f8615f75da7b2cc824c0e71562456c093f6fc541055bd74be233371db0c5aab8cc2a

data/Gemfile

@@ -1,3 +1,3 @@
-source 'http://rubygems.org'
-gem 'rake'
-gem 'gem_publisher'
+source 'https://rubygems.org'
+gemspec
+gem "logstash", :github => "elasticsearch/logstash", :branch => "1.5"

data/Rakefile

@@ -4,3 +4,4 @@ task :default do
   system("rake -T")
 end
 
+require "logstash/devutils/rake"

data/lib/logstash/filters/elasticsearch.rb

@@ -1,16 +1,17 @@
 require "logstash/filters/base"
 require "logstash/namespace"
 require "logstash/util/fieldreference"
+require "base64"
 
 
 # Search elasticsearch for a previous log event and copy some fields from it
 # into the current event.  Below is a complete example of how this filter might
 # be used.  Whenever logstash receives an "end" event, it uses this elasticsearch
 # filter to find the matching "start" event based on some operation identifier.
-# Then it copies the @timestamp field from the "start" event into a new field on
+# Then it copies the `@timestamp` field from the "start" event into a new field on
 # the "end" event.  Finally, using a combination of the "date" filter and the
 # "ruby" filter, we calculate the time duration in hours between the two events.
-#
+# [source,ruby]
 #       if [type] == "end" {
 #          elasticsearch {
 #             hosts => ["es-server"]
@@ -38,18 +39,48 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
   # Elasticsearch query string
   config :query, :validate => :string
 
-  # Comma-delimited list of <field>:<direction> pairs that define the sort order
+  # Comma-delimited list of `<field>:<direction>` pairs that define the sort order
   config :sort, :validate => :string, :default => "@timestamp:desc"
 
   # Hash of fields to copy from old event (found via elasticsearch) into new event
   config :fields, :validate => :hash, :default => {}
 
+  # Basic Auth - username
+  config :user, :validate => :string
+
+  # Basic Auth - password
+  config :password, :validate => :password
+
+  # SSL
+  config :ssl, :validate => :boolean, :default => false
+
+  # SSL Certificate Authority file
+  config :ca_file, :validate => :path
+
+
   public
   def register
     require "elasticsearch"
 
-    @logger.info("New ElasticSearch filter", :hosts => @hosts)
-    @client = Elasticsearch::Client.new hosts: @hosts
+    transport_options = {}
+
+    if @user && @password
+      token = Base64.strict_encode64("#{@user}:#{@password.value}")
+      transport_options[:headers] = { Authorization: "Basic #{token}" }
+    end
+
+    hosts = if @ssl then
+      @hosts.map {|h| { host: h, scheme: 'https' } }
+    else
+      @hosts
+    end
+
+    if @ssl && @ca_file
+      transport_options[:ssl] = { ca_file: @ca_file }
+    end
+
+    @logger.info("New ElasticSearch filter", :hosts => hosts)
+    @client = Elasticsearch::Client.new hosts: hosts, transport_options: transport_options
   end # def register
 
   public

data/logstash-filter-elasticsearch.gemspec

@@ -1,13 +1,13 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-elasticsearch'
-  s.version         = '0.1.0'
+  s.version         = '0.1.1'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Search elasticsearch for a previous log event and copy some fields from it into the current event"
-  s.description     = "Search elasticsearch for a previous log event and copy some fields from it into the current event."
+  s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
   s.authors         = ["Elasticsearch"]
-  s.email           = 'richard.pijnenburg@elasticsearch.com'
-  s.homepage        = "http://logstash.net/"
+  s.email           = 'info@elasticsearch.com'
+  s.homepage        = "http://www.elasticsearch.org/guide/en/logstash/current/index.html"
   s.require_paths = ["lib"]
 
   # Files
@@ -17,11 +17,12 @@ Gem::Specification.new do |s|
   s.test_files = s.files.grep(%r{^(test|spec|features)/})
 
   # Special flag to let us know this is actually a logstash plugin
-  s.metadata = { "logstash_plugin" => "true", "group" => "filter" }
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
 
   # Gem dependencies
   s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
   s.add_runtime_dependency 'elasticsearch'
 
+  s.add_development_dependency 'logstash-devutils'
 end
 

data/spec/filters/elasticsearch_spec.rb

@@ -1 +1 @@
-require 'spec_helper'
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -1,52 +1,65 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-elasticsearch
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Elasticsearch
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2014-11-05 00:00:00.000000000 Z
+date: 2014-11-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logstash
-  requirement: !ruby/object:Gem::Requirement
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.4.0
     - - <
       - !ruby/object:Gem::Version
         version: 2.0.0
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: 1.4.0
     - - <
       - !ruby/object:Gem::Version
         version: 2.0.0
+  prerelease: false
+  type: :runtime
 - !ruby/object:Gem::Dependency
   name: elasticsearch
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
   prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-description: Search elasticsearch for a previous log event and copy some fields from
-  it into the current event.
-email: richard.pijnenburg@elasticsearch.com
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  type: :development
+description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
+email: info@elasticsearch.com
 executables: []
 extensions: []
 extra_rdoc_files: []
@@ -57,35 +70,32 @@ files:
 - Rakefile
 - lib/logstash/filters/elasticsearch.rb
 - logstash-filter-elasticsearch.gemspec
-- rakelib/publish.rake
-- rakelib/vendor.rake
 - spec/filters/elasticsearch_spec.rb
-homepage: http://logstash.net/
+homepage: http://www.elasticsearch.org/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
 metadata:
   logstash_plugin: 'true'
-  group: filter
-post_install_message: 
+  logstash_group: filter
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.1
-signing_key: 
+rubyforge_project:
+rubygems_version: 2.4.4
+signing_key:
 specification_version: 4
-summary: Search elasticsearch for a previous log event and copy some fields from it
-  into the current event
+summary: Search elasticsearch for a previous log event and copy some fields from it into the current event
 test_files:
 - spec/filters/elasticsearch_spec.rb

data/rakelib/publish.rake

@@ -1,9 +0,0 @@
-require "gem_publisher"
-
-desc "Publish gem to RubyGems.org"
-task :publish_gem do |t|
-  gem_file = Dir.glob(File.expand_path('../*.gemspec',File.dirname(__FILE__))).first
-  gem = GemPublisher.publish_if_updated(gem_file, :rubygems)
-  puts "Published #{gem}" if gem
-end
-

data/rakelib/vendor.rake

@@ -1,169 +0,0 @@
-require "net/http"
-require "uri"
-require "digest/sha1"
-
-def vendor(*args)
-  return File.join("vendor", *args)
-end
-
-directory "vendor/" => ["vendor"] do |task, args|
-  mkdir task.name
-end
-
-def fetch(url, sha1, output)
-
-  puts "Downloading #{url}"
-  actual_sha1 = download(url, output)
-
-  if actual_sha1 != sha1
-    fail "SHA1 does not match (expected '#{sha1}' but got '#{actual_sha1}')"
-  end
-end # def fetch
-
-def file_fetch(url, sha1)
-  filename = File.basename( URI(url).path )
-  output = "vendor/#{filename}"
-  task output => [ "vendor/" ] do
-    begin
-      actual_sha1 = file_sha1(output)
-      if actual_sha1 != sha1
-        fetch(url, sha1, output)
-      end
-    rescue Errno::ENOENT
-      fetch(url, sha1, output)
-    end
-  end.invoke
-
-  return output
-end
-
-def file_sha1(path)
-  digest = Digest::SHA1.new
-  fd = File.new(path, "r")
-  while true
-    begin
-      digest << fd.sysread(16384)
-    rescue EOFError
-      break
-    end
-  end
-  return digest.hexdigest
-ensure
-  fd.close if fd
-end
-
-def download(url, output)
-  uri = URI(url)
-  digest = Digest::SHA1.new
-  tmp = "#{output}.tmp"
-  Net::HTTP.start(uri.host, uri.port, :use_ssl => (uri.scheme == "https")) do |http|
-    request = Net::HTTP::Get.new(uri.path)
-    http.request(request) do |response|
-      fail "HTTP fetch failed for #{url}. #{response}" if [200, 301].include?(response.code)
-      size = (response["content-length"].to_i || -1).to_f
-      count = 0
-      File.open(tmp, "w") do |fd|
-        response.read_body do |chunk|
-          fd.write(chunk)
-          digest << chunk
-          if size > 0 && $stdout.tty?
-            count += chunk.bytesize
-            $stdout.write(sprintf("\r%0.2f%%", count/size * 100))
-          end
-        end
-      end
-      $stdout.write("\r      \r") if $stdout.tty?
-    end
-  end
-
-  File.rename(tmp, output)
-
-  return digest.hexdigest
-rescue SocketError => e
-  puts "Failure while downloading #{url}: #{e}"
-  raise
-ensure
-  File.unlink(tmp) if File.exist?(tmp)
-end # def download
-
-def untar(tarball, &block)
-  require "archive/tar/minitar"
-  tgz = Zlib::GzipReader.new(File.open(tarball))
-  # Pull out typesdb
-  tar = Archive::Tar::Minitar::Input.open(tgz)
-  tar.each do |entry|
-    path = block.call(entry)
-    next if path.nil?
-    parent = File.dirname(path)
-    
-    mkdir_p parent unless File.directory?(parent)
-
-    # Skip this file if the output file is the same size
-    if entry.directory?
-      mkdir path unless File.directory?(path)
-    else
-      entry_mode = entry.instance_eval { @mode } & 0777
-      if File.exists?(path)
-        stat = File.stat(path)
-        # TODO(sissel): Submit a patch to archive-tar-minitar upstream to
-        # expose headers in the entry.
-        entry_size = entry.instance_eval { @size }
-        # If file sizes are same, skip writing.
-        next if stat.size == entry_size && (stat.mode & 0777) == entry_mode
-      end
-      puts "Extracting #{entry.full_name} from #{tarball} #{entry_mode.to_s(8)}"
-      File.open(path, "w") do |fd|
-        # eof? check lets us skip empty files. Necessary because the API provided by
-        # Archive::Tar::Minitar::Reader::EntryStream only mostly acts like an
-        # IO object. Something about empty files in this EntryStream causes
-        # IO.copy_stream to throw "can't convert nil into String" on JRuby
-        # TODO(sissel): File a bug about this.
-        while !entry.eof?
-          chunk = entry.read(16384)
-          fd.write(chunk)
-        end
-          #IO.copy_stream(entry, fd)
-      end
-      File.chmod(entry_mode, path)
-    end
-  end
-  tar.close
-  File.unlink(tarball) if File.file?(tarball)
-end # def untar
-
-def ungz(file)
-
-  outpath = file.gsub('.gz', '')
-  tgz = Zlib::GzipReader.new(File.open(file))
-  begin
-    File.open(outpath, "w") do |out|
-      IO::copy_stream(tgz, out)
-    end
-    File.unlink(file)
-  rescue
-    File.unlink(outpath) if File.file?(outpath)
-   raise
-  end
-  tgz.close
-end
-
-desc "Process any vendor files required for this plugin"
-task "vendor" do |task, args|
-
-  @files.each do |file| 
-    download = file_fetch(file['url'], file['sha1'])
-    if download =~ /.tar.gz/
-      prefix = download.gsub('.tar.gz', '').gsub('vendor/', '')
-      untar(download) do |entry|
-        if !file['files'].nil?
-          next unless file['files'].include?(entry.full_name.gsub(prefix, ''))
-          out = entry.full_name.split("/").last
-        end
-        File.join('vendor', out)
-      end
-    elsif download =~ /.gz/
-      ungz(download)
-    end
-  end
-
-end