logstash-filter-elasticsearch 2.1.1 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -3
- data/lib/logstash/filters/elasticsearch.rb +6 -5
- data/lib/logstash/filters/elasticsearch/client.rb +1 -1
- data/logstash-filter-elasticsearch.gemspec +2 -2
- data/spec/filters/elasticsearch_spec.rb +2 -24
- data/spec/filters/integration/elasticsearch_spec.rb +2 -2
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c49921dd793aef36a733aea0ed8a5779b18436b1
|
|
4
|
+
data.tar.gz: 87a9620d7ab1ecb01ae9beb754e6792b4a98b79d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c5a2a6405f93d584e3f72130eebd95ce722ea6a2921fa0042893b25b49998013bd38767b1b9c1e3ad611ba75571a70ce2385a18cdee85b73a5e02835f4fb1cf5
|
|
7
|
+
data.tar.gz: 8cdd41e4935039db5f7efaf6885f87556d0be62a882b4ad3839c426010d40b6a8e205113495464e7d3049ba62ac3d1c1ac6c891d9db4c3cbb2264b3d7c75456d
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,5 @@
|
|
|
1
|
-
##
|
|
2
|
-
-
|
|
3
|
-
it's passed to search so it's performed not to all indices if this is not the explicit intention.
|
|
1
|
+
## 3.0.0
|
|
2
|
+
- Breaking: Updated plugin to use new Java Event APIs
|
|
4
3
|
## 2.1.0
|
|
5
4
|
- Improved the configuration options to be more easy to understand and
|
|
6
5
|
match what the expectations are from the documentation.
|
|
@@ -74,7 +74,8 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
74
74
|
:ssl => @ssl,
|
|
75
75
|
:hosts => @hosts,
|
|
76
76
|
:ca_file => @ca_file,
|
|
77
|
-
:logger => @logger
|
|
77
|
+
:logger => @logger,
|
|
78
|
+
:index => @index
|
|
78
79
|
}
|
|
79
80
|
@client = LogStash::Filters::ElasticsearchClient.new(@user, @password, options)
|
|
80
81
|
end # def register
|
|
@@ -83,7 +84,7 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
83
84
|
begin
|
|
84
85
|
query_str = event.sprintf(@query)
|
|
85
86
|
|
|
86
|
-
params = { :q => query_str, :size => result_size
|
|
87
|
+
params = { :q => query_str, :size => result_size }
|
|
87
88
|
params[:sort] = @sort if @enable_sort
|
|
88
89
|
results = @client.search(params)
|
|
89
90
|
|
|
@@ -93,13 +94,13 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
93
94
|
results["hits"]["hits"].to_a.each do |doc|
|
|
94
95
|
set << doc["_source"][old_key]
|
|
95
96
|
end
|
|
96
|
-
event
|
|
97
|
+
event.set(new_key, set.count > 1 ? set : set.first)
|
|
97
98
|
end
|
|
98
99
|
end
|
|
99
100
|
rescue => e
|
|
100
|
-
@logger.warn("Failed to query elasticsearch for previous event", :index
|
|
101
|
+
@logger.warn("Failed to query elasticsearch for previous event", :index, @index, :query => query_str, :event => event, :error => e)
|
|
101
102
|
@tag_on_failure.each{|tag| event.tag(tag)}
|
|
102
103
|
end
|
|
103
104
|
filter_matched(event)
|
|
104
105
|
end # def filter
|
|
105
|
-
end #
|
|
106
|
+
end #class LogStash::Filters::Elasticsearch
|
|
@@ -23,7 +23,7 @@ module LogStash
|
|
|
23
23
|
transport_options[:ssl] = { ca_file: options[:ca_file] } if ssl && options[:ca_file]
|
|
24
24
|
|
|
25
25
|
@logger.info("New ElasticSearch filter", :hosts => hosts)
|
|
26
|
-
@client = ::Elasticsearch::Client.new(hosts: hosts, transport_options: transport_options)
|
|
26
|
+
@client = ::Elasticsearch::Client.new(index: options[:index], hosts: hosts, transport_options: transport_options)
|
|
27
27
|
end
|
|
28
28
|
|
|
29
29
|
def search(params)
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-elasticsearch'
|
|
4
|
-
s.version = '
|
|
4
|
+
s.version = '3.0.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Search elasticsearch for a previous log event and copy some fields from it into the current event"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -20,7 +20,7 @@ Gem::Specification.new do |s|
|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
|
|
21
21
|
|
|
22
22
|
# Gem dependencies
|
|
23
|
-
s.add_runtime_dependency "logstash-core-plugin-api", "~>
|
|
23
|
+
s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
|
|
24
24
|
s.add_runtime_dependency 'elasticsearch'
|
|
25
25
|
|
|
26
26
|
s.add_development_dependency 'logstash-devutils'
|
|
@@ -40,29 +40,7 @@ describe LogStash::Filters::Elasticsearch do
|
|
|
40
40
|
|
|
41
41
|
it "should enhance the current event with new data" do
|
|
42
42
|
plugin.filter(event)
|
|
43
|
-
expect(event
|
|
44
|
-
end
|
|
45
|
-
|
|
46
|
-
it "should receive all necessary params to perform the search" do
|
|
47
|
-
expect(client).to receive(:search).with({:q=>"response: 404", :size=>1, :index=>"", :sort=>"@timestamp:desc"})
|
|
48
|
-
plugin.filter(event)
|
|
49
|
-
end
|
|
50
|
-
|
|
51
|
-
context "when asking to hit specific index" do
|
|
52
|
-
|
|
53
|
-
let(:config) do
|
|
54
|
-
{
|
|
55
|
-
"index" => "foo*",
|
|
56
|
-
"hosts" => ["localhost:9200"],
|
|
57
|
-
"query" => "response: 404",
|
|
58
|
-
"fields" => [ ["response", "code"] ],
|
|
59
|
-
}
|
|
60
|
-
end
|
|
61
|
-
|
|
62
|
-
it "should receive all necessary params to perform the search" do
|
|
63
|
-
expect(client).to receive(:search).with({:q=>"response: 404", :size=>1, :index=>"foo*", :sort=>"@timestamp:desc"})
|
|
64
|
-
plugin.filter(event)
|
|
65
|
-
end
|
|
43
|
+
expect(event.get("code")).to eq(404)
|
|
66
44
|
end
|
|
67
45
|
|
|
68
46
|
context "when asking for more than one result" do
|
|
@@ -82,7 +60,7 @@ describe LogStash::Filters::Elasticsearch do
|
|
|
82
60
|
|
|
83
61
|
it "should enhance the current event with new data" do
|
|
84
62
|
plugin.filter(event)
|
|
85
|
-
expect(event
|
|
63
|
+
expect(event.get("code")).to eq([404]*10)
|
|
86
64
|
end
|
|
87
65
|
end
|
|
88
66
|
|
|
@@ -21,7 +21,7 @@ describe LogStash::Filters::Elasticsearch, :integration => true do
|
|
|
21
21
|
|
|
22
22
|
it "should enhance the current event with new data" do
|
|
23
23
|
plugin.filter(event)
|
|
24
|
-
expect(event
|
|
24
|
+
expect(event.get("code")).to eq(404)
|
|
25
25
|
end
|
|
26
26
|
|
|
27
27
|
context "when retrieving a list of elements" do
|
|
@@ -37,7 +37,7 @@ describe LogStash::Filters::Elasticsearch, :integration => true do
|
|
|
37
37
|
|
|
38
38
|
it "should enhance the current event with new data" do
|
|
39
39
|
plugin.filter(event)
|
|
40
|
-
expect(event
|
|
40
|
+
expect(event.get("code")).to eq([404]*10)
|
|
41
41
|
end
|
|
42
42
|
|
|
43
43
|
end
|
metadata
CHANGED
|
@@ -1,21 +1,21 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version:
|
|
4
|
+
version: 3.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
15
15
|
requirements:
|
|
16
16
|
- - "~>"
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: '
|
|
18
|
+
version: '2.0'
|
|
19
19
|
name: logstash-core-plugin-api
|
|
20
20
|
prerelease: false
|
|
21
21
|
type: :runtime
|
|
@@ -23,7 +23,7 @@ dependencies:
|
|
|
23
23
|
requirements:
|
|
24
24
|
- - "~>"
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: '
|
|
26
|
+
version: '2.0'
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|