logstash-filter-elasticsearch 3.5.0 → 3.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: d8d5c99d58129ffad85468e4bab7c64f184a0bdc2aa8b8a11c8f52353c8e4876
|
|
4
|
+
data.tar.gz: 30b1a189484e118138d6f7607be7319e035696464e8682b59122f830063b0c8d
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 6ef80c1576cf3d84f3da23bc23ecf7931812675d3566d46a074f6c8901dc182a34a67da8c17f7a6beafd33407c81d4a392c8d604b54abbaad3e542dd2260b987
|
|
7
|
+
data.tar.gz: 7b754511d4a252de292646d67929b067d4fc44d7eabad53fb300098320592292fc0afac1d200737e6203fe7bd7422a9a1ea7b43e028d1d194879adb7a39788fb
|
data/CHANGELOG.md
CHANGED
|
@@ -94,7 +94,7 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
94
94
|
results = get_client.search(params)
|
|
95
95
|
raise "Elasticsearch query error: #{results["_shards"]["failures"]}" if results["_shards"].include? "failures"
|
|
96
96
|
|
|
97
|
-
event.set("[@metadata][total_hits]", results['hits']
|
|
97
|
+
event.set("[@metadata][total_hits]", extract_total_from_hits(results['hits']))
|
|
98
98
|
|
|
99
99
|
resultsHits = results["hits"]["hits"]
|
|
100
100
|
if !resultsHits.nil? && !resultsHits.empty?
|
|
@@ -173,6 +173,21 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
|
173
173
|
end
|
|
174
174
|
end
|
|
175
175
|
|
|
176
|
+
# Given a "hits" object from an Elasticsearch response, return the total number of hits in
|
|
177
|
+
# the result set.
|
|
178
|
+
# @param hits [Hash{String=>Object}]
|
|
179
|
+
# @return [Integer]
|
|
180
|
+
def extract_total_from_hits(hits)
|
|
181
|
+
total = hits['total']
|
|
182
|
+
|
|
183
|
+
# Elasticsearch 7.x produces an object containing `value` and `relation` in order
|
|
184
|
+
# to enable unambiguous reporting when the total is only a lower bound; if we get
|
|
185
|
+
# an object back, return its `value`.
|
|
186
|
+
return total['value'] if total.kind_of?(Hash)
|
|
187
|
+
|
|
188
|
+
total
|
|
189
|
+
end
|
|
190
|
+
|
|
176
191
|
def test_connection!
|
|
177
192
|
get_client.client.ping
|
|
178
193
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-elasticsearch'
|
|
4
|
-
s.version = '3.
|
|
4
|
+
s.version = '3.6.0'
|
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
|
6
6
|
s.summary = "Copies fields from previous log events in Elasticsearch to current events "
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -113,6 +113,26 @@ describe LogStash::Filters::Elasticsearch do
|
|
|
113
113
|
end
|
|
114
114
|
end
|
|
115
115
|
|
|
116
|
+
context 'when Elasticsearch 7.x gives us a totals object instead of an integer' do
|
|
117
|
+
let(:config) do
|
|
118
|
+
{
|
|
119
|
+
"hosts" => ["localhost:9200"],
|
|
120
|
+
"query" => "response: 404",
|
|
121
|
+
"fields" => { "response" => "code" },
|
|
122
|
+
"result_size" => 10
|
|
123
|
+
}
|
|
124
|
+
end
|
|
125
|
+
|
|
126
|
+
let(:response) do
|
|
127
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "elasticsearch_7.x_hits_total_as_object.json")))
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
it "should enhance the current event with new data" do
|
|
131
|
+
plugin.filter(event)
|
|
132
|
+
expect(event.get("[@metadata][total_hits]")).to eq(13476)
|
|
133
|
+
end
|
|
134
|
+
end
|
|
135
|
+
|
|
116
136
|
context "if something wrong happen during connection" do
|
|
117
137
|
|
|
118
138
|
before(:each) do
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
{
|
|
2
|
+
"took": 49,
|
|
3
|
+
"timed_out": false,
|
|
4
|
+
"_shards": {
|
|
5
|
+
"total": 155,
|
|
6
|
+
"successful": 155,
|
|
7
|
+
"failed": 0
|
|
8
|
+
},
|
|
9
|
+
"hits": {
|
|
10
|
+
"total": {
|
|
11
|
+
"value": 13476,
|
|
12
|
+
"relation": "eq"
|
|
13
|
+
},
|
|
14
|
+
"max_score": 1,
|
|
15
|
+
"hits": [{
|
|
16
|
+
"_index": "logstash-2014.08.26",
|
|
17
|
+
"_type": "logs",
|
|
18
|
+
"_id": "AVVY76L_AW7v0kX8KXo4",
|
|
19
|
+
"_score": 1,
|
|
20
|
+
"_source": {
|
|
21
|
+
"request": "/doc/index.html?org/elasticsearch/action/search/SearchResponse.html",
|
|
22
|
+
"agent": "\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
|
23
|
+
"geoip": {
|
|
24
|
+
"timezone": "America/Los_Angeles",
|
|
25
|
+
"ip": "66.249.73.185",
|
|
26
|
+
"latitude": 37.386,
|
|
27
|
+
"continent_code": "NA",
|
|
28
|
+
"city_name": "Mountain View",
|
|
29
|
+
"country_code2": "US",
|
|
30
|
+
"country_name": "United States",
|
|
31
|
+
"dma_code": 807,
|
|
32
|
+
"country_code3": "US",
|
|
33
|
+
"region_name": "California",
|
|
34
|
+
"location": [-122.0838,
|
|
35
|
+
37.386
|
|
36
|
+
],
|
|
37
|
+
"postal_code": "94035",
|
|
38
|
+
"longitude": -122.0838,
|
|
39
|
+
"region_code": "CA"
|
|
40
|
+
},
|
|
41
|
+
"auth": "-",
|
|
42
|
+
"ident": "-",
|
|
43
|
+
"verb": "GET",
|
|
44
|
+
"useragent": {
|
|
45
|
+
"os": "Other",
|
|
46
|
+
"major": "2",
|
|
47
|
+
"minor": "1",
|
|
48
|
+
"name": "Googlebot",
|
|
49
|
+
"os_name": "Other",
|
|
50
|
+
"device": "Spider"
|
|
51
|
+
},
|
|
52
|
+
"message": "66.249.73.185 - - [26/Aug/2014:21:22:13 +0000] \"GET /doc/index.html?org/elasticsearch/action/search/SearchResponse.html HTTP/1.1\" 404 294 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
|
53
|
+
"referrer": "\"-\"",
|
|
54
|
+
"@timestamp": "2014-08-26T21:22:13.000Z",
|
|
55
|
+
"response": 404,
|
|
56
|
+
"bytes": 294,
|
|
57
|
+
"clientip": "66.249.73.185",
|
|
58
|
+
"@version": "1",
|
|
59
|
+
"host": "skywalker",
|
|
60
|
+
"httpversion": "1.1",
|
|
61
|
+
"timestamp": "26/Aug/2014:21:22:13 +0000"
|
|
62
|
+
}
|
|
63
|
+
}]
|
|
64
|
+
},
|
|
65
|
+
"aggregations": {
|
|
66
|
+
"bytes_avg": {
|
|
67
|
+
"value": 294
|
|
68
|
+
}
|
|
69
|
+
}
|
|
70
|
+
}
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-11-
|
|
11
|
+
date: 2018-11-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -97,6 +97,7 @@ files:
|
|
|
97
97
|
- lib/logstash/filters/elasticsearch/client.rb
|
|
98
98
|
- logstash-filter-elasticsearch.gemspec
|
|
99
99
|
- spec/filters/elasticsearch_spec.rb
|
|
100
|
+
- spec/filters/fixtures/elasticsearch_7.x_hits_total_as_object.json
|
|
100
101
|
- spec/filters/fixtures/query_template.json
|
|
101
102
|
- spec/filters/fixtures/request_error.json
|
|
102
103
|
- spec/filters/fixtures/request_size0_agg.json
|
|
@@ -131,6 +132,7 @@ specification_version: 4
|
|
|
131
132
|
summary: Copies fields from previous log events in Elasticsearch to current events
|
|
132
133
|
test_files:
|
|
133
134
|
- spec/filters/elasticsearch_spec.rb
|
|
135
|
+
- spec/filters/fixtures/elasticsearch_7.x_hits_total_as_object.json
|
|
134
136
|
- spec/filters/fixtures/query_template.json
|
|
135
137
|
- spec/filters/fixtures/request_error.json
|
|
136
138
|
- spec/filters/fixtures/request_size0_agg.json
|