logstash-filter-elasticsearch 4.3.0 → 4.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/lib/logstash/filters/elasticsearch/client.rb +9 -18
- data/lib/logstash/filters/elasticsearch.rb +0 -3
- data/logstash-filter-elasticsearch.gemspec +2 -2
- data/spec/filters/elasticsearch_dsl_spec.rb +0 -30
- data/spec/filters/elasticsearch_spec.rb +29 -43
- data/spec/filters/elasticsearch_ssl_spec.rb +1 -1
- data/spec/filters/fixtures/test_certs/ca.crt +30 -30
- data/spec/filters/fixtures/test_certs/ca.der.sha256 +1 -1
- data/spec/filters/fixtures/test_certs/ca.key +52 -51
- data/spec/filters/fixtures/test_certs/es.chain.crt +62 -61
- data/spec/filters/fixtures/test_certs/es.crt +32 -31
- data/spec/filters/fixtures/test_certs/es.der.sha256 +1 -1
- data/spec/filters/fixtures/test_certs/es.key +52 -51
- data/spec/filters/fixtures/test_certs/ls.chain.crt +58 -58
- data/spec/filters/fixtures/test_certs/ls.chain.jks +0 -0
- data/spec/filters/fixtures/test_certs/ls.chain.p12 +0 -0
- data/spec/filters/fixtures/test_certs/ls.crt +28 -28
- data/spec/filters/fixtures/test_certs/ls.der.sha256 +1 -1
- data/spec/filters/fixtures/test_certs/ls.key +52 -51
- data/spec/filters/integration/elasticsearch_spec.rb +1 -9
- metadata +16 -22
- data/lib/logstash/filters/elasticsearch/patches/_elasticsearch_transport_http_manticore.rb +0 -44
- data/spec/filters/fixtures/elasticsearch_7.x_hits_total_as_object.json +0 -70
metadata
CHANGED
|
@@ -1,16 +1,16 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-elasticsearch
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 4.
|
|
4
|
+
version: 4.4.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
|
-
autorequire:
|
|
9
8
|
bindir: bin
|
|
10
9
|
cert_chain: []
|
|
11
|
-
date:
|
|
10
|
+
date: 1980-01-02 00:00:00.000000000 Z
|
|
12
11
|
dependencies:
|
|
13
12
|
- !ruby/object:Gem::Dependency
|
|
13
|
+
name: logstash-core-plugin-api
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
15
15
|
requirements:
|
|
16
16
|
- - ">="
|
|
@@ -19,7 +19,6 @@ dependencies:
|
|
|
19
19
|
- - "<="
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
21
|
version: '2.99'
|
|
22
|
-
name: logstash-core-plugin-api
|
|
23
22
|
type: :runtime
|
|
24
23
|
prerelease: false
|
|
25
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -31,32 +30,32 @@ dependencies:
|
|
|
31
30
|
- !ruby/object:Gem::Version
|
|
32
31
|
version: '2.99'
|
|
33
32
|
- !ruby/object:Gem::Dependency
|
|
33
|
+
name: elasticsearch
|
|
34
34
|
requirement: !ruby/object:Gem::Requirement
|
|
35
35
|
requirements:
|
|
36
36
|
- - ">="
|
|
37
37
|
- !ruby/object:Gem::Version
|
|
38
|
-
version:
|
|
38
|
+
version: '8'
|
|
39
39
|
- - "<"
|
|
40
40
|
- !ruby/object:Gem::Version
|
|
41
|
-
version: '
|
|
42
|
-
name: elasticsearch
|
|
41
|
+
version: '10'
|
|
43
42
|
type: :runtime
|
|
44
43
|
prerelease: false
|
|
45
44
|
version_requirements: !ruby/object:Gem::Requirement
|
|
46
45
|
requirements:
|
|
47
46
|
- - ">="
|
|
48
47
|
- !ruby/object:Gem::Version
|
|
49
|
-
version:
|
|
48
|
+
version: '8'
|
|
50
49
|
- - "<"
|
|
51
50
|
- !ruby/object:Gem::Version
|
|
52
|
-
version: '
|
|
51
|
+
version: '10'
|
|
53
52
|
- !ruby/object:Gem::Dependency
|
|
53
|
+
name: manticore
|
|
54
54
|
requirement: !ruby/object:Gem::Requirement
|
|
55
55
|
requirements:
|
|
56
56
|
- - ">="
|
|
57
57
|
- !ruby/object:Gem::Version
|
|
58
58
|
version: 0.7.1
|
|
59
|
-
name: manticore
|
|
60
59
|
type: :runtime
|
|
61
60
|
prerelease: false
|
|
62
61
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -65,12 +64,12 @@ dependencies:
|
|
|
65
64
|
- !ruby/object:Gem::Version
|
|
66
65
|
version: 0.7.1
|
|
67
66
|
- !ruby/object:Gem::Dependency
|
|
67
|
+
name: logstash-mixin-ecs_compatibility_support
|
|
68
68
|
requirement: !ruby/object:Gem::Requirement
|
|
69
69
|
requirements:
|
|
70
70
|
- - "~>"
|
|
71
71
|
- !ruby/object:Gem::Version
|
|
72
72
|
version: '1.3'
|
|
73
|
-
name: logstash-mixin-ecs_compatibility_support
|
|
74
73
|
type: :runtime
|
|
75
74
|
prerelease: false
|
|
76
75
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -79,12 +78,12 @@ dependencies:
|
|
|
79
78
|
- !ruby/object:Gem::Version
|
|
80
79
|
version: '1.3'
|
|
81
80
|
- !ruby/object:Gem::Dependency
|
|
81
|
+
name: logstash-mixin-ca_trusted_fingerprint_support
|
|
82
82
|
requirement: !ruby/object:Gem::Requirement
|
|
83
83
|
requirements:
|
|
84
84
|
- - "~>"
|
|
85
85
|
- !ruby/object:Gem::Version
|
|
86
86
|
version: '1.0'
|
|
87
|
-
name: logstash-mixin-ca_trusted_fingerprint_support
|
|
88
87
|
type: :runtime
|
|
89
88
|
prerelease: false
|
|
90
89
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -93,12 +92,12 @@ dependencies:
|
|
|
93
92
|
- !ruby/object:Gem::Version
|
|
94
93
|
version: '1.0'
|
|
95
94
|
- !ruby/object:Gem::Dependency
|
|
95
|
+
name: logstash-mixin-validator_support
|
|
96
96
|
requirement: !ruby/object:Gem::Requirement
|
|
97
97
|
requirements:
|
|
98
98
|
- - "~>"
|
|
99
99
|
- !ruby/object:Gem::Version
|
|
100
100
|
version: '1.0'
|
|
101
|
-
name: logstash-mixin-validator_support
|
|
102
101
|
type: :runtime
|
|
103
102
|
prerelease: false
|
|
104
103
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -107,12 +106,12 @@ dependencies:
|
|
|
107
106
|
- !ruby/object:Gem::Version
|
|
108
107
|
version: '1.0'
|
|
109
108
|
- !ruby/object:Gem::Dependency
|
|
109
|
+
name: cabin
|
|
110
110
|
requirement: !ruby/object:Gem::Requirement
|
|
111
111
|
requirements:
|
|
112
112
|
- - "~>"
|
|
113
113
|
- !ruby/object:Gem::Version
|
|
114
114
|
version: '0.6'
|
|
115
|
-
name: cabin
|
|
116
115
|
type: :development
|
|
117
116
|
prerelease: false
|
|
118
117
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -121,12 +120,12 @@ dependencies:
|
|
|
121
120
|
- !ruby/object:Gem::Version
|
|
122
121
|
version: '0.6'
|
|
123
122
|
- !ruby/object:Gem::Dependency
|
|
123
|
+
name: webrick
|
|
124
124
|
requirement: !ruby/object:Gem::Requirement
|
|
125
125
|
requirements:
|
|
126
126
|
- - ">="
|
|
127
127
|
- !ruby/object:Gem::Version
|
|
128
128
|
version: '0'
|
|
129
|
-
name: webrick
|
|
130
129
|
type: :development
|
|
131
130
|
prerelease: false
|
|
132
131
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -135,12 +134,12 @@ dependencies:
|
|
|
135
134
|
- !ruby/object:Gem::Version
|
|
136
135
|
version: '0'
|
|
137
136
|
- !ruby/object:Gem::Dependency
|
|
137
|
+
name: logstash-devutils
|
|
138
138
|
requirement: !ruby/object:Gem::Requirement
|
|
139
139
|
requirements:
|
|
140
140
|
- - ">="
|
|
141
141
|
- !ruby/object:Gem::Version
|
|
142
142
|
version: '0'
|
|
143
|
-
name: logstash-devutils
|
|
144
143
|
type: :development
|
|
145
144
|
prerelease: false
|
|
146
145
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -167,14 +166,12 @@ files:
|
|
|
167
166
|
- lib/logstash/filters/elasticsearch/client.rb
|
|
168
167
|
- lib/logstash/filters/elasticsearch/dsl_executor.rb
|
|
169
168
|
- lib/logstash/filters/elasticsearch/esql_executor.rb
|
|
170
|
-
- lib/logstash/filters/elasticsearch/patches/_elasticsearch_transport_http_manticore.rb
|
|
171
169
|
- logstash-filter-elasticsearch.gemspec
|
|
172
170
|
- spec/es_helper.rb
|
|
173
171
|
- spec/filters/elasticsearch_dsl_spec.rb
|
|
174
172
|
- spec/filters/elasticsearch_esql_spec.rb
|
|
175
173
|
- spec/filters/elasticsearch_spec.rb
|
|
176
174
|
- spec/filters/elasticsearch_ssl_spec.rb
|
|
177
|
-
- spec/filters/fixtures/elasticsearch_7.x_hits_total_as_object.json
|
|
178
175
|
- spec/filters/fixtures/generate_test_certs.openssl.cnf
|
|
179
176
|
- spec/filters/fixtures/generate_test_certs.sh
|
|
180
177
|
- spec/filters/fixtures/query_template.json
|
|
@@ -205,7 +202,6 @@ licenses:
|
|
|
205
202
|
metadata:
|
|
206
203
|
logstash_plugin: 'true'
|
|
207
204
|
logstash_group: filter
|
|
208
|
-
post_install_message:
|
|
209
205
|
rdoc_options: []
|
|
210
206
|
require_paths:
|
|
211
207
|
- lib
|
|
@@ -220,8 +216,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
220
216
|
- !ruby/object:Gem::Version
|
|
221
217
|
version: '0'
|
|
222
218
|
requirements: []
|
|
223
|
-
rubygems_version: 3.
|
|
224
|
-
signing_key:
|
|
219
|
+
rubygems_version: 3.7.2
|
|
225
220
|
specification_version: 4
|
|
226
221
|
summary: Copies fields from previous log events in Elasticsearch to current events
|
|
227
222
|
test_files:
|
|
@@ -230,7 +225,6 @@ test_files:
|
|
|
230
225
|
- spec/filters/elasticsearch_esql_spec.rb
|
|
231
226
|
- spec/filters/elasticsearch_spec.rb
|
|
232
227
|
- spec/filters/elasticsearch_ssl_spec.rb
|
|
233
|
-
- spec/filters/fixtures/elasticsearch_7.x_hits_total_as_object.json
|
|
234
228
|
- spec/filters/fixtures/generate_test_certs.openssl.cnf
|
|
235
229
|
- spec/filters/fixtures/generate_test_certs.sh
|
|
236
230
|
- spec/filters/fixtures/query_template.json
|
|
@@ -1,44 +0,0 @@
|
|
|
1
|
-
# encoding: utf-8
|
|
2
|
-
require "elasticsearch"
|
|
3
|
-
require "elasticsearch/transport/transport/http/manticore"
|
|
4
|
-
|
|
5
|
-
es_client_version = Gem.loaded_specs['elasticsearch-transport'].version
|
|
6
|
-
if es_client_version >= Gem::Version.new('7.2') && es_client_version < Gem::Version.new('7.16')
|
|
7
|
-
# elasticsearch-transport 7.2.0 - 7.14.0 had a bug where setting http headers
|
|
8
|
-
# ES::Client.new ..., transport_options: { headers: { 'Authorization' => ... } }
|
|
9
|
-
# would be lost https://github.com/elastic/elasticsearch-ruby/issues/1428
|
|
10
|
-
#
|
|
11
|
-
# NOTE: needs to be idempotent as input ES plugin might apply the same patch!
|
|
12
|
-
#
|
|
13
|
-
# @private
|
|
14
|
-
module Elasticsearch
|
|
15
|
-
module Transport
|
|
16
|
-
module Transport
|
|
17
|
-
module HTTP
|
|
18
|
-
class Manticore
|
|
19
|
-
|
|
20
|
-
def apply_headers(request_options, options)
|
|
21
|
-
headers = (options && options[:headers]) || {}
|
|
22
|
-
headers[CONTENT_TYPE_STR] = find_value(headers, CONTENT_TYPE_REGEX) || DEFAULT_CONTENT_TYPE
|
|
23
|
-
|
|
24
|
-
# this code is necessary to grab the correct user-agent header
|
|
25
|
-
# when this method is invoked with apply_headers(@request_options, options)
|
|
26
|
-
# from https://github.com/elastic/elasticsearch-ruby/blob/v7.14.0/elasticsearch-transport/lib/elasticsearch/transport/transport/http/manticore.rb#L113-L114
|
|
27
|
-
transport_user_agent = nil
|
|
28
|
-
if (options && options[:transport_options] && options[:transport_options][:headers])
|
|
29
|
-
transport_headers = {}
|
|
30
|
-
transport_headers = options[:transport_options][:headers]
|
|
31
|
-
transport_user_agent = find_value(transport_headers, USER_AGENT_REGEX)
|
|
32
|
-
end
|
|
33
|
-
|
|
34
|
-
headers[USER_AGENT_STR] = transport_user_agent || find_value(headers, USER_AGENT_REGEX) || user_agent_header
|
|
35
|
-
headers[ACCEPT_ENCODING] = GZIP if use_compression?
|
|
36
|
-
(request_options[:headers] ||= {}).merge!(headers) # this line was changed
|
|
37
|
-
end
|
|
38
|
-
|
|
39
|
-
end
|
|
40
|
-
end
|
|
41
|
-
end
|
|
42
|
-
end
|
|
43
|
-
end
|
|
44
|
-
end
|
|
@@ -1,70 +0,0 @@
|
|
|
1
|
-
{
|
|
2
|
-
"took": 49,
|
|
3
|
-
"timed_out": false,
|
|
4
|
-
"_shards": {
|
|
5
|
-
"total": 155,
|
|
6
|
-
"successful": 155,
|
|
7
|
-
"failed": 0
|
|
8
|
-
},
|
|
9
|
-
"hits": {
|
|
10
|
-
"total": {
|
|
11
|
-
"value": 13476,
|
|
12
|
-
"relation": "eq"
|
|
13
|
-
},
|
|
14
|
-
"max_score": 1,
|
|
15
|
-
"hits": [{
|
|
16
|
-
"_index": "logstash-2014.08.26",
|
|
17
|
-
"_type": "logs",
|
|
18
|
-
"_id": "AVVY76L_AW7v0kX8KXo4",
|
|
19
|
-
"_score": 1,
|
|
20
|
-
"_source": {
|
|
21
|
-
"request": "/doc/index.html?org/elasticsearch/action/search/SearchResponse.html",
|
|
22
|
-
"agent": "\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
|
23
|
-
"geoip": {
|
|
24
|
-
"timezone": "America/Los_Angeles",
|
|
25
|
-
"ip": "66.249.73.185",
|
|
26
|
-
"latitude": 37.386,
|
|
27
|
-
"continent_code": "NA",
|
|
28
|
-
"city_name": "Mountain View",
|
|
29
|
-
"country_code2": "US",
|
|
30
|
-
"country_name": "United States",
|
|
31
|
-
"dma_code": 807,
|
|
32
|
-
"country_code3": "US",
|
|
33
|
-
"region_name": "California",
|
|
34
|
-
"location": [-122.0838,
|
|
35
|
-
37.386
|
|
36
|
-
],
|
|
37
|
-
"postal_code": "94035",
|
|
38
|
-
"longitude": -122.0838,
|
|
39
|
-
"region_code": "CA"
|
|
40
|
-
},
|
|
41
|
-
"auth": "-",
|
|
42
|
-
"ident": "-",
|
|
43
|
-
"verb": "GET",
|
|
44
|
-
"useragent": {
|
|
45
|
-
"os": "Other",
|
|
46
|
-
"major": "2",
|
|
47
|
-
"minor": "1",
|
|
48
|
-
"name": "Googlebot",
|
|
49
|
-
"os_name": "Other",
|
|
50
|
-
"device": "Spider"
|
|
51
|
-
},
|
|
52
|
-
"message": "66.249.73.185 - - [26/Aug/2014:21:22:13 +0000] \"GET /doc/index.html?org/elasticsearch/action/search/SearchResponse.html HTTP/1.1\" 404 294 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
|
53
|
-
"referrer": "\"-\"",
|
|
54
|
-
"@timestamp": "2014-08-26T21:22:13.000Z",
|
|
55
|
-
"response": 404,
|
|
56
|
-
"bytes": 294,
|
|
57
|
-
"clientip": "66.249.73.185",
|
|
58
|
-
"@version": "1",
|
|
59
|
-
"host": "skywalker",
|
|
60
|
-
"httpversion": "1.1",
|
|
61
|
-
"timestamp": "26/Aug/2014:21:22:13 +0000"
|
|
62
|
-
}
|
|
63
|
-
}]
|
|
64
|
-
},
|
|
65
|
-
"aggregations": {
|
|
66
|
-
"bytes_avg": {
|
|
67
|
-
"value": 294
|
|
68
|
-
}
|
|
69
|
-
}
|
|
70
|
-
}
|