logstash-filter-elasticsearch 3.3.1 → 3.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/docs/index.asciidoc +22 -20
- data/lib/logstash/filters/elasticsearch.rb +3 -1
- data/logstash-filter-elasticsearch.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 92a2e2d6660ea8cf72381f7e7bd6832525e580c083b1f0d7188cbea58e32f2ee
|
4
|
+
data.tar.gz: 9cf2ac564ac0347e9f0642c0efaef8b4ac59f8725d9a9eef250805e8cde03656
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 913c2c225cfa517bf983ca3ee9c85263f0008e305b27dae4619afb8ffaa535e36f2618449b5da2de498dae4bfeb7e3f8dd2d654b3e0499d60f2383e99e92865b
|
7
|
+
data.tar.gz: b47a71caee22bf6b95908ec48ea9ce8a17b73c619fe48453a3ed4fe1470906bb149d4c852a1b8aba22e1b003ab0ad8ec33fcf558dfff56ea464cd9b69e4dc04e
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
## 3.4.0
|
2
|
+
- Adds `[@metadata][total_hits]` with total hits returned from the query ([#106](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/106))
|
3
|
+
- Improves error logging to fully inspect caught exceptions ([#105](https://github.com/logstash-plugins/logstash-filter-elasticsearch/pull/105))
|
4
|
+
|
1
5
|
## 3.3.1
|
2
6
|
- Fix: The filter now only calls `filter_matched` on events that actually matched.
|
3
7
|
This fixes issues where all events would have success-related actions happened
|
data/docs/index.asciidoc
CHANGED
@@ -89,25 +89,6 @@ if [type] == "end" {
|
|
89
89
|
template.json:
|
90
90
|
|
91
91
|
[source,json]
|
92
|
-
--------------------------------------------------
|
93
|
-
{
|
94
|
-
"query": {
|
95
|
-
"query_string": {
|
96
|
-
"query": "type:start AND operation:%{[opid]}"
|
97
|
-
}
|
98
|
-
},
|
99
|
-
"_source": ["@timestamp"]
|
100
|
-
}
|
101
|
-
--------------------------------------------------
|
102
|
-
|
103
|
-
As illustrated above, through the use of 'opid', fields from the Logstash
|
104
|
-
events can be referenced within the template.
|
105
|
-
The template will be populated per event prior to being used to query Elasticsearch.
|
106
|
-
|
107
|
-
Note that when you use `query_template`, the Logstash attributes `result_size`
|
108
|
-
and `sort` will be ignored. They should be specified directly in the JSON
|
109
|
-
template. Example:
|
110
|
-
|
111
92
|
[source,json]
|
112
93
|
--------------------------------------------------
|
113
94
|
{
|
@@ -122,6 +103,14 @@ template. Example:
|
|
122
103
|
}
|
123
104
|
--------------------------------------------------
|
124
105
|
|
106
|
+
As illustrated above, through the use of 'opid', fields from the Logstash
|
107
|
+
events can be referenced within the template.
|
108
|
+
The template will be populated per event prior to being used to query Elasticsearch.
|
109
|
+
|
110
|
+
Notice also that when you use `query_template`, the Logstash attributes `result_size`
|
111
|
+
and `sort` will be ignored. They should be specified directly in the JSON
|
112
|
+
template, as shown in the example above.
|
113
|
+
|
125
114
|
|
126
115
|
[id="plugins-{type}s-{plugin}-options"]
|
127
116
|
==== Elasticsearch Filter Configuration Options
|
@@ -212,7 +201,20 @@ Whether results should be sorted or not
|
|
212
201
|
* Value type is <<array,array>>
|
213
202
|
* Default value is `{}`
|
214
203
|
|
215
|
-
|
204
|
+
An array of fields to copy from the old event (found via elasticsearch) into the
|
205
|
+
new event, currently being processed.
|
206
|
+
|
207
|
+
In the following example, the values of `@timestamp` and `event_id` on the event
|
208
|
+
found via elasticsearch are copied to the current event's
|
209
|
+
`started` and `start_id` fields, respectively:
|
210
|
+
|
211
|
+
[source,ruby]
|
212
|
+
--------------------------------------------------
|
213
|
+
fields => {
|
214
|
+
"@timestamp" => "started"
|
215
|
+
"event_id" => "start_id"
|
216
|
+
}
|
217
|
+
--------------------------------------------------
|
216
218
|
|
217
219
|
[id="plugins-{type}s-{plugin}-hosts"]
|
218
220
|
===== `hosts`
|
@@ -93,6 +93,8 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
93
93
|
results = get_client.search(params)
|
94
94
|
raise "Elasticsearch query error: #{results["_shards"]["failures"]}" if results["_shards"].include? "failures"
|
95
95
|
|
96
|
+
event.set("[@metadata][total_hits]", results['hits']['total'])
|
97
|
+
|
96
98
|
resultsHits = results["hits"]["hits"]
|
97
99
|
if !resultsHits.nil? && !resultsHits.empty?
|
98
100
|
matched = true
|
@@ -121,7 +123,7 @@ class LogStash::Filters::Elasticsearch < LogStash::Filters::Base
|
|
121
123
|
end
|
122
124
|
|
123
125
|
rescue => e
|
124
|
-
@logger.warn("Failed to query elasticsearch for previous event", :index => @index, :query => query, :event => event, :error => e)
|
126
|
+
@logger.warn("Failed to query elasticsearch for previous event", :index => @index, :query => query, :event => event, :error => e.inspect)
|
125
127
|
@tag_on_failure.each{|tag| event.tag(tag)}
|
126
128
|
else
|
127
129
|
filter_matched(event) if matched
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-filter-elasticsearch'
|
4
|
-
s.version = '3.
|
4
|
+
s.version = '3.4.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Copies fields from previous log events in Elasticsearch to current events "
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-filter-elasticsearch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.
|
4
|
+
version: 3.4.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-09-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|