logstash-filter-fingerprint 3.2.2 → 3.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +1 -1
- data/docs/index.asciidoc +50 -6
- data/logstash-filter-fingerprint.gemspec +1 -1
- data/spec/filters/fingerprint_spec.rb +19 -19
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5985afeb097946794b24fa48da9e78f4a4146e39b7a39b4be98f11c2b74cd7f8
|
|
4
|
+
data.tar.gz: 1e6ba943dbae9448dacf4bcf8f4d268aa48381d816be73630f6594358090c8d4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 63d38e83879e80b301af57fd82fbf60630ace866b6f102425e8d3ae97467b5384b17268215e52854c35bf1c24e7dfe8f6bd448fa9821f7289610c794232d7a48
|
|
7
|
+
data.tar.gz: 566ef91a8e6d67abf113bdd07621f65d47a290d0b12f7278d881d3eb13cdaf8c6346147eee3d4534a4184ec70544440177b9821b54e61f58ace71a84ae821669
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,6 @@
|
|
|
1
|
+
## 3.2.3
|
|
2
|
+
- [DOC] Expanded description for concatenate_sources behavior and provided examples [#60](https://github.com/logstash-plugins/logstash-filter-fingerprint/pull/60)
|
|
3
|
+
|
|
1
4
|
## 3.2.2
|
|
2
5
|
- Fixed lack of consistent fingerprints on Hash/Map objects [#55](https://github.com/logstash-plugins/logstash-filter-fingerprint/pull/55)
|
|
3
6
|
|
data/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# Logstash Plugin
|
|
2
2
|
|
|
3
|
-
[](https://travis-ci.com/logstash-plugins/logstash-filter-fingerprint)
|
|
4
4
|
|
|
5
5
|
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
|
6
6
|
|
data/docs/index.asciidoc
CHANGED
|
@@ -23,9 +23,9 @@ include::{include_path}/plugin_header.asciidoc[]
|
|
|
23
23
|
Create consistent hashes (fingerprints) of one or more fields and store
|
|
24
24
|
the result in a new field.
|
|
25
25
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
26
|
+
You can use this plugin to create consistent document ids when events are
|
|
27
|
+
inserted into Elasticsearch. This approach means that existing documents can be
|
|
28
|
+
updated instead of creating new documents.
|
|
29
29
|
|
|
30
30
|
NOTE: When the `target` option is set to `UUID` the result won't be
|
|
31
31
|
a consistent hash but a random
|
|
@@ -72,9 +72,53 @@ base64 encoded rather than hex encoded strings.
|
|
|
72
72
|
When set to `true` and `method` isn't `UUID` or `PUNCTUATION`, the
|
|
73
73
|
plugin concatenates the names and values of all fields given in the
|
|
74
74
|
`source` option into one string (like the old checksum filter) before
|
|
75
|
-
doing the fingerprint computation.
|
|
76
|
-
|
|
77
|
-
|
|
75
|
+
doing the fingerprint computation.
|
|
76
|
+
|
|
77
|
+
If `false` and multiple source fields are given, the target field will be single
|
|
78
|
+
fingerprint of the last source field.
|
|
79
|
+
|
|
80
|
+
**Example: `concatenate_sources`=false**
|
|
81
|
+
|
|
82
|
+
This example produces a single fingerprint that is computed from "birthday," the
|
|
83
|
+
last source field.
|
|
84
|
+
|
|
85
|
+
[source,ruby]
|
|
86
|
+
-----
|
|
87
|
+
fingerprint {
|
|
88
|
+
source => ["user_id", "siblings", "birthday"]
|
|
89
|
+
}
|
|
90
|
+
-----
|
|
91
|
+
|
|
92
|
+
The output is:
|
|
93
|
+
|
|
94
|
+
[source,ruby]
|
|
95
|
+
-----
|
|
96
|
+
"fingerprint" => "6b6390a4416131f82b6ffb509f6e779e5dd9630f".
|
|
97
|
+
-----
|
|
98
|
+
|
|
99
|
+
**Example: `concatenate_sources`=false with array**
|
|
100
|
+
|
|
101
|
+
If the last source field is an array, you get an array of fingerprints.
|
|
102
|
+
|
|
103
|
+
In this example, "siblings" is an array ["big brother", "little sister", "little brother"].
|
|
104
|
+
|
|
105
|
+
[source,ruby]
|
|
106
|
+
-----
|
|
107
|
+
fingerprint {
|
|
108
|
+
source => ["user_id", "siblings"]
|
|
109
|
+
}
|
|
110
|
+
-----
|
|
111
|
+
|
|
112
|
+
The output is:
|
|
113
|
+
|
|
114
|
+
[source,ruby]
|
|
115
|
+
-----
|
|
116
|
+
"fingerprint" => [
|
|
117
|
+
[0] "8a8a9323677f4095fcf0c8c30b091a0133b00641",
|
|
118
|
+
[1] "2ce11b313402e0e9884e094409f8d9fcf01337c2",
|
|
119
|
+
[2] "adc0b90f9391a82098c7b99e66a816e9619ad0a7"
|
|
120
|
+
],
|
|
121
|
+
-----
|
|
78
122
|
|
|
79
123
|
[id="plugins-{type}s-{plugin}-concatenate_all_fields"]
|
|
80
124
|
===== `concatenate_all_fields`
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
|
|
3
3
|
s.name = 'logstash-filter-fingerprint'
|
|
4
|
-
s.version = '3.2.
|
|
4
|
+
s.version = '3.2.3'
|
|
5
5
|
s.licenses = ['Apache-2.0']
|
|
6
6
|
s.summary = "Fingerprints fields by replacing values with a consistent hash"
|
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
|
@@ -18,11 +18,11 @@ describe LogStash::Filters::Fingerprint do
|
|
|
18
18
|
|
|
19
19
|
context "with a string field" do
|
|
20
20
|
let(:data) { {"clientip" => "123.123.123.123" } }
|
|
21
|
-
let(:config) { super.merge("source" => ["clientip" ]) }
|
|
21
|
+
let(:config) { super().merge("source" => ["clientip" ]) }
|
|
22
22
|
|
|
23
23
|
describe "the IPV4_NETWORK method" do
|
|
24
24
|
let(:fingerprint_method) { "IPV4_NETWORK" }
|
|
25
|
-
let(:config) { super.merge("key" => 24) }
|
|
25
|
+
let(:config) { super().merge("key" => 24) }
|
|
26
26
|
|
|
27
27
|
it "fingerprints the ip as the network" do
|
|
28
28
|
expect(fingerprint).to eq("123.123.123.0")
|
|
@@ -45,20 +45,20 @@ describe LogStash::Filters::Fingerprint do
|
|
|
45
45
|
end
|
|
46
46
|
|
|
47
47
|
context "with HMAC" do
|
|
48
|
-
let(:config) { super.merge("key" => "longencryptionkey") }
|
|
48
|
+
let(:config) { super().merge("key" => "longencryptionkey") }
|
|
49
49
|
|
|
50
50
|
it "fingerprints the value" do
|
|
51
51
|
expect(fingerprint).to eq("fdc60acc4773dc5ac569ffb78fcb93c9630797f4")
|
|
52
52
|
end
|
|
53
53
|
context "with HMAC and base64 encoding" do
|
|
54
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
54
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
55
55
|
it "fingerprints the value" do
|
|
56
56
|
expect(fingerprint).to eq("/cYKzEdz3FrFaf+3j8uTyWMHl/Q=")
|
|
57
57
|
end
|
|
58
58
|
end
|
|
59
59
|
end
|
|
60
60
|
context "and base64 encoding" do
|
|
61
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
61
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
62
62
|
it "fingerprints the value" do
|
|
63
63
|
expect(fingerprint).to eq("OlB2xSC0tGP0OAaJbqCzl40J3K4=")
|
|
64
64
|
end
|
|
@@ -71,12 +71,12 @@ describe LogStash::Filters::Fingerprint do
|
|
|
71
71
|
expect(fingerprint).to eq("4dabcab210766e35f03e77120e6986d6e6d4752b2a9ff22980b9253d026080d8")
|
|
72
72
|
end
|
|
73
73
|
context "with HMAC" do
|
|
74
|
-
let(:config) { super.merge("key" => "longencryptionkey") }
|
|
74
|
+
let(:config) { super().merge("key" => "longencryptionkey") }
|
|
75
75
|
it "fingerprints the value" do
|
|
76
76
|
expect(fingerprint).to eq("345bec3eff242d53b568916c2610b3e393d885d6b96d643f38494fd74bf4a9ca")
|
|
77
77
|
end
|
|
78
78
|
context "and base64 encoding" do
|
|
79
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
79
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
80
80
|
it "fingerprints the value" do
|
|
81
81
|
expect(fingerprint).to eq("NFvsPv8kLVO1aJFsJhCz45PYhda5bWQ/OElP10v0qco=")
|
|
82
82
|
end
|
|
@@ -90,12 +90,12 @@ describe LogStash::Filters::Fingerprint do
|
|
|
90
90
|
expect(fingerprint).to eq("fd605b0a3af3e04ce0d7a0b0d9c48d67a12dab811f60072e6eae84e35d567793ffb68a1807536f11c90874065c2a4392")
|
|
91
91
|
end
|
|
92
92
|
context "with HMAC" do
|
|
93
|
-
let(:config) { super.merge("key" => "longencryptionkey") }
|
|
93
|
+
let(:config) { super().merge("key" => "longencryptionkey") }
|
|
94
94
|
it "fingerprints the value" do
|
|
95
95
|
expect(fingerprint).to eq("22d4c0e8c4fbcdc4887d2038fca7650f0e2e0e2457ff41c06eb2a980dded6749561c814fe182aff93e2538d18593947a")
|
|
96
96
|
end
|
|
97
97
|
context "and base64 encoding" do
|
|
98
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
98
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
99
99
|
it "fingerprints the value" do
|
|
100
100
|
expect(fingerprint).to eq("ItTA6MT7zcSIfSA4/KdlDw4uDiRX/0HAbrKpgN3tZ0lWHIFP4YKv+T4lONGFk5R6")
|
|
101
101
|
end
|
|
@@ -108,12 +108,12 @@ describe LogStash::Filters::Fingerprint do
|
|
|
108
108
|
expect(fingerprint).to eq("5468e2dc64ea92b617782aae884b35af60041ac9e168a283615b6a462c54c13d42fa9542cce9b7d76a8124ac6616818905e3e5dd35d6e519f77c3b517558639a")
|
|
109
109
|
end
|
|
110
110
|
context "with HMAC" do
|
|
111
|
-
let(:config) { super.merge("key" => "longencryptionkey") }
|
|
111
|
+
let(:config) { super().merge("key" => "longencryptionkey") }
|
|
112
112
|
it "fingerprints the value" do
|
|
113
113
|
expect(fingerprint).to eq("11c19b326936c08d6c50a3c847d883e5a1362e6a64dd55201a25f2c1ac1b673f7d8bf15b8f112a4978276d573275e3b14166e17246f670c2a539401c5bfdace8")
|
|
114
114
|
end
|
|
115
115
|
context "and base64 encoding" do
|
|
116
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
116
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
117
117
|
it "fingerprints the value" do
|
|
118
118
|
expect(fingerprint).to eq("EcGbMmk2wI1sUKPIR9iD5aE2Lmpk3VUgGiXywawbZz99i/FbjxEqSXgnbVcydeOxQWbhckb2cMKlOUAcW/2s6A==")
|
|
119
119
|
end
|
|
@@ -126,12 +126,12 @@ describe LogStash::Filters::Fingerprint do
|
|
|
126
126
|
expect(fingerprint).to eq("ccdd8d3d940a01b2fb3258c059924c0d")
|
|
127
127
|
end
|
|
128
128
|
context "with HMAC" do
|
|
129
|
-
let(:config) { super.merge("key" => "longencryptionkey") }
|
|
129
|
+
let(:config) { super().merge("key" => "longencryptionkey") }
|
|
130
130
|
it "fingerprints the value" do
|
|
131
131
|
expect(fingerprint).to eq("9336c879e305c9604a3843fc3e75948f")
|
|
132
132
|
end
|
|
133
133
|
context "and base64 encoding" do
|
|
134
|
-
let(:config) { super.merge("base64encode" => true) }
|
|
134
|
+
let(:config) { super().merge("base64encode" => true) }
|
|
135
135
|
it "fingerprints the value" do
|
|
136
136
|
expect(fingerprint).to eq("kzbIeeMFyWBKOEP8PnWUjw==")
|
|
137
137
|
end
|
|
@@ -141,7 +141,7 @@ describe LogStash::Filters::Fingerprint do
|
|
|
141
141
|
end
|
|
142
142
|
|
|
143
143
|
context "multiple values in the source field" do
|
|
144
|
-
let(:config) { super.merge("source" => ["clientip" ]) }
|
|
144
|
+
let(:config) { super().merge("source" => ["clientip" ]) }
|
|
145
145
|
let(:data) { { "clientip" => [ "123.123.123.123", "223.223.223.223" ] } }
|
|
146
146
|
|
|
147
147
|
it "produces a fingerprint array" do
|
|
@@ -162,7 +162,7 @@ describe LogStash::Filters::Fingerprint do
|
|
|
162
162
|
end
|
|
163
163
|
|
|
164
164
|
context "when multiple fields are used" do
|
|
165
|
-
let(:config) { super.merge("source" => ['field1', 'field2']) }
|
|
165
|
+
let(:config) { super().merge("source" => ['field1', 'field2']) }
|
|
166
166
|
let(:data) { { "field1" => "test1", "field2" => "test2" } }
|
|
167
167
|
|
|
168
168
|
it "fingerprints the value of the last value" do
|
|
@@ -171,7 +171,7 @@ describe LogStash::Filters::Fingerprint do
|
|
|
171
171
|
end
|
|
172
172
|
|
|
173
173
|
describe "with concatenate_sources" do
|
|
174
|
-
let(:config) { super.merge("concatenate_sources" => true) }
|
|
174
|
+
let(:config) { super().merge("concatenate_sources" => true) }
|
|
175
175
|
it "fingerprints the value of concatenated key/pairs" do
|
|
176
176
|
# SHA1 of "|field1|test1|field2|test2|"
|
|
177
177
|
expect(fingerprint).to eq("e3b6b71eedc656f1d29408264e8a75535db985cb")
|
|
@@ -181,7 +181,7 @@ describe LogStash::Filters::Fingerprint do
|
|
|
181
181
|
|
|
182
182
|
describe "PUNCTUATION method" do
|
|
183
183
|
let(:fingerprint_method) { 'PUNCTUATION' }
|
|
184
|
-
let(:config) { super.merge("source" => 'field1') }
|
|
184
|
+
let(:config) { super().merge("source" => 'field1') }
|
|
185
185
|
let(:data) { { "field1" => "PHP Warning: json_encode() [<a href='function.json-encode'>function.json-encode</a>]: Invalid UTF-8 sequence in argument in /var/www/htdocs/test.php on line 233" } }
|
|
186
186
|
|
|
187
187
|
it "extracts punctiation as the fingerprint" do
|
|
@@ -191,10 +191,10 @@ describe LogStash::Filters::Fingerprint do
|
|
|
191
191
|
|
|
192
192
|
context 'Timestamps' do
|
|
193
193
|
epoch_time = Time.at(0).gmtime
|
|
194
|
-
let(:config) { super.merge("source" => ['@timestamp']) }
|
|
194
|
+
let(:config) { super().merge("source" => ['@timestamp']) }
|
|
195
195
|
|
|
196
196
|
describe 'OpenSSL Fingerprinting' do
|
|
197
|
-
let(:config) { super.merge("key" => '0123') }
|
|
197
|
+
let(:config) { super().merge("key" => '0123') }
|
|
198
198
|
let(:fingerprint_method) { "SHA1" }
|
|
199
199
|
let(:data) { { "@timestamp" => epoch_time } }
|
|
200
200
|
it "fingerprints the timestamp correctly" do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-filter-fingerprint
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.2.
|
|
4
|
+
version: 3.2.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-11 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|