logstash-filter-geoip 7.2.6-java → 7.2.10-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 433ba5fee36660147ee97dfe1f43b301184840886bc7bbc5d831b02337ba4606
4
- data.tar.gz: 897f4da52600922cfb828444b349123dedc03a79b0062fb494db56561894f8aa
3
+ metadata.gz: 0e7b28476c126af68bc29d44c7d64ec15aa5e09eed39c45a53d1c52d62f6c2c4
4
+ data.tar.gz: 6679da72cdaf947fccaf8140a82019668bf6c099f708638fdcf15e0dde8701a6
5
5
  SHA512:
6
- metadata.gz: 7575caa6518fb518269defd3186b02f04996c723692dd0f0e3e12b3d05b03be51b97f65c74a3b1c110a43d22ce1880601c0729764bb162099cae8c21b12d85a5
7
- data.tar.gz: cc3761f22ac75732293f0812851a2b5eab426f510def361cbe8f251dc2685f0ab10e2b0e98bd4d1ee40ff72f43a6e19ccbcac7c5399c0bf12d245db6dcc50484
6
+ metadata.gz: fc1051fee22e58527e8e091108f9e24d5f314ea92357817bf700765863c6bb320bca5f59835f1a873bb40f4f26df9c1847c18babdc1ebccb94d9f0e60d916f03
7
+ data.tar.gz: 694bbeeec97b179ccc6d52d5c94a56dfbe693c4bef95a44cbaadaa9bda2bc84b8e6c0eb5b6e73a8b94fb8930a649e59fa4a0f3206b4616baedabcf90015e0372
data/CHANGELOG.md CHANGED
@@ -1,3 +1,16 @@
1
+ ## 7.2.10
2
+ - [DOC] Air-gapped environment requires both ASN and City databases [#204](https://github.com/logstash-plugins/logstash-filter-geoip/pull/204)
3
+
4
+ ## 7.2.9
5
+ - Fix: red CI in Logstash 8.0 [#201](https://github.com/logstash-plugins/logstash-filter-geoip/pull/201)
6
+ - Update Log4j dependency to 2.17.1
7
+
8
+ ## 7.2.8
9
+ - Update Log4j dependency to 2.17.0
10
+
11
+ ## 7.2.7
12
+ - Ensure java 8 compatibility [#197](https://github.com/logstash-plugins/logstash-filter-geoip/pull/197)
13
+
1
14
  ## 7.2.6
2
15
  - Update Log4J dependencies [#196](https://github.com/logstash-plugins/logstash-filter-geoip/pull/196)
3
16
 
data/docs/index.asciidoc CHANGED
@@ -86,10 +86,10 @@ a secure proxy. You can then specify the proxy endpoint URL in the
86
86
  If you work in air-gapped environment and can't update your databases from the Elastic endpoint,
87
87
  You can then download databases from MaxMind and bootstrap the service.
88
88
 
89
- . Download your `.mmdb` database files from the
89
+ . Download both `GeoLite2-ASN.mmdb` and `GeoLite2-City.mmdb` database files from the
90
90
  http://dev.maxmind.com/geoip/geoip2/geolite2[MaxMind site].
91
91
 
92
- . Copy your database files to a single directory.
92
+ . Copy both database files to a single directory.
93
93
 
94
94
  . https://www.elastic.co/downloads/elasticsearch[Download {es}].
95
95
 
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-geoip'
4
- s.version = '7.2.6'
4
+ s.version = '7.2.10'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Adds geographical information about an IP address"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -48,7 +48,6 @@ describe LogStash::Filters::GeoIP do
48
48
  end
49
49
  end
50
50
 
51
-
52
51
  context "with ASN database" do
53
52
  let(:options) { common_options.merge({"database" => ASNDB}) }
54
53
 
@@ -59,27 +58,96 @@ describe LogStash::Filters::GeoIP do
59
58
  expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
60
59
  expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to eq "Google LLC"
61
60
  end
61
+
62
+ context "with customize fields" do
63
+ let(:fields) { ["AUTONOMOUS_SYSTEM_NUMBER"] }
64
+ let(:options) { common_options.merge({"database" => ASNDB, "fields" => fields}) }
65
+
66
+ it "should give asn field" do
67
+ plugin.filter(event)
68
+
69
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
70
+ expect( event.get ecs_select[disabled: "[#{target}][as_org]", v1: "[#{target}][as][organization][name]"] ).to be_nil
71
+
72
+ expect( event.get ecs_select[disabled: "[#{target}][asn]", v1: "[#{target}][as][number]"] ).to eq 15169
73
+ end
74
+ end
62
75
  end
63
76
 
64
77
  context "with customize fields" do
65
- let(:fields) { ["continent_name", "timezone"] }
66
- let(:options) { common_options.merge({"fields" => fields}) }
78
+ context "continent_name and timezone" do
79
+ let(:fields) { ["continent_name", "timezone"] }
80
+ let(:options) { common_options.merge({"fields" => fields}) }
67
81
 
68
- it "should return fields" do
69
- plugin.filter(event)
82
+ it "should return fields in UTF8" do
83
+ plugin.filter(event)
70
84
 
71
- expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
72
- expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
73
- expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
74
- expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
75
- expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
76
- expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
85
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
86
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
87
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
88
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
89
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
90
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
91
+
92
+ continent_name = event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"]
93
+ timezone = event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"]
94
+ expect( continent_name ).to eq "North America"
95
+ expect( timezone ).to eq "America/Chicago"
96
+ expect( continent_name.encoding ).to eq Encoding::UTF_8
97
+ expect( timezone.encoding ).to eq Encoding::UTF_8
98
+ end
99
+ end
77
100
 
78
- expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to eq "North America"
79
- expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to eq "America/Chicago"
101
+ context "location" do
102
+ shared_examples "provide location, lat and lon" do
103
+ it "should return location, lat and lon" do
104
+ plugin.filter(event)
105
+
106
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to be_nil
107
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
108
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
109
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to be_nil
110
+ expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
111
+ expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
112
+
113
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).not_to be_nil
114
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).not_to be_nil
115
+ end
116
+ end
117
+
118
+ context "location and longitude" do
119
+ let(:fields) { ["location", "longitude"] }
120
+ let(:options) { common_options.merge({"fields" => fields}) }
121
+ it_behaves_like "provide location, lat and lon"
122
+ end
123
+
124
+ context "location and latitude" do
125
+ let(:fields) { ["location", "latitude"] }
126
+ let(:options) { common_options.merge({"fields" => fields}) }
127
+ it_behaves_like "provide location, lat and lon"
128
+ end
80
129
  end
81
- end
82
130
 
131
+ context "continent_code and IP is IPv6 format" do
132
+ let(:ip) { "2607:f0d0:1002:51::4" }
133
+ let(:fields) { ["continent_code", "ip"] }
134
+ let(:options) { common_options.merge({"fields" => fields}) }
135
+
136
+ it "should return fields" do
137
+ plugin.filter(event)
138
+
139
+ expect( event.get ecs_select[disabled: "[#{target}][country_code2]", v1: "[#{target}][geo][country_iso_code]"] ).to be_nil
140
+ expect( event.get ecs_select[disabled: "[#{target}][country_name]", v1: "[#{target}][geo][country_name]"] ).to be_nil
141
+ expect( event.get ecs_select[disabled: "[#{target}][continent_name]", v1: "[#{target}][geo][continent_name]"] ).to be_nil
142
+ expect( event.get ecs_select[disabled: "[#{target}][location][lat]", v1: "[#{target}][geo][location][lat]"] ).to be_nil
143
+ expect( event.get ecs_select[disabled: "[#{target}][location][lon]", v1: "[#{target}][geo][location][lon]"] ).to be_nil
144
+ expect( event.get ecs_select[disabled: "[#{target}][timezone]", v1: "[#{target}][geo][timezone]"] ).to be_nil
145
+
146
+ expect( event.get ecs_select[disabled: "[#{target}][ip]", v1: "[#{target}][ip]"] ).to eq("2607:f0d0:1002:51:0:0:0:4")
147
+ expect( event.get ecs_select[disabled: "[#{target}][continent_code]", v1: "[#{target}][geo][continent_code]"] ).to eq("NA")
148
+ end
149
+ end
150
+ end
83
151
  end
84
152
  end
85
153
 
@@ -6,78 +6,33 @@ require "logstash/filters/geoip"
6
6
  CITYDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-City.mmdb"), __FILE__)).first
7
7
  ASNDB = ::Dir.glob(::File.expand_path(::File.join("..", "..", "..", "vendor", "GeoLite2-ASN.mmdb"), __FILE__)).first
8
8
 
9
- describe LogStash::Filters::GeoIP do
10
- describe "defaults" do
11
- config <<-CONFIG
12
- filter {
13
- geoip {
14
- source => "ip"
15
- database => "#{CITYDB}"
16
- }
17
- }
18
- CONFIG
19
-
20
- sample("ip" => "8.8.8.8") do
21
- insist { subject }.include?("geoip")
22
-
23
- expected_fields = %w(ip country_code2 country_code3 country_name
24
- continent_code latitude longitude location)
25
- expected_fields.each do |f|
26
- insist { subject.get("geoip") }.include?(f)
27
- end
28
- end
29
9
 
30
- sample("ip" => "127.0.0.1") do
31
- # assume geoip fails on localhost lookups
32
- expect(subject.get("geoip")).to eq({})
10
+ describe LogStash::Filters::GeoIP do
11
+ shared_examples "invalid empty IP" do
12
+ it "should not give target field" do
13
+ expect(event.get(target)).to be_nil
14
+ expect(event.get("tags")).to include("_geoip_lookup_failure")
33
15
  end
34
16
  end
35
17
 
36
- describe "normal operations" do
37
- config <<-CONFIG
38
- filter {
39
- geoip {
40
- source => "ip"
41
- database => "#{CITYDB}"
42
- target => src_ip
43
- add_tag => "done"
44
- }
45
- }
46
- CONFIG
47
-
48
- context "when specifying the target" do
49
-
50
- sample("ip" => "8.8.8.8") do
51
- expect(subject).to include("src_ip")
52
-
53
- expected_fields = %w(ip country_code2 country_code3 country_name
54
- continent_code latitude longitude location)
55
- expected_fields.each do |f|
56
- expect(subject.get("src_ip")).to include(f)
57
- end
58
- end
59
-
60
- sample("ip" => "127.0.0.1") do
61
- # assume geoip fails on localhost lookups
62
- expect(subject.get("src_ip")).to eq({})
63
- end
64
- end
65
-
66
- context "when specifying add_tag" do
67
- sample("ip" => "8.8.8.8") do
68
- expect(subject.get("tags")).to include("done")
69
- end
18
+ shared_examples "invalid string IP" do
19
+ it "should give empty hash in target field" do
20
+ expect(event.get(target)).to eq({})
21
+ expect(event.get("tags")).to include("_geoip_lookup_failure")
70
22
  end
71
23
  end
72
24
 
73
- describe "source is derived from target" do
74
- subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
25
+ let(:target) { "server" }
26
+
27
+ describe "invalid IP" do
28
+ let(:ip) { "173.9.34.107" }
29
+ let(:event) { LogStash::Event.new("client" => { "ip" => ip } ) }
75
30
  let(:plugin) {
76
31
  LogStash::Filters::GeoIP.new(
77
- "source" => "[target][ip]",
78
- "target" => "target",
79
- "fields" => [ "city_name", "region_name" ],
80
- "add_tag" => "done", "database" => CITYDB
32
+ "source" => "[client][ip]",
33
+ "target" => target,
34
+ "fields" => %w[country_name continent_code],
35
+ "database" => CITYDB
81
36
  )
82
37
  }
83
38
 
@@ -86,200 +41,71 @@ describe LogStash::Filters::GeoIP do
86
41
  plugin.filter(event)
87
42
  end
88
43
 
89
- context "when source field 'ip' is a subfield of 'target'" do
90
-
91
- it "should preserve value in [target][ip]" do
92
- expect(event.get("[target][ip]")).to eq("173.9.34.107")
44
+ context "when ip is 127.0.0.1" do
45
+ let(:ip) { "127.0.0.1" }
46
+ it "should give empty hash" do
47
+ expect(event.get(target)).to eq({})
93
48
  end
94
-
95
- it "should set other subfields of 'target' properly" do
96
- expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
97
- expect(event.get("[target][city_name]")).to eq("Malden")
98
- expect(event.get("[target][region_name]")).to eq("Massachusetts")
99
- end
100
-
101
49
  end
102
50
 
103
- end
104
-
105
- describe "correct encodings with default db" do
106
- config <<-CONFIG
107
- filter {
108
- geoip {
109
- source => "ip"
110
- database => "#{CITYDB}"
111
- }
112
- }
113
- CONFIG
114
- expected_fields = %w(ip country_code2 country_code3 country_name
115
- continent_code region_name city_name postal_code
116
- dma_code timezone)
117
-
118
- sample("ip" => "1.1.1.1") do
119
- checked = 0
120
- expected_fields.each do |f|
121
- next unless subject.get("geoip")[f]
122
- checked += 1
123
- insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
124
- end
125
- insist { checked } > 0
51
+ context "when ip is empty string" do
52
+ let(:ip) { "" }
53
+ it_behaves_like "invalid empty IP"
126
54
  end
127
55
 
128
- sample("ip" => "189.2.0.0") do
129
- checked = 0
130
- expected_fields.each do |f|
131
- next unless subject.get("geoip")[f]
132
- checked += 1
133
- insist { subject.get("geoip")[f].encoding } == Encoding::UTF_8
134
- end
135
- insist { checked } > 0
56
+ context "when ip is space" do
57
+ let(:ip) { " " }
58
+ it_behaves_like "invalid empty IP"
136
59
  end
137
60
 
138
- end
139
-
140
- describe "location field" do
141
- shared_examples_for "an event with a [geoip][location] field" do
142
- subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
143
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => fields, "database" => CITYDB) }
144
-
145
- before do
146
- plugin.register
147
- plugin.filter(event)
148
- end
149
-
150
- it "should have a location field" do
151
- expect(event.get("[geoip][location]")).not_to(be_nil)
152
- end
61
+ context "when ip is dash" do
62
+ let(:ip) { "-" }
63
+ it_behaves_like "invalid string IP"
153
64
  end
154
65
 
155
- context "when latitude field is excluded" do
156
- let(:fields) { ["country_name", "location", "longitude"] }
157
- it_behaves_like "an event with a [geoip][location] field"
66
+ context "when ip is N/A" do
67
+ let(:ip) { "N/A" }
68
+ it_behaves_like "invalid string IP"
158
69
  end
159
70
 
160
- context "when longitude field is excluded" do
161
- let(:fields) { ["country_name", "location", "latitude"] }
162
- it_behaves_like "an event with a [geoip][location] field"
71
+ context "when ip is two ip comma separated" do
72
+ let(:ip) { "123.45.67.89,61.160.232.222" }
73
+ it_behaves_like "invalid string IP"
163
74
  end
164
75
 
165
- context "when both latitude and longitude field are excluded" do
166
- let(:fields) { ["country_name", "location"] }
167
- it_behaves_like "an event with a [geoip][location] field"
76
+ context "when ip is not found in the DB" do
77
+ let(:ip) { "0.0.0.0" }
78
+ it_behaves_like "invalid string IP"
168
79
  end
169
- end
170
-
171
- describe "an invalid IP" do
172
- config <<-CONFIG
173
- filter {
174
- geoip {
175
- source => "ip"
176
- database => "#{CITYDB}"
177
- }
178
- }
179
- CONFIG
180
- describe "should not raise an error" do
181
- sample("ip" => "-") do
182
- expect{ subject }.to_not raise_error
183
- end
184
80
 
185
- sample("ip" => "~") do
186
- expect{ subject }.to_not raise_error
187
- end
188
-
189
- sample("ip" => "") do
190
- expect{ subject }.to_not raise_error
191
- end
192
-
193
- sample("ip" => " ") do
194
- expect{ subject }.to_not raise_error
195
- end
81
+ context "when ip is IPv6 format for localhost" do
82
+ let(:ip) { "::1" }
83
+ it_behaves_like "invalid string IP"
196
84
  end
85
+ end
197
86
 
198
- describe "empty database path" do
199
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message") }
200
- let(:event) { LogStash::Event.new("message" => "8.8.8.8") }
201
-
202
- context "when database manager give nil database path" do
203
- it "should tag expired database" do
204
- expect(plugin).to receive(:select_database_path).and_return(nil)
205
-
206
- plugin.register
207
- plugin.filter(event)
208
-
209
- expect(event.get("tags")).to include("_geoip_expired_database")
210
- end
211
- end
212
- end
87
+ describe "database path is empty" do
88
+ let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "target" => target) }
89
+ let(:event) { LogStash::Event.new("message" => "8.8.8.8") }
213
90
 
214
- describe "filter method outcomes" do
215
- let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "add_tag" => "done", "database" => CITYDB) }
216
- let(:event) { LogStash::Event.new("message" => ipstring) }
91
+ context "when database manager give nil database path" do
92
+ it "should tag expired database" do
93
+ expect(plugin).to receive(:select_database_path).and_return(nil)
217
94
 
218
- before do
219
95
  plugin.register
220
96
  plugin.filter(event)
221
- end
222
-
223
- context "when the bad IP is N/A" do
224
- # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/50
225
- let(:ipstring) { "N/A" }
226
-
227
- it "should set the target field to an empty hash" do
228
- expect(event.get("geoip")).to eq({})
229
- end
230
-
231
- it "should add failure tags" do
232
- expect(event.get("tags")).to include("_geoip_lookup_failure")
233
- end
234
- end
235
-
236
- context "when the bad IP is two ip comma separated" do
237
- # regression test for issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/51
238
- let(:ipstring) { "123.45.67.89,61.160.232.222" }
239
97
 
240
- it "should set the target field to an empty hash" do
241
- expect(event.get("geoip")).to eq({})
242
- end
98
+ expect(event.get("tags")).to include("_geoip_expired_database")
243
99
  end
244
-
245
- context "when a IP is not found in the DB" do
246
- let(:ipstring) { "0.0.0.0" }
247
-
248
- it "should set the target field to an empty hash" do
249
- expect(event.get("geoip")).to eq({})
250
- expect(event.get("tags")).to include("_geoip_lookup_failure")
251
- end
252
- end
253
-
254
- context "when IP is IPv6 format for localhost" do
255
- let(:ipstring) { "::1" }
256
-
257
- it "should set the target field to an empty hash" do
258
- expect(event.get("geoip")).to eq({})
259
- end
260
- end
261
-
262
- context "when IP is valid IPv6 format" do
263
- let(:ipstring) { "2607:f0d0:1002:51::4" }
264
-
265
- it "should set the target fields properly" do
266
- expect(event.get("geoip")).not_to be_empty
267
- expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
268
- expect(event.get("geoip").to_hash.keys.sort).to eq(
269
- ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude", "timezone"]
270
- )
271
- end
272
- end
273
-
274
100
  end
275
-
276
101
  end
277
102
 
278
- describe "an invalid database" do
103
+ describe "database path is an invalid database file" do
279
104
  config <<-CONFIG
280
105
  filter {
281
106
  geoip {
282
107
  source => "ip"
108
+ target => "geo"
283
109
  database => "./Gemfile"
284
110
  }
285
111
  }
@@ -292,40 +118,4 @@ describe LogStash::Filters::GeoIP do
292
118
  end
293
119
  end
294
120
 
295
- describe "GeoIP2-ASN database" do
296
- config <<-CONFIG
297
- filter {
298
- geoip {
299
- source => "ip"
300
- database => "#{ASNDB}"
301
- default_database_type => "ASN"
302
- }
303
- }
304
- CONFIG
305
-
306
- sample("ip" => "8.8.8.8") do
307
- expect(subject.get("geoip")).not_to be_empty
308
- expect(subject.get("geoip")["asn"]).to eq(15169)
309
- expect(subject.get("geoip")["as_org"]).to eq("Google LLC")
310
- end
311
- end
312
-
313
- describe "GeoIP2-ASN database with fields" do
314
- config <<-CONFIG
315
- filter {
316
- geoip {
317
- source => "ip"
318
- database => "#{ASNDB}"
319
- default_database_type => "ASN"
320
- fields => [ "AUTONOMOUS_SYSTEM_NUMBER" ]
321
- }
322
- }
323
- CONFIG
324
-
325
- sample("ip" => "8.8.8.8") do
326
- expect(subject.get("geoip")).not_to be_empty
327
- expect(subject.get("geoip")["asn"]).to eq(15169)
328
- end
329
- end
330
-
331
121
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-geoip
3
3
  version: !ruby/object:Gem::Version
4
- version: 7.2.6
4
+ version: 7.2.10
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-12-10 00:00:00.000000000 Z
11
+ date: 2022-01-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement