logstash-filter-geoip 0.1.9 → 0.1.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0bdb27f0f961aa1aff224b825b7791fdb733318f
-  data.tar.gz: 06ad0c0ef3d07867cc3eb00af529456ff974e142
+  metadata.gz: a390796c41012bb317660617d153447bc0ddb41d
+  data.tar.gz: 92a01375dc07a6544148eb95e85348894b2071ae
 SHA512:
-  metadata.gz: 54d2020a3ff1f836c9bc8ccfa9ad658b5baa75679b9f5f05f0f77e7d50a4b1a2850741a0ae4125ce80b8affd67055e8f584ba4be38b6a78fbef9c855f0246621
-  data.tar.gz: 43134f7978152681e52f6b27767a4cf7024a0199f0ec58463164ec1b09ab5196d2966fc5002fa1f593c237230b5ffb91bd90ca2149480c3c2690333b455cfc99
+  metadata.gz: 3506a0bd8697bc5cf4ad651f7de0510e1550d5637809548bb8b8daae9ddd3dc184d639552a6b06fc1330781e906c263046fc0b1e534b1e0ab30aa6bf404b9da6
+  data.tar.gz: f252e8844eecadf8007c3e762d8ea566688e6e44e7a40d45a40920dbec498d4ccc4d6092194ab89ef66eacfa6aa7dbe54270704d333fd94f8c3b2eee1f53194d

data/lib/logstash/filters/geoip.rb

@@ -10,7 +10,7 @@ require "tempfile"
 # the GeoIP lookup returns a latitude and longitude. The field is stored in
 # http://geojson.org/geojson-spec.html[GeoJSON] format. Additionally,
 # the default Elasticsearch template provided with the
-# <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps 
+# <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
 # the `[geoip][location]` field to an http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-geo-point-type.html#_mapping_options[Elasticsearch geo_point].
 #
 # As this field is a `geo_point` _and_ it is still valid GeoJSON, you get
@@ -114,11 +114,15 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
       @logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @field, :event => event)
     end
 
-    return if geo_data.nil?
+    return if geo_data.nil? || !geo_data.respond_to?(:to_hash)
 
     geo_data_hash = geo_data.to_hash
     geo_data_hash.delete(:request)
     event[@target] = {} if event[@target].nil?
+    if geo_data_hash.key?(:latitude) && geo_data_hash.key?(:longitude)
+      # If we have latitude and longitude values, add the location field as GeoJSON array
+      geo_data_hash[:location] = [ geo_data_hash[:longitude].to_f, geo_data_hash[:latitude].to_f ]
+    end
     geo_data_hash.each do |key, value|
       next if value.nil? || (value.is_a?(String) && value.empty?)
       if @fields.nil? || @fields.empty? || @fields.include?(key.to_s)
@@ -136,10 +140,6 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
         event[@target][key.to_s] = value
       end
     end # geo_data_hash.each
-    if event[@target].key?('latitude') && event[@target].key?('longitude')
-      # If we have latitude and longitude values, add the location field as GeoJSON array
-      event[@target]['location'] = [ event[@target]["longitude"].to_f, event[@target]["latitude"].to_f ]
-    end
     filter_matched(event)
   end # def filter
 end # class LogStash::Filters::GeoIP

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '0.1.9'
+  s.version         = '0.1.10'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "$summary"
   s.description     = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"

data/spec/filters/geoip_spec.rb

@@ -1,12 +1,35 @@
 require "logstash/devutils/rspec/spec_helper"
 require "logstash/filters/geoip"
 
+ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
+
 describe LogStash::Filters::GeoIP do
 
+  describe "ASN db" do
+    config <<-CONFIG
+      filter {
+        geoip {
+          source => "ip"
+          database => "#{ASNDB}"
+        }
+      }
+    CONFIG
+
+    sample("ip" => "1.1.1.1") do
+      insist { subject["geoip"]["asn"] } == "Google Inc."
+    end
+
+    # avoid crashing on unsupported IPv6 addresses
+    # see https://github.com/logstash-plugins/logstash-filter-geoip/issues/21
+    sample("ip" => "2a02:8071:aa1:c700:7984:22fc:c8e6:f6ff") do
+      reject { subject }.include?("geoip")
+    end
+  end
+
   describe "defaults" do
     config <<-CONFIG
       filter {
-        geoip { 
+        geoip {
           source => "ip"
           #database => "vendor/geoip/GeoLiteCity.dat"
         }
@@ -34,7 +57,7 @@ describe LogStash::Filters::GeoIP do
   describe "Specify the target" do
     config <<-CONFIG
       filter {
-        geoip { 
+        geoip {
           source => "ip"
           #database => "vendor/geoip/GeoLiteCity.dat"
           target => src_ip
@@ -94,12 +117,11 @@ describe LogStash::Filters::GeoIP do
   end
 
   describe "correct encodings with ASN db" do
-    asndb = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
     config <<-CONFIG
       filter {
         geoip {
           source => "ip"
-          database => "#{asndb}"
+          database => "#{ASNDB}"
         }
       }
     CONFIG
@@ -118,4 +140,35 @@ describe LogStash::Filters::GeoIP do
       insist { subject["geoip"]["asn"].encoding } == Encoding::UTF_8
     end
   end
+
+  describe "location field" do
+    shared_examples_for "an event with a [geoip][location] field" do
+      subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
+      let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => ["country_name", "location", "longitude"]) }
+
+      before do
+        plugin.register
+        plugin.filter(event)
+      end
+
+      it "should have a location field" do
+        expect(event["[geoip][location]"]).not_to(be_nil)
+      end
+    end
+
+    context "when latitude field is excluded" do
+      let(:fields) { ["country_name", "location", "longitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+
+    context "when longitude field is excluded" do
+      let(:fields) { ["country_name", "location", "latitude"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+
+    context "when both latitude and longitude field are excluded" do
+      let(:fields) { ["country_name", "location"] }
+      it_behaves_like "an event with a [geoip][location] field"
+    end
+  end
 end

metadata

@@ -1,17 +1,18 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 0.1.9
+  version: 0.1.10
 platform: ruby
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-04-20 00:00:00.000000000 Z
+date: 2015-05-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
+  name: logstash-core
+  version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
@@ -19,10 +20,7 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: 2.0.0
-  name: logstash-core
-  prerelease: false
-  type: :runtime
-  version_requirements: !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
@@ -30,34 +28,36 @@ dependencies:
     - - <
       - !ruby/object:Gem::Version
         version: 2.0.0
+  prerelease: false
+  type: :runtime
 - !ruby/object:Gem::Dependency
+  name: geoip
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.3.2
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: 1.3.2
-  name: geoip
   prerelease: false
   type: :runtime
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
-        version: 1.3.2
-- !ruby/object:Gem::Dependency
+        version: '0'
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - '>='
       - !ruby/object:Gem::Version
         version: '0'
-  name: logstash-devutils
   prerelease: false
   type: :development
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '>='
-      - !ruby/object:Gem::Version
-        version: '0'
 description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
 email: info@elastic.co
 executables: []
@@ -74,8 +74,8 @@ files:
 - logstash-filter-geoip.gemspec
 - spec/filters/geoip_spec.rb
 - vendor.json
-- vendor/GeoIPASNum-2014-02-12.dat
 - vendor/GeoLiteCity-2013-01-18.dat
+- vendor/GeoIPASNum-2014-02-12.dat
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)