logstash-filter-geoip 0.1.9 → 0.1.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/filters/geoip.rb +6 -6
  3. data/logstash-filter-geoip.gemspec +1 -1
  4. data/spec/filters/geoip_spec.rb +57 -4
  5. metadata +17 -17
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 0bdb27f0f961aa1aff224b825b7791fdb733318f
4
- data.tar.gz: 06ad0c0ef3d07867cc3eb00af529456ff974e142
3
+ metadata.gz: a390796c41012bb317660617d153447bc0ddb41d
4
+ data.tar.gz: 92a01375dc07a6544148eb95e85348894b2071ae
5
5
  SHA512:
6
- metadata.gz: 54d2020a3ff1f836c9bc8ccfa9ad658b5baa75679b9f5f05f0f77e7d50a4b1a2850741a0ae4125ce80b8affd67055e8f584ba4be38b6a78fbef9c855f0246621
7
- data.tar.gz: 43134f7978152681e52f6b27767a4cf7024a0199f0ec58463164ec1b09ab5196d2966fc5002fa1f593c237230b5ffb91bd90ca2149480c3c2690333b455cfc99
6
+ metadata.gz: 3506a0bd8697bc5cf4ad651f7de0510e1550d5637809548bb8b8daae9ddd3dc184d639552a6b06fc1330781e906c263046fc0b1e534b1e0ab30aa6bf404b9da6
7
+ data.tar.gz: f252e8844eecadf8007c3e762d8ea566688e6e44e7a40d45a40920dbec498d4ccc4d6092194ab89ef66eacfa6aa7dbe54270704d333fd94f8c3b2eee1f53194d
data/lib/logstash/filters/geoip.rb CHANGED
@@ -10,7 +10,7 @@ require "tempfile"
10
10
  # the GeoIP lookup returns a latitude and longitude. The field is stored in
11
11
  # http://geojson.org/geojson-spec.html[GeoJSON] format. Additionally,
12
12
  # the default Elasticsearch template provided with the
13
- # <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
13
+ # <<plugins-outputs-elasticsearch,`elasticsearch` output>> maps
14
14
  # the `[geoip][location]` field to an http://www.elasticsearch.org/guide/en/elasticsearch/reference/current/mapping-geo-point-type.html#_mapping_options[Elasticsearch geo_point].
15
15
  #
16
16
  # As this field is a `geo_point` _and_ it is still valid GeoJSON, you get
@@ -114,11 +114,15 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
114
114
  @logger.error("Unknown error while looking up GeoIP data", :exception => e, :field => @field, :event => event)
115
115
  end
116
116
 
117
- return if geo_data.nil?
117
+ return if geo_data.nil? || !geo_data.respond_to?(:to_hash)
118
118
 
119
119
  geo_data_hash = geo_data.to_hash
120
120
  geo_data_hash.delete(:request)
121
121
  event[@target] = {} if event[@target].nil?
122
+ if geo_data_hash.key?(:latitude) && geo_data_hash.key?(:longitude)
123
+ # If we have latitude and longitude values, add the location field as GeoJSON array
124
+ geo_data_hash[:location] = [ geo_data_hash[:longitude].to_f, geo_data_hash[:latitude].to_f ]
125
+ end
122
126
  geo_data_hash.each do |key, value|
123
127
  next if value.nil? || (value.is_a?(String) && value.empty?)
124
128
  if @fields.nil? || @fields.empty? || @fields.include?(key.to_s)
@@ -136,10 +140,6 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
136
140
  event[@target][key.to_s] = value
137
141
  end
138
142
  end # geo_data_hash.each
139
- if event[@target].key?('latitude') && event[@target].key?('longitude')
140
- # If we have latitude and longitude values, add the location field as GeoJSON array
141
- event[@target]['location'] = [ event[@target]["longitude"].to_f, event[@target]["latitude"].to_f ]
142
- end
143
143
  filter_matched(event)
144
144
  end # def filter
145
145
  end # class LogStash::Filters::GeoIP
data/logstash-filter-geoip.gemspec CHANGED
@@ -1,7 +1,7 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-filter-geoip'
4
- s.version = '0.1.9'
4
+ s.version = '0.1.10'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "$summary"
7
7
  s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
data/spec/filters/geoip_spec.rb CHANGED
@@ -1,12 +1,35 @@
1
1
  require "logstash/devutils/rspec/spec_helper"
2
2
  require "logstash/filters/geoip"
3
3
 
4
+ ASNDB = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
5
+
4
6
  describe LogStash::Filters::GeoIP do
5
7
 
8
+ describe "ASN db" do
9
+ config <<-CONFIG
10
+ filter {
11
+ geoip {
12
+ source => "ip"
13
+ database => "#{ASNDB}"
14
+ }
15
+ }
16
+ CONFIG
17
+
18
+ sample("ip" => "1.1.1.1") do
19
+ insist { subject["geoip"]["asn"] } == "Google Inc."
20
+ end
21
+
22
+ # avoid crashing on unsupported IPv6 addresses
23
+ # see https://github.com/logstash-plugins/logstash-filter-geoip/issues/21
24
+ sample("ip" => "2a02:8071:aa1:c700:7984:22fc:c8e6:f6ff") do
25
+ reject { subject }.include?("geoip")
26
+ end
27
+ end
28
+
6
29
  describe "defaults" do
7
30
  config <<-CONFIG
8
31
  filter {
9
- geoip {
32
+ geoip {
10
33
  source => "ip"
11
34
  #database => "vendor/geoip/GeoLiteCity.dat"
12
35
  }
@@ -34,7 +57,7 @@ describe LogStash::Filters::GeoIP do
34
57
  describe "Specify the target" do
35
58
  config <<-CONFIG
36
59
  filter {
37
- geoip {
60
+ geoip {
38
61
  source => "ip"
39
62
  #database => "vendor/geoip/GeoLiteCity.dat"
40
63
  target => src_ip
@@ -94,12 +117,11 @@ describe LogStash::Filters::GeoIP do
94
117
  end
95
118
 
96
119
  describe "correct encodings with ASN db" do
97
- asndb = ::Dir.glob(::File.expand_path("../../vendor/", ::File.dirname(__FILE__))+"/GeoIPASNum*.dat").first
98
120
  config <<-CONFIG
99
121
  filter {
100
122
  geoip {
101
123
  source => "ip"
102
- database => "#{asndb}"
124
+ database => "#{ASNDB}"
103
125
  }
104
126
  }
105
127
  CONFIG
@@ -118,4 +140,35 @@ describe LogStash::Filters::GeoIP do
118
140
  insist { subject["geoip"]["asn"].encoding } == Encoding::UTF_8
119
141
  end
120
142
  end
143
+
144
+ describe "location field" do
145
+ shared_examples_for "an event with a [geoip][location] field" do
146
+ subject(:event) { LogStash::Event.new("message" => "8.8.8.8") }
147
+ let(:plugin) { LogStash::Filters::GeoIP.new("source" => "message", "fields" => ["country_name", "location", "longitude"]) }
148
+
149
+ before do
150
+ plugin.register
151
+ plugin.filter(event)
152
+ end
153
+
154
+ it "should have a location field" do
155
+ expect(event["[geoip][location]"]).not_to(be_nil)
156
+ end
157
+ end
158
+
159
+ context "when latitude field is excluded" do
160
+ let(:fields) { ["country_name", "location", "longitude"] }
161
+ it_behaves_like "an event with a [geoip][location] field"
162
+ end
163
+
164
+ context "when longitude field is excluded" do
165
+ let(:fields) { ["country_name", "location", "latitude"] }
166
+ it_behaves_like "an event with a [geoip][location] field"
167
+ end
168
+
169
+ context "when both latitude and longitude field are excluded" do
170
+ let(:fields) { ["country_name", "location"] }
171
+ it_behaves_like "an event with a [geoip][location] field"
172
+ end
173
+ end
121
174
  end
metadata CHANGED
@@ -1,17 +1,18 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-filter-geoip
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.1.10
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2015-04-20 00:00:00.000000000 Z
11
+ date: 2015-05-20 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
- requirement: !ruby/object:Gem::Requirement
14
+ name: logstash-core
15
+ version_requirements: !ruby/object:Gem::Requirement
15
16
  requirements:
16
17
  - - '>='
17
18
  - !ruby/object:Gem::Version
@@ -19,10 +20,7 @@ dependencies:
19
20
  - - <
20
21
  - !ruby/object:Gem::Version
21
22
  version: 2.0.0
22
- name: logstash-core
23
- prerelease: false
24
- type: :runtime
25
- version_requirements: !ruby/object:Gem::Requirement
23
+ requirement: !ruby/object:Gem::Requirement
26
24
  requirements:
27
25
  - - '>='
28
26
  - !ruby/object:Gem::Version
@@ -30,34 +28,36 @@ dependencies:
30
28
  - - <
31
29
  - !ruby/object:Gem::Version
32
30
  version: 2.0.0
31
+ prerelease: false
32
+ type: :runtime
33
33
  - !ruby/object:Gem::Dependency
34
+ name: geoip
35
+ version_requirements: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - '>='
38
+ - !ruby/object:Gem::Version
39
+ version: 1.3.2
34
40
  requirement: !ruby/object:Gem::Requirement
35
41
  requirements:
36
42
  - - '>='
37
43
  - !ruby/object:Gem::Version
38
44
  version: 1.3.2
39
- name: geoip
40
45
  prerelease: false
41
46
  type: :runtime
47
+ - !ruby/object:Gem::Dependency
48
+ name: logstash-devutils
42
49
  version_requirements: !ruby/object:Gem::Requirement
43
50
  requirements:
44
51
  - - '>='
45
52
  - !ruby/object:Gem::Version
46
- version: 1.3.2
47
- - !ruby/object:Gem::Dependency
53
+ version: '0'
48
54
  requirement: !ruby/object:Gem::Requirement
49
55
  requirements:
50
56
  - - '>='
51
57
  - !ruby/object:Gem::Version
52
58
  version: '0'
53
- name: logstash-devutils
54
59
  prerelease: false
55
60
  type: :development
56
- version_requirements: !ruby/object:Gem::Requirement
57
- requirements:
58
- - - '>='
59
- - !ruby/object:Gem::Version
60
- version: '0'
61
61
  description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
62
62
  email: info@elastic.co
63
63
  executables: []
@@ -74,8 +74,8 @@ files:
74
74
  - logstash-filter-geoip.gemspec
75
75
  - spec/filters/geoip_spec.rb
76
76
  - vendor.json
77
- - vendor/GeoIPASNum-2014-02-12.dat
78
77
  - vendor/GeoLiteCity-2013-01-18.dat
78
+ - vendor/GeoIPASNum-2014-02-12.dat
79
79
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
80
80
  licenses:
81
81
  - Apache License (2.0)