logstash-filter-geoip 4.0.3-java → 4.0.4-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d9b1f9ef87be749f3618264050fb4d673a2f6e53
-  data.tar.gz: 64ceed3fa0a9899ca7098ebe6ce8205e83d5fad0
+  metadata.gz: bbf7e3621c24e4bc6f64df90421f55c52f74c13e
+  data.tar.gz: 03641338d9d39484912b82551cc33dc97a61d2f2
 SHA512:
-  metadata.gz: 74d024b1ca991b03b1668f1c56527abd2cbb0898d8758b61bfee96e9b193a8fa7d8a81aadc17e0367a7d87528e03ba65abf4e5e180a16b496bd78b75e2b9b36f
-  data.tar.gz: 5dc3b7095f9409dbe8904796699b9c0d2e3c060eb202015f6ace5f3231391d40af1a40293b3c37f758df8bd5f1dabfc7b0f14a54e32362bf2338073629253e30
+  metadata.gz: 14e164de08ebb4410115223a3ad18a67aa50d3b86162f9f1b981657f63ea3d828b436036b2498f2e5ee47ed781ea34ff68f7e1a11e132c457bef5688b7e45e54
+  data.tar.gz: 101805ecd116cccea5dfcd48de645d6f86d47cc2aba7c9cf5466eecfb39f815dbe2c0a472a2da6cb01e2e0e72375cf33b05ae86459a5104758d4790951644541

data/CHANGELOG.md

@@ -1,5 +1,10 @@
+## 4.0.4
+  - Update of the GeoIP2 DB
+  - Target should be merged and not completely overwritten (#98)
+
 ## 4.0.3
   - Update of the GeoIP2 DB
+
 ## 4.0.2
   - Recreate gem since 4.0.1 lacked jars
 
@@ -16,7 +21,7 @@
 # 3.0.0-beta2
  - Internal: Actually include the vendored jars
 
-# 3.0.0-beta1 
+# 3.0.0-beta1
  - Changed plugin to use GeoIP2 database. See http://dev.maxmind.com/geoip/geoip2/whats-new-in-geoip2/
 
 # 2.0.7

data/lib/logstash/filters/geoip.rb

@@ -47,7 +47,7 @@ end
 # map visualization).
 #
 # Note: This product includes GeoLite2 data created by MaxMind, available from
-# http://www.maxmind.com. This database is licensed under 
+# http://www.maxmind.com. This database is licensed under
 # http://creativecommons.org/licenses/by-sa/4.0/[Creative Commons Attribution-ShareAlike 4.0 International License]
 
 class LogStash::Filters::GeoIP < LogStash::Filters::Base
@@ -121,7 +121,7 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
   # to having multiple caches for different instances at different points in the pipeline, that would just increase the
   # number of cache misses and waste memory.
   config :lru_cache_size, :validate => :number, :default => 1000
-  
+
   # Tags the event on failure to look up geo information. This can be used in later analysis.
   config :tag_on_failure, :validate => :array, :default => ["_geoip_lookup_failure"]
 
@@ -169,16 +169,13 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
       raise e
     end
 
-    event.set(@target, geo_data_hash)
-
-    if geo_data_hash.empty?
+    if apply_geodata(geo_data_hash, event)
+      filter_matched(event)
+    else
       tag_unsuccessful_lookup(event)
-      return
     end
-
-    filter_matched(event)
   end # def filter
-  
+
   def populate_geo_data(response, ip_address, geo_data_hash)
     country = response.getCountry()
     subdivision = response.getMostSpecificSubdivision()
@@ -235,4 +232,20 @@ class LogStash::Filters::GeoIP < LogStash::Filters::Base
     @tag_on_failure.each{|tag| event.tag(tag)}
   end
 
+  def apply_geodata(geo_data_hash, event)
+    # don't do anything more if the lookup result is nil?
+    return false if geo_data_hash.nil?
+    # only do event.set(@target) if the lookup result is not nil
+    event.set(@target, {}) if event.get(@target).nil?
+    # don't do anything more if the lookup result is empty?
+    return false if geo_data_hash.empty?
+    geo_data_hash.each do |key, value|
+      if @fields.include?(key) && value
+        # can't dup numerics
+        event.set("[#{@target}][#{key}]", value.is_a?(Numeric) ? value : value.dup)
+      end
+    end # geo_data_hash.each
+    true
+  end
+
 end # class LogStash::Filters::GeoIP

data/logstash-filter-geoip.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-filter-geoip'
-  s.version         = '4.0.3'
+  s.version         = '4.0.4'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "$summary"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -26,9 +26,8 @@ Gem::Specification.new do |s|
   s.requirements << "jar com.maxmind.geoip2:geoip2, 2.5.0, :exclusions=> [com.google.http-client:google-http-client]"
 
   s.add_development_dependency "jar-dependencies"
-  
+
   s.add_development_dependency 'ruby-maven', '~> 3.3'
 
   s.add_development_dependency 'logstash-devutils'
 end
-

data/spec/filters/geoip_spec.rb

@@ -73,6 +73,38 @@ describe LogStash::Filters::GeoIP do
     end
   end
 
+  describe "source is derived from target" do
+    subject(:event) { LogStash::Event.new("target" => { "ip" => "173.9.34.107" } ) }
+    let(:plugin) {
+      LogStash::Filters::GeoIP.new(
+        "source" => "[target][ip]",
+        "target" => "target",
+        "fields" => [ "city_name", "region_name" ],
+        "add_tag" => "done", "database" => CITYDB
+      )
+    }
+
+    before do
+      plugin.register
+      plugin.filter(event)
+    end
+
+    context "when source field 'ip' is a subfield of 'target'" do
+
+      it "should preserve value in [target][ip]" do
+        expect(event.get("[target][ip]")).to eq("173.9.34.107")
+      end
+
+      it "should set other subfields of 'target' properly" do
+        expect(event.get("target").to_hash.keys.sort).to eq(["city_name", "ip", "region_name"])
+        expect(event.get("[target][city_name]")).to eq("Mendon")
+        expect(event.get("[target][region_name]")).to eq("Massachusetts")
+      end
+
+    end
+
+  end
+
   describe "correct encodings with default db" do
     config <<-CONFIG
       filter {
@@ -187,7 +219,7 @@ describe LogStash::Filters::GeoIP do
           expect(event.get("geoip")).to eq({})
         end
       end
-      
+
       context "when a IP is not found in the DB" do
         let(:ipstring) { "0.0.0.0" }
 
@@ -196,7 +228,7 @@ describe LogStash::Filters::GeoIP do
           expect(event.get("tags")).to include("_geoip_lookup_failure")
         end
       end
-      
+
       context "when IP is IPv6 format for localhost" do
         let(:ipstring) { "::1" }
 
@@ -204,16 +236,19 @@ describe LogStash::Filters::GeoIP do
           expect(event.get("geoip")).to eq({})
         end
       end
-      
-      context "when IP is IPv6 format" do
+
+      context "when IP is valid IPv6 format" do
         let(:ipstring) { "2607:f0d0:1002:51::4" }
 
-        it "should set the target field to an empty hash" do
+        it "should set the target fields properly" do
           expect(event.get("geoip")).not_to be_empty
-          expect(event.get("geoip")["city_name"]).not_to be_nil
+          expect(event.get("geoip")["ip"]).to eq("2607:f0d0:1002:51:0:0:0:4")
+          expect(event.get("geoip").to_hash.keys.sort).to eq(
+            ["continent_code", "country_code2", "country_code3", "country_name", "ip", "latitude", "location", "longitude"]
+          )
         end
       end
-      
+
     end
 
     context "should return the correct source field in the logging message" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-filter-geoip
 version: !ruby/object:Gem::Version
-  version: 4.0.3
+  version: 4.0.4
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-08-05 00:00:00.000000000 Z
+date: 2016-11-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement