logstash-filter-opensearch-manticore 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +2 -0
- data/CONTRIBUTORS +17 -0
- data/Gemfile +11 -0
- data/LICENSE +202 -0
- data/NOTICE.TXT +5 -0
- data/README.md +98 -0
- data/docs/index.asciidoc +336 -0
- data/lib/logstash/filters/opensearch/patches/_opensearch_transport_connections_selector.rb +52 -0
- data/lib/logstash/filters/opensearch/patches/_opensearch_transport_http_manticore.rb +44 -0
- data/lib/logstash/filters/opensearch.rb +281 -0
- data/logstash-filter-opensearch-manticore.gemspec +29 -0
- data/spec/filters/fixtures/opensearch_7.x_hits_total_as_object.json +70 -0
- data/spec/filters/fixtures/query_template.json +7 -0
- data/spec/filters/fixtures/query_template_unicode.json +7 -0
- data/spec/filters/fixtures/request_error.json +25 -0
- data/spec/filters/fixtures/request_size0_agg.json +19 -0
- data/spec/filters/fixtures/request_x_1.json +67 -0
- data/spec/filters/fixtures/request_x_10.json +500 -0
- data/spec/filters/integration/opensearch_spec.rb +61 -0
- data/spec/filters/opensearch_spec.rb +431 -0
- data/spec/opensearch_helper.rb +43 -0
- metadata +139 -0
@@ -0,0 +1,500 @@
|
|
1
|
+
{
|
2
|
+
"took": 49,
|
3
|
+
"timed_out": false,
|
4
|
+
"_shards": {
|
5
|
+
"total": 155,
|
6
|
+
"successful": 155,
|
7
|
+
"failed": 0
|
8
|
+
},
|
9
|
+
"hits": {
|
10
|
+
"total": 13476,
|
11
|
+
"max_score": 1,
|
12
|
+
"hits": [{
|
13
|
+
"_index": "logstash-2014.08.26",
|
14
|
+
"_type": "logs",
|
15
|
+
"_id": "AVVY76L_AW7v0kX8KXo4",
|
16
|
+
"_score": 1,
|
17
|
+
"_source": {
|
18
|
+
"request": "/doc/index.html?org/opensearch/action/search/SearchResponse.html",
|
19
|
+
"agent": "\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
20
|
+
"geoip": {
|
21
|
+
"timezone": "America/Los_Angeles",
|
22
|
+
"ip": "66.249.73.185",
|
23
|
+
"latitude": 37.386,
|
24
|
+
"continent_code": "NA",
|
25
|
+
"city_name": "Mountain View",
|
26
|
+
"country_code2": "US",
|
27
|
+
"country_name": "United States",
|
28
|
+
"dma_code": 807,
|
29
|
+
"country_code3": "US",
|
30
|
+
"region_name": "California",
|
31
|
+
"location": [-122.0838,
|
32
|
+
37.386
|
33
|
+
],
|
34
|
+
"postal_code": "94035",
|
35
|
+
"longitude": -122.0838,
|
36
|
+
"region_code": "CA"
|
37
|
+
},
|
38
|
+
"auth": "-",
|
39
|
+
"ident": "-",
|
40
|
+
"verb": "GET",
|
41
|
+
"useragent": {
|
42
|
+
"os": "Other",
|
43
|
+
"major": "2",
|
44
|
+
"minor": "1",
|
45
|
+
"name": "Googlebot",
|
46
|
+
"os_name": "Other",
|
47
|
+
"device": "Spider"
|
48
|
+
},
|
49
|
+
"message": "66.249.73.185 - - [26/Aug/2014:21:22:13 +0000] \"GET /doc/index.html?org/opensearch/action/search/SearchResponse.html HTTP/1.1\" 404 294 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
50
|
+
"referrer": "\"-\"",
|
51
|
+
"@timestamp": "2014-08-26T21:22:13.000Z",
|
52
|
+
"response": 404,
|
53
|
+
"bytes": 294,
|
54
|
+
"clientip": "66.249.73.185",
|
55
|
+
"@version": "1",
|
56
|
+
"host": "skywalker",
|
57
|
+
"httpversion": "1.1",
|
58
|
+
"timestamp": "26/Aug/2014:21:22:13 +0000"
|
59
|
+
}
|
60
|
+
}, {
|
61
|
+
"_index": "logstash-2014.08.26",
|
62
|
+
"_type": "logs",
|
63
|
+
"_id": "AVVY76eJAW7v0kX8KXtH",
|
64
|
+
"_score": 1,
|
65
|
+
"_source": {
|
66
|
+
"request": "/presentations/logstash-puppetconf-2012/images/office-space-printer-beat-down-gif.gif",
|
67
|
+
"agent": "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1\"",
|
68
|
+
"geoip": {
|
69
|
+
"timezone": "Asia/Shanghai",
|
70
|
+
"ip": "111.199.235.239",
|
71
|
+
"latitude": 39.9289,
|
72
|
+
"continent_code": "AS",
|
73
|
+
"city_name": "Beijing",
|
74
|
+
"country_code2": "CN",
|
75
|
+
"country_name": "China",
|
76
|
+
"dma_code": null,
|
77
|
+
"country_code3": "CN",
|
78
|
+
"region_name": "Beijing",
|
79
|
+
"location": [
|
80
|
+
116.3883,
|
81
|
+
39.9289
|
82
|
+
],
|
83
|
+
"postal_code": null,
|
84
|
+
"longitude": 116.3883,
|
85
|
+
"region_code": "11"
|
86
|
+
},
|
87
|
+
"auth": "-",
|
88
|
+
"ident": "-",
|
89
|
+
"verb": "GET",
|
90
|
+
"useragent": {
|
91
|
+
"patch": "5",
|
92
|
+
"os": "Mac OS X 10.8.5",
|
93
|
+
"major": "6",
|
94
|
+
"minor": "0",
|
95
|
+
"os_minor": "8",
|
96
|
+
"os_major": "10",
|
97
|
+
"name": "Safari",
|
98
|
+
"os_name": "Mac OS X",
|
99
|
+
"device": "Other"
|
100
|
+
},
|
101
|
+
"message": "111.199.235.239 - - [26/Aug/2014:22:06:06 +0000] \"GET /presentations/logstash-puppetconf-2012/images/office-space-printer-beat-down-gif.gif HTTP/1.1\" 404 364 \"http://semicomplete.com/presentations/logstash-puppetconf-2012/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/536.30.1 (KHTML, like Gecko) Version/6.0.5 Safari/536.30.1\"",
|
102
|
+
"referrer": "\"http://semicomplete.com/presentations/logstash-puppetconf-2012/\"",
|
103
|
+
"@timestamp": "2014-08-26T22:06:06.000Z",
|
104
|
+
"response": 404,
|
105
|
+
"bytes": 364,
|
106
|
+
"clientip": "111.199.235.239",
|
107
|
+
"@version": "1",
|
108
|
+
"host": "skywalker",
|
109
|
+
"httpversion": "1.1",
|
110
|
+
"timestamp": "26/Aug/2014:22:06:06 +0000"
|
111
|
+
}
|
112
|
+
}, {
|
113
|
+
"_index": "logstash-2014.08.26",
|
114
|
+
"_type": "logs",
|
115
|
+
"_id": "AVVY76eJAW7v0kX8KXtf",
|
116
|
+
"_score": 1,
|
117
|
+
"_source": {
|
118
|
+
"request": "/files/logstash/logstash-1.3.2-monolithic.jar",
|
119
|
+
"agent": "\"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
120
|
+
"geoip": {
|
121
|
+
"timezone": "America/Los_Angeles",
|
122
|
+
"ip": "208.91.156.11",
|
123
|
+
"latitude": 34.0486,
|
124
|
+
"continent_code": "NA",
|
125
|
+
"city_name": "Los Angeles",
|
126
|
+
"country_code2": "US",
|
127
|
+
"country_name": "United States",
|
128
|
+
"dma_code": 803,
|
129
|
+
"country_code3": "US",
|
130
|
+
"region_name": "California",
|
131
|
+
"location": [-118.4424,
|
132
|
+
34.0486
|
133
|
+
],
|
134
|
+
"postal_code": "90025",
|
135
|
+
"longitude": -118.4424,
|
136
|
+
"region_code": "CA"
|
137
|
+
},
|
138
|
+
"auth": "-",
|
139
|
+
"ident": "-",
|
140
|
+
"verb": "GET",
|
141
|
+
"useragent": {
|
142
|
+
"os": "Other",
|
143
|
+
"name": "Other",
|
144
|
+
"os_name": "Other",
|
145
|
+
"device": "Other"
|
146
|
+
},
|
147
|
+
"message": "208.91.156.11 - - [26/Aug/2014:22:12:14 +0000] \"GET /files/logstash/logstash-1.3.2-monolithic.jar HTTP/1.1\" 404 324 \"-\" \"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
148
|
+
"referrer": "\"-\"",
|
149
|
+
"@timestamp": "2014-08-26T22:12:14.000Z",
|
150
|
+
"response": 404,
|
151
|
+
"bytes": 324,
|
152
|
+
"clientip": "208.91.156.11",
|
153
|
+
"@version": "1",
|
154
|
+
"host": "skywalker",
|
155
|
+
"httpversion": "1.1",
|
156
|
+
"timestamp": "26/Aug/2014:22:12:14 +0000"
|
157
|
+
}
|
158
|
+
}, {
|
159
|
+
"_index": "logstash-2014.08.26",
|
160
|
+
"_type": "logs",
|
161
|
+
"_id": "AVVY761xAW7v0kX8KXvw",
|
162
|
+
"_score": 1,
|
163
|
+
"_source": {
|
164
|
+
"request": "/files/logstash/logstash-1.3.2-monolithic.jar",
|
165
|
+
"agent": "\"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
166
|
+
"geoip": {
|
167
|
+
"timezone": "America/Los_Angeles",
|
168
|
+
"ip": "208.91.156.11",
|
169
|
+
"latitude": 34.0486,
|
170
|
+
"continent_code": "NA",
|
171
|
+
"city_name": "Los Angeles",
|
172
|
+
"country_code2": "US",
|
173
|
+
"country_name": "United States",
|
174
|
+
"dma_code": 803,
|
175
|
+
"country_code3": "US",
|
176
|
+
"region_name": "California",
|
177
|
+
"location": [-118.4424,
|
178
|
+
34.0486
|
179
|
+
],
|
180
|
+
"postal_code": "90025",
|
181
|
+
"longitude": -118.4424,
|
182
|
+
"region_code": "CA"
|
183
|
+
},
|
184
|
+
"auth": "-",
|
185
|
+
"ident": "-",
|
186
|
+
"verb": "GET",
|
187
|
+
"useragent": {
|
188
|
+
"os": "Other",
|
189
|
+
"name": "Other",
|
190
|
+
"os_name": "Other",
|
191
|
+
"device": "Other"
|
192
|
+
},
|
193
|
+
"message": "208.91.156.11 - - [26/Aug/2014:22:42:22 +0000] \"GET /files/logstash/logstash-1.3.2-monolithic.jar HTTP/1.1\" 404 324 \"-\" \"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
194
|
+
"referrer": "\"-\"",
|
195
|
+
"@timestamp": "2014-08-26T22:42:22.000Z",
|
196
|
+
"response": 404,
|
197
|
+
"bytes": 324,
|
198
|
+
"clientip": "208.91.156.11",
|
199
|
+
"@version": "1",
|
200
|
+
"host": "skywalker",
|
201
|
+
"httpversion": "1.1",
|
202
|
+
"timestamp": "26/Aug/2014:22:42:22 +0000"
|
203
|
+
}
|
204
|
+
}, {
|
205
|
+
"_index": "logstash-2014.08.26",
|
206
|
+
"_type": "logs",
|
207
|
+
"_id": "AVVY77AwAW7v0kX8KXx8",
|
208
|
+
"_score": 1,
|
209
|
+
"_source": {
|
210
|
+
"request": "/wp-login.php",
|
211
|
+
"agent": "\"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\"",
|
212
|
+
"geoip": {
|
213
|
+
"timezone": "Europe/Rome",
|
214
|
+
"ip": "195.250.34.144",
|
215
|
+
"latitude": 43.4995,
|
216
|
+
"continent_code": "EU",
|
217
|
+
"city_name": "Arezzo",
|
218
|
+
"country_code2": "IT",
|
219
|
+
"country_name": "Italy",
|
220
|
+
"dma_code": null,
|
221
|
+
"country_code3": "IT",
|
222
|
+
"region_name": "Province of Arezzo",
|
223
|
+
"location": [
|
224
|
+
11.9109,
|
225
|
+
43.4995
|
226
|
+
],
|
227
|
+
"postal_code": "52100",
|
228
|
+
"longitude": 11.9109,
|
229
|
+
"region_code": "AR"
|
230
|
+
},
|
231
|
+
"auth": "-",
|
232
|
+
"ident": "-",
|
233
|
+
"verb": "GET",
|
234
|
+
"useragent": {
|
235
|
+
"patch": "1290",
|
236
|
+
"os": "Windows 7",
|
237
|
+
"major": "24",
|
238
|
+
"minor": "0",
|
239
|
+
"name": "Chrome",
|
240
|
+
"os_name": "Windows 7",
|
241
|
+
"device": "Other"
|
242
|
+
},
|
243
|
+
"message": "195.250.34.144 - - [26/Aug/2014:23:40:50 +0000] \"GET /wp-login.php HTTP/1.1\" 404 292 \"-\" \"Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/24.0.1290.1 Safari/537.13\"",
|
244
|
+
"referrer": "\"-\"",
|
245
|
+
"@timestamp": "2014-08-26T23:40:50.000Z",
|
246
|
+
"response": 404,
|
247
|
+
"bytes": 292,
|
248
|
+
"clientip": "195.250.34.144",
|
249
|
+
"@version": "1",
|
250
|
+
"host": "skywalker",
|
251
|
+
"httpversion": "1.1",
|
252
|
+
"timestamp": "26/Aug/2014:23:40:50 +0000"
|
253
|
+
}
|
254
|
+
}, {
|
255
|
+
"_index": "logstash-2014.08.26",
|
256
|
+
"_type": "logs",
|
257
|
+
"_id": "AVVY77AwAW7v0kX8KXyB",
|
258
|
+
"_score": 1,
|
259
|
+
"_source": {
|
260
|
+
"request": "/presentations/logstash-puppetconf-2012/images/office-space-printer-beat-down-gif.gif",
|
261
|
+
"agent": "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/6.1.1 Safari/537.73.11\"",
|
262
|
+
"geoip": {
|
263
|
+
"timezone": "Asia/Kolkata",
|
264
|
+
"ip": "122.166.142.108",
|
265
|
+
"latitude": 12.9833,
|
266
|
+
"continent_code": "AS",
|
267
|
+
"city_name": "Bengaluru",
|
268
|
+
"country_code2": "IN",
|
269
|
+
"country_name": "India",
|
270
|
+
"dma_code": null,
|
271
|
+
"country_code3": "IN",
|
272
|
+
"region_name": "Karnataka",
|
273
|
+
"location": [
|
274
|
+
77.5833,
|
275
|
+
12.9833
|
276
|
+
],
|
277
|
+
"postal_code": null,
|
278
|
+
"longitude": 77.5833,
|
279
|
+
"region_code": "KA"
|
280
|
+
},
|
281
|
+
"auth": "-",
|
282
|
+
"ident": "-",
|
283
|
+
"verb": "GET",
|
284
|
+
"useragent": {
|
285
|
+
"patch": "1",
|
286
|
+
"os": "Mac OS X 10.8.5",
|
287
|
+
"major": "6",
|
288
|
+
"minor": "1",
|
289
|
+
"os_minor": "8",
|
290
|
+
"os_major": "10",
|
291
|
+
"name": "Safari",
|
292
|
+
"os_name": "Mac OS X",
|
293
|
+
"device": "Other"
|
294
|
+
},
|
295
|
+
"message": "122.166.142.108 - - [26/Aug/2014:23:41:19 +0000] \"GET /presentations/logstash-puppetconf-2012/images/office-space-printer-beat-down-gif.gif HTTP/1.1\" 404 364 \"http://semicomplete.com/presentations/logstash-puppetconf-2012/\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.73.11 (KHTML, like Gecko) Version/6.1.1 Safari/537.73.11\"",
|
296
|
+
"referrer": "\"http://semicomplete.com/presentations/logstash-puppetconf-2012/\"",
|
297
|
+
"@timestamp": "2014-08-26T23:41:19.000Z",
|
298
|
+
"response": 404,
|
299
|
+
"bytes": 364,
|
300
|
+
"clientip": "122.166.142.108",
|
301
|
+
"@version": "1",
|
302
|
+
"host": "skywalker",
|
303
|
+
"httpversion": "1.1",
|
304
|
+
"timestamp": "26/Aug/2014:23:41:19 +0000"
|
305
|
+
}
|
306
|
+
}, {
|
307
|
+
"_index": "logstash-2014.08.26",
|
308
|
+
"_type": "logs",
|
309
|
+
"_id": "AVVY77NUAW7v0kX8KX0s",
|
310
|
+
"_score": 1,
|
311
|
+
"_source": {
|
312
|
+
"request": "/projects/xdotool%3E",
|
313
|
+
"agent": "\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
314
|
+
"geoip": {
|
315
|
+
"timezone": "America/Los_Angeles",
|
316
|
+
"ip": "66.249.73.135",
|
317
|
+
"latitude": 37.386,
|
318
|
+
"continent_code": "NA",
|
319
|
+
"city_name": "Mountain View",
|
320
|
+
"country_code2": "US",
|
321
|
+
"country_name": "United States",
|
322
|
+
"dma_code": 807,
|
323
|
+
"country_code3": "US",
|
324
|
+
"region_name": "California",
|
325
|
+
"location": [-122.0838,
|
326
|
+
37.386
|
327
|
+
],
|
328
|
+
"postal_code": "94035",
|
329
|
+
"longitude": -122.0838,
|
330
|
+
"region_code": "CA"
|
331
|
+
},
|
332
|
+
"auth": "-",
|
333
|
+
"ident": "-",
|
334
|
+
"verb": "GET",
|
335
|
+
"useragent": {
|
336
|
+
"os": "Other",
|
337
|
+
"major": "2",
|
338
|
+
"minor": "1",
|
339
|
+
"name": "Googlebot",
|
340
|
+
"os_name": "Other",
|
341
|
+
"device": "Spider"
|
342
|
+
},
|
343
|
+
"message": "66.249.73.135 - - [26/Aug/2014:23:25:32 +0000] \"GET /projects/xdotool%3E HTTP/1.1\" 404 7861 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
344
|
+
"referrer": "\"-\"",
|
345
|
+
"@timestamp": "2014-08-26T23:25:32.000Z",
|
346
|
+
"response": 404,
|
347
|
+
"bytes": 7861,
|
348
|
+
"clientip": "66.249.73.135",
|
349
|
+
"@version": "1",
|
350
|
+
"host": "skywalker",
|
351
|
+
"httpversion": "1.1",
|
352
|
+
"timestamp": "26/Aug/2014:23:25:32 +0000"
|
353
|
+
}
|
354
|
+
}, {
|
355
|
+
"_index": "logstash-2014.08.27",
|
356
|
+
"_type": "logs",
|
357
|
+
"_id": "AVVY77vzAW7v0kX8KX5_",
|
358
|
+
"_score": 1,
|
359
|
+
"_source": {
|
360
|
+
"request": "/wp-login.php?action=register",
|
361
|
+
"agent": "\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0\"",
|
362
|
+
"geoip": {
|
363
|
+
"timezone": "America/Chicago",
|
364
|
+
"ip": "198.143.145.210",
|
365
|
+
"latitude": 41.8825,
|
366
|
+
"continent_code": "NA",
|
367
|
+
"city_name": "Chicago",
|
368
|
+
"country_code2": "US",
|
369
|
+
"country_name": "United States",
|
370
|
+
"dma_code": 602,
|
371
|
+
"country_code3": "US",
|
372
|
+
"region_name": "Illinois",
|
373
|
+
"location": [-87.6441,
|
374
|
+
41.8825
|
375
|
+
],
|
376
|
+
"postal_code": "60661",
|
377
|
+
"longitude": -87.6441,
|
378
|
+
"region_code": "IL"
|
379
|
+
},
|
380
|
+
"auth": "-",
|
381
|
+
"ident": "-",
|
382
|
+
"verb": "GET",
|
383
|
+
"useragent": {
|
384
|
+
"os": "Mac OS X 10.7",
|
385
|
+
"major": "21",
|
386
|
+
"minor": "0",
|
387
|
+
"os_minor": "7",
|
388
|
+
"os_major": "10",
|
389
|
+
"name": "Firefox",
|
390
|
+
"os_name": "Mac OS X",
|
391
|
+
"device": "Other"
|
392
|
+
},
|
393
|
+
"message": "198.143.145.210 - - [27/Aug/2014:01:30:10 +0000] \"GET /wp-login.php?action=register HTTP/1.0\" 404 296 \"http://www.semicomplete.com/misc/sample.log\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:21.0) Gecko/20100101 Firefox/21.0\"",
|
394
|
+
"referrer": "\"http://www.semicomplete.com/misc/sample.log\"",
|
395
|
+
"@timestamp": "2014-08-27T01:30:10.000Z",
|
396
|
+
"response": 404,
|
397
|
+
"bytes": 296,
|
398
|
+
"clientip": "198.143.145.210",
|
399
|
+
"@version": "1",
|
400
|
+
"host": "skywalker",
|
401
|
+
"httpversion": "1.0",
|
402
|
+
"timestamp": "27/Aug/2014:01:30:10 +0000"
|
403
|
+
}
|
404
|
+
}, {
|
405
|
+
"_index": "logstash-2014.08.27",
|
406
|
+
"_type": "logs",
|
407
|
+
"_id": "AVVY77vzAW7v0kX8KX6w",
|
408
|
+
"_score": 1,
|
409
|
+
"_source": {
|
410
|
+
"request": "/projects/securitrack/config.xsl",
|
411
|
+
"agent": "\"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
412
|
+
"geoip": {
|
413
|
+
"timezone": "America/Los_Angeles",
|
414
|
+
"ip": "66.249.73.135",
|
415
|
+
"latitude": 37.386,
|
416
|
+
"continent_code": "NA",
|
417
|
+
"city_name": "Mountain View",
|
418
|
+
"country_code2": "US",
|
419
|
+
"country_name": "United States",
|
420
|
+
"dma_code": 807,
|
421
|
+
"country_code3": "US",
|
422
|
+
"region_name": "California",
|
423
|
+
"location": [-122.0838,
|
424
|
+
37.386
|
425
|
+
],
|
426
|
+
"postal_code": "94035",
|
427
|
+
"longitude": -122.0838,
|
428
|
+
"region_code": "CA"
|
429
|
+
},
|
430
|
+
"auth": "-",
|
431
|
+
"ident": "-",
|
432
|
+
"verb": "GET",
|
433
|
+
"useragent": {
|
434
|
+
"os": "Other",
|
435
|
+
"major": "2",
|
436
|
+
"minor": "1",
|
437
|
+
"name": "Googlebot",
|
438
|
+
"os_name": "Other",
|
439
|
+
"device": "Spider"
|
440
|
+
},
|
441
|
+
"message": "66.249.73.135 - - [27/Aug/2014:01:40:51 +0000] \"GET /projects/securitrack/config.xsl HTTP/1.1\" 404 315 \"-\" \"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)\"",
|
442
|
+
"referrer": "\"-\"",
|
443
|
+
"@timestamp": "2014-08-27T01:40:51.000Z",
|
444
|
+
"response": 404,
|
445
|
+
"bytes": 315,
|
446
|
+
"clientip": "66.249.73.135",
|
447
|
+
"@version": "1",
|
448
|
+
"host": "skywalker",
|
449
|
+
"httpversion": "1.1",
|
450
|
+
"timestamp": "27/Aug/2014:01:40:51 +0000"
|
451
|
+
}
|
452
|
+
}, {
|
453
|
+
"_index": "logstash-2014.08.27",
|
454
|
+
"_type": "logs",
|
455
|
+
"_id": "AVVY78FiAW7v0kX8KYBM",
|
456
|
+
"_score": 1,
|
457
|
+
"_source": {
|
458
|
+
"request": "/files/logstash/logstash-1.3.2-monolithic.jar",
|
459
|
+
"agent": "\"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
460
|
+
"geoip": {
|
461
|
+
"timezone": "America/Los_Angeles",
|
462
|
+
"ip": "208.91.156.11",
|
463
|
+
"latitude": 34.0486,
|
464
|
+
"continent_code": "NA",
|
465
|
+
"city_name": "Los Angeles",
|
466
|
+
"country_code2": "US",
|
467
|
+
"country_name": "United States",
|
468
|
+
"dma_code": 803,
|
469
|
+
"country_code3": "US",
|
470
|
+
"region_name": "California",
|
471
|
+
"location": [-118.4424,
|
472
|
+
34.0486
|
473
|
+
],
|
474
|
+
"postal_code": "90025",
|
475
|
+
"longitude": -118.4424,
|
476
|
+
"region_code": "CA"
|
477
|
+
},
|
478
|
+
"auth": "-",
|
479
|
+
"ident": "-",
|
480
|
+
"verb": "GET",
|
481
|
+
"useragent": {
|
482
|
+
"os": "Other",
|
483
|
+
"name": "Other",
|
484
|
+
"os_name": "Other",
|
485
|
+
"device": "Other"
|
486
|
+
},
|
487
|
+
"message": "208.91.156.11 - - [27/Aug/2014:02:44:04 +0000] \"GET /files/logstash/logstash-1.3.2-monolithic.jar HTTP/1.1\" 404 324 \"-\" \"Chef Client/10.18.2 (ruby-1.9.3-p327; ohai-6.16.0; x86_64-linux; +http://opscode.com)\"",
|
488
|
+
"referrer": "\"-\"",
|
489
|
+
"@timestamp": "2014-08-27T02:44:04.000Z",
|
490
|
+
"response": 404,
|
491
|
+
"bytes": 324,
|
492
|
+
"clientip": "208.91.156.11",
|
493
|
+
"@version": "1",
|
494
|
+
"host": "skywalker",
|
495
|
+
"httpversion": "1.1",
|
496
|
+
"timestamp": "27/Aug/2014:02:44:04 +0000"
|
497
|
+
}
|
498
|
+
}]
|
499
|
+
}
|
500
|
+
}
|
@@ -0,0 +1,61 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash/devutils/rspec/spec_helper"
|
3
|
+
require "logstash/plugin"
|
4
|
+
require "logstash/filters/opensearch"
|
5
|
+
require_relative "../../../spec/opensearch_helper"
|
6
|
+
|
7
|
+
describe LogStash::Filters::OpenSearch, :integration => true do
|
8
|
+
|
9
|
+
|
10
|
+
let(:config) do
|
11
|
+
{
|
12
|
+
"index" => 'logs',
|
13
|
+
"hosts" => [OpenSearchHelper.get_host_port],
|
14
|
+
"query" => "response: 404",
|
15
|
+
"sort" => "response",
|
16
|
+
"fields" => [ ["response", "code"] ],
|
17
|
+
}
|
18
|
+
end
|
19
|
+
let(:plugin) { described_class.new(config) }
|
20
|
+
let(:event) { LogStash::Event.new({}) }
|
21
|
+
|
22
|
+
before(:each) do
|
23
|
+
@opensearch = OpenSearchHelper.get_client
|
24
|
+
# Delete all templates first.
|
25
|
+
# Clean ES of data before we start.
|
26
|
+
@opensearch.indices.delete_template(:name => "*")
|
27
|
+
# This can fail if there are no indexes, ignore failure.
|
28
|
+
@opensearch.indices.delete(:index => "*") rescue nil
|
29
|
+
10.times do
|
30
|
+
OpenSearchHelper.index_doc(@opensearch, :index => 'logs', :body => { :response => 404, :this => 'that'})
|
31
|
+
end
|
32
|
+
@opensearch.indices.refresh
|
33
|
+
|
34
|
+
plugin.register
|
35
|
+
end
|
36
|
+
|
37
|
+
it "should enhance the current event with new data" do
|
38
|
+
plugin.filter(event)
|
39
|
+
expect(event.get('code')).to eq(404)
|
40
|
+
end
|
41
|
+
|
42
|
+
context "when retrieving a list of elements" do
|
43
|
+
|
44
|
+
let(:config) do
|
45
|
+
{
|
46
|
+
"index" => 'logs',
|
47
|
+
"hosts" => [OpenSearchHelper.get_host_port],
|
48
|
+
"query" => "response: 404",
|
49
|
+
"fields" => [ ["response", "code"] ],
|
50
|
+
"sort" => "response",
|
51
|
+
"result_size" => 10
|
52
|
+
}
|
53
|
+
end
|
54
|
+
|
55
|
+
it "should enhance the current event with new data" do
|
56
|
+
plugin.filter(event)
|
57
|
+
expect(event.get("code")).to eq([404]*10)
|
58
|
+
end
|
59
|
+
|
60
|
+
end
|
61
|
+
end
|