logstash-filter-opensearch-manticore 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/CHANGELOG.md +2 -0
- data/CONTRIBUTORS +17 -0
- data/Gemfile +11 -0
- data/LICENSE +202 -0
- data/NOTICE.TXT +5 -0
- data/README.md +98 -0
- data/docs/index.asciidoc +336 -0
- data/lib/logstash/filters/opensearch/patches/_opensearch_transport_connections_selector.rb +52 -0
- data/lib/logstash/filters/opensearch/patches/_opensearch_transport_http_manticore.rb +44 -0
- data/lib/logstash/filters/opensearch.rb +281 -0
- data/logstash-filter-opensearch-manticore.gemspec +29 -0
- data/spec/filters/fixtures/opensearch_7.x_hits_total_as_object.json +70 -0
- data/spec/filters/fixtures/query_template.json +7 -0
- data/spec/filters/fixtures/query_template_unicode.json +7 -0
- data/spec/filters/fixtures/request_error.json +25 -0
- data/spec/filters/fixtures/request_size0_agg.json +19 -0
- data/spec/filters/fixtures/request_x_1.json +67 -0
- data/spec/filters/fixtures/request_x_10.json +500 -0
- data/spec/filters/integration/opensearch_spec.rb +61 -0
- data/spec/filters/opensearch_spec.rb +431 -0
- data/spec/opensearch_helper.rb +43 -0
- metadata +139 -0
@@ -0,0 +1,431 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "logstash/devutils/rspec/spec_helper"
|
3
|
+
require "logstash/plugin"
|
4
|
+
require "logstash/filters/opensearch"
|
5
|
+
require "logstash/json"
|
6
|
+
|
7
|
+
describe LogStash::Filters::OpenSearch do
|
8
|
+
|
9
|
+
context "registration" do
|
10
|
+
|
11
|
+
let(:plugin) { LogStash::Plugin.lookup("filter", "opensearch").new({}) }
|
12
|
+
before do
|
13
|
+
allow(plugin).to receive(:test_connection!)
|
14
|
+
end
|
15
|
+
|
16
|
+
it "should not raise an exception" do
|
17
|
+
expect {plugin.register}.to_not raise_error
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
describe "data fetch" do
|
22
|
+
let(:config) do
|
23
|
+
{
|
24
|
+
"hosts" => ["localhost:9200"],
|
25
|
+
"query" => "response: 404",
|
26
|
+
"fields" => { "response" => "code" },
|
27
|
+
"docinfo_fields" => { "_index" => "opensearch_index" },
|
28
|
+
"aggregation_fields" => { "bytes_avg" => "bytes_avg_ls_field" }
|
29
|
+
}
|
30
|
+
end
|
31
|
+
let(:plugin) { described_class.new(config) }
|
32
|
+
let(:event) { LogStash::Event.new({}) }
|
33
|
+
|
34
|
+
let(:response) do
|
35
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_x_1.json")))
|
36
|
+
end
|
37
|
+
|
38
|
+
let(:client) { double(:client) }
|
39
|
+
|
40
|
+
before(:each) do
|
41
|
+
allow(LogStash::Filters::OpenSearchClient).to receive(:new).and_return(client)
|
42
|
+
allow(client).to receive(:search).and_return(response)
|
43
|
+
allow(plugin).to receive(:test_connection!)
|
44
|
+
plugin.register
|
45
|
+
end
|
46
|
+
|
47
|
+
after(:each) do
|
48
|
+
Thread.current[:filter_opensearch_client] = nil
|
49
|
+
end
|
50
|
+
|
51
|
+
# Since the OpenSearch Ruby client is not thread safe
|
52
|
+
# and under high load we can get error with the connection pool
|
53
|
+
# we have decided to create a new instance per worker thread which
|
54
|
+
# will be lazy created on the first call to `#filter`
|
55
|
+
#
|
56
|
+
# I am adding a simple test case for future changes
|
57
|
+
it "uses a different connection object per thread wait" do
|
58
|
+
expect(plugin.clients_pool.size).to eq(0)
|
59
|
+
|
60
|
+
Thread.new { plugin.filter(event) }.join
|
61
|
+
Thread.new { plugin.filter(event) }.join
|
62
|
+
|
63
|
+
expect(plugin.clients_pool.size).to eq(2)
|
64
|
+
end
|
65
|
+
|
66
|
+
it "should enhance the current event with new data" do
|
67
|
+
plugin.filter(event)
|
68
|
+
expect(event.get("code")).to eq(404)
|
69
|
+
expect(event.get("opensearch_index")).to eq("logstash-2014.08.26")
|
70
|
+
expect(event.get("bytes_avg_ls_field")["value"]).to eq(294)
|
71
|
+
end
|
72
|
+
|
73
|
+
it "should receive all necessary params to perform the search" do
|
74
|
+
expect(client).to receive(:search).with({:q=>"response: 404", :size=>1, :index=>"", :sort=>"@timestamp:desc"})
|
75
|
+
plugin.filter(event)
|
76
|
+
end
|
77
|
+
|
78
|
+
context "when asking to hit specific index" do
|
79
|
+
|
80
|
+
let(:config) do
|
81
|
+
{
|
82
|
+
"index" => "foo*",
|
83
|
+
"hosts" => ["localhost:9200"],
|
84
|
+
"query" => "response: 404",
|
85
|
+
"fields" => { "response" => "code" }
|
86
|
+
}
|
87
|
+
end
|
88
|
+
|
89
|
+
it "should receive all necessary params to perform the search" do
|
90
|
+
expect(client).to receive(:search).with({:q=>"response: 404", :size=>1, :index=>"foo*", :sort=>"@timestamp:desc"})
|
91
|
+
plugin.filter(event)
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
context "when asking for more than one result" do
|
96
|
+
|
97
|
+
let(:config) do
|
98
|
+
{
|
99
|
+
"hosts" => ["localhost:9200"],
|
100
|
+
"query" => "response: 404",
|
101
|
+
"fields" => { "response" => "code" },
|
102
|
+
"result_size" => 10
|
103
|
+
}
|
104
|
+
end
|
105
|
+
|
106
|
+
let(:response) do
|
107
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_x_10.json")))
|
108
|
+
end
|
109
|
+
|
110
|
+
it "should enhance the current event with new data" do
|
111
|
+
plugin.filter(event)
|
112
|
+
expect(event.get("code")).to eq([404]*10)
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
116
|
+
context 'when OpenSearch 7.x gives us a totals object instead of an integer' do
|
117
|
+
let(:config) do
|
118
|
+
{
|
119
|
+
"hosts" => ["localhost:9200"],
|
120
|
+
"query" => "response: 404",
|
121
|
+
"fields" => { "response" => "code" },
|
122
|
+
"result_size" => 10
|
123
|
+
}
|
124
|
+
end
|
125
|
+
|
126
|
+
let(:response) do
|
127
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "opensearch_7.x_hits_total_as_object.json")))
|
128
|
+
end
|
129
|
+
|
130
|
+
it "should enhance the current event with new data" do
|
131
|
+
plugin.filter(event)
|
132
|
+
expect(event.get("[@metadata][total_hits]")).to eq(13476)
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
136
|
+
context "if something wrong happen during connection" do
|
137
|
+
|
138
|
+
before(:each) do
|
139
|
+
allow(LogStash::Filters::OpenSearchClient).to receive(:new).and_return(client)
|
140
|
+
allow(client).to receive(:search).and_raise("connection exception")
|
141
|
+
plugin.register
|
142
|
+
end
|
143
|
+
|
144
|
+
it "tag the event as something happened, but still deliver it" do
|
145
|
+
expect(plugin.logger).to receive(:warn)
|
146
|
+
plugin.filter(event)
|
147
|
+
expect(event.to_hash["tags"]).to include("_opensearch_lookup_failure")
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
# Tagging test for positive results
|
152
|
+
context "Tagging should occur if query returns results" do
|
153
|
+
let(:config) do
|
154
|
+
{
|
155
|
+
"index" => "foo*",
|
156
|
+
"hosts" => ["localhost:9200"],
|
157
|
+
"query" => "response: 404",
|
158
|
+
"add_tag" => ["tagged"]
|
159
|
+
}
|
160
|
+
end
|
161
|
+
|
162
|
+
let(:response) do
|
163
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_x_10.json")))
|
164
|
+
end
|
165
|
+
|
166
|
+
it "should tag the current event if results returned" do
|
167
|
+
plugin.filter(event)
|
168
|
+
expect(event.to_hash["tags"]).to include("tagged")
|
169
|
+
end
|
170
|
+
end
|
171
|
+
|
172
|
+
context "an aggregation search with size 0 that matches" do
|
173
|
+
let(:config) do
|
174
|
+
{
|
175
|
+
"index" => "foo*",
|
176
|
+
"hosts" => ["localhost:9200"],
|
177
|
+
"query" => "response: 404",
|
178
|
+
"add_tag" => ["tagged"],
|
179
|
+
"result_size" => 0,
|
180
|
+
"aggregation_fields" => { "bytes_avg" => "bytes_avg_ls_field" }
|
181
|
+
}
|
182
|
+
end
|
183
|
+
|
184
|
+
let(:response) do
|
185
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_size0_agg.json")))
|
186
|
+
end
|
187
|
+
|
188
|
+
it "should tag the current event" do
|
189
|
+
plugin.filter(event)
|
190
|
+
expect(event.get("tags")).to include("tagged")
|
191
|
+
expect(event.get("bytes_avg_ls_field")["value"]).to eq(294)
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
# Tagging test for negative results
|
196
|
+
context "Tagging should not occur if query has no results" do
|
197
|
+
let(:config) do
|
198
|
+
{
|
199
|
+
"index" => "foo*",
|
200
|
+
"hosts" => ["localhost:9200"],
|
201
|
+
"query" => "response: 404",
|
202
|
+
"add_tag" => ["tagged"]
|
203
|
+
}
|
204
|
+
end
|
205
|
+
|
206
|
+
let(:response) do
|
207
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_error.json")))
|
208
|
+
end
|
209
|
+
|
210
|
+
it "should not tag the current event" do
|
211
|
+
plugin.filter(event)
|
212
|
+
expect(event.to_hash["tags"]).to_not include("tagged")
|
213
|
+
end
|
214
|
+
end
|
215
|
+
context "testing a simple query template" do
|
216
|
+
let(:config) do
|
217
|
+
{
|
218
|
+
"hosts" => ["localhost:9200"],
|
219
|
+
"query_template" => File.join(File.dirname(__FILE__), "fixtures", "query_template.json"),
|
220
|
+
"fields" => { "response" => "code" },
|
221
|
+
"result_size" => 1
|
222
|
+
}
|
223
|
+
end
|
224
|
+
|
225
|
+
let(:response) do
|
226
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_x_1.json")))
|
227
|
+
end
|
228
|
+
|
229
|
+
it "should enhance the current event with new data" do
|
230
|
+
plugin.filter(event)
|
231
|
+
expect(event.get("code")).to eq(404)
|
232
|
+
end
|
233
|
+
|
234
|
+
end
|
235
|
+
|
236
|
+
context "testing a simple index substitution" do
|
237
|
+
let(:event) {
|
238
|
+
LogStash::Event.new(
|
239
|
+
{
|
240
|
+
"subst_field" => "subst_value"
|
241
|
+
}
|
242
|
+
)
|
243
|
+
}
|
244
|
+
let(:config) do
|
245
|
+
{
|
246
|
+
"index" => "foo_%{subst_field}*",
|
247
|
+
"hosts" => ["localhost:9200"],
|
248
|
+
"query" => "response: 404",
|
249
|
+
"fields" => { "response" => "code" }
|
250
|
+
}
|
251
|
+
end
|
252
|
+
|
253
|
+
it "should receive substituted index name" do
|
254
|
+
expect(client).to receive(:search).with({:q => "response: 404", :size => 1, :index => "foo_subst_value*", :sort => "@timestamp:desc"})
|
255
|
+
plugin.filter(event)
|
256
|
+
end
|
257
|
+
end
|
258
|
+
|
259
|
+
context "if query result errored but no exception is thrown" do
|
260
|
+
let(:response) do
|
261
|
+
LogStash::Json.load(File.read(File.join(File.dirname(__FILE__), "fixtures", "request_error.json")))
|
262
|
+
end
|
263
|
+
|
264
|
+
before(:each) do
|
265
|
+
allow(LogStash::Filters::OpenSearchClient).to receive(:new).and_return(client)
|
266
|
+
allow(client).to receive(:search).and_return(response)
|
267
|
+
plugin.register
|
268
|
+
end
|
269
|
+
|
270
|
+
it "tag the event as something happened, but still deliver it" do
|
271
|
+
expect(plugin.logger).to receive(:warn)
|
272
|
+
plugin.filter(event)
|
273
|
+
expect(event.to_hash["tags"]).to include("_opensearch_lookup_failure")
|
274
|
+
end
|
275
|
+
end
|
276
|
+
|
277
|
+
context "if query is on nested field" do
|
278
|
+
let(:config) do
|
279
|
+
{
|
280
|
+
"hosts" => ["localhost:9200"],
|
281
|
+
"query" => "response: 404",
|
282
|
+
"fields" => [ ["[geoip][ip]", "ip_address"] ]
|
283
|
+
}
|
284
|
+
end
|
285
|
+
|
286
|
+
it "should enhance the current event with new data" do
|
287
|
+
plugin.filter(event)
|
288
|
+
expect(event.get("ip_address")).to eq("66.249.73.185")
|
289
|
+
end
|
290
|
+
|
291
|
+
end
|
292
|
+
end
|
293
|
+
|
294
|
+
describe "client" do
|
295
|
+
let(:config) do
|
296
|
+
{
|
297
|
+
"query" => "response: unknown"
|
298
|
+
}
|
299
|
+
end
|
300
|
+
let(:plugin) { described_class.new(config) }
|
301
|
+
let(:event) { LogStash::Event.new({}) }
|
302
|
+
|
303
|
+
before(:each) do
|
304
|
+
allow(plugin).to receive(:test_connection!)
|
305
|
+
end
|
306
|
+
|
307
|
+
after(:each) do
|
308
|
+
Thread.current[:filter_opensearch_client] = nil
|
309
|
+
end
|
310
|
+
|
311
|
+
describe "cloud.id" do
|
312
|
+
let(:valid_cloud_id) do
|
313
|
+
'sample:dXMtY2VudHJhbDEuZ2NwLmNsb3VkLmVzLmlvJGFjMzFlYmI5MDI0MTc3MzE1NzA0M2MzNGZkMjZmZDQ2OjkyNDMkYTRjMDYyMzBlNDhjOGZjZTdiZTg4YTA3NGEzYmIzZTA6OTI0NA=='
|
314
|
+
end
|
315
|
+
|
316
|
+
let(:config) { super.merge({ 'cloud_id' => valid_cloud_id }) }
|
317
|
+
|
318
|
+
it "should set host(s)" do
|
319
|
+
plugin.register
|
320
|
+
client = plugin.send(:get_client).client
|
321
|
+
expect( client.transport.hosts ).to eql [{
|
322
|
+
:scheme => "https",
|
323
|
+
:host => "ac31ebb90241773157043c34fd26fd46.us-central1.gcp.cloud.es.io",
|
324
|
+
:port => 9243,
|
325
|
+
:path => "",
|
326
|
+
:protocol => "https"
|
327
|
+
}]
|
328
|
+
end
|
329
|
+
|
330
|
+
context 'invalid' do
|
331
|
+
let(:config) { super.merge({ 'cloud_id' => 'invalid:dXMtY2VudHJhbDEuZ2NwLmNsb3VkLmVzLmlv' }) }
|
332
|
+
|
333
|
+
it "should fail" do
|
334
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /cloud_id.*? is invalid/
|
335
|
+
end
|
336
|
+
end
|
337
|
+
|
338
|
+
context 'hosts also set' do
|
339
|
+
let(:config) { super.merge({ 'cloud_id' => valid_cloud_id, 'hosts' => [ 'localhost:9200' ] }) }
|
340
|
+
|
341
|
+
it "should fail" do
|
342
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /cloud_id and hosts/
|
343
|
+
end
|
344
|
+
end
|
345
|
+
end if LOGSTASH_VERSION > '6.0'
|
346
|
+
|
347
|
+
describe "cloud.auth" do
|
348
|
+
let(:config) { super.merge({ 'cloud_auth' => LogStash::Util::Password.new('elastic:my-passwd-00') }) }
|
349
|
+
|
350
|
+
it "should set authorization" do
|
351
|
+
plugin.register
|
352
|
+
client = plugin.send(:get_client).client
|
353
|
+
auth_header = client.transport.options[:transport_options][:headers][:Authorization]
|
354
|
+
|
355
|
+
expect( auth_header ).to eql "Basic #{Base64.encode64('elastic:my-passwd-00').rstrip}"
|
356
|
+
end
|
357
|
+
|
358
|
+
context 'invalid' do
|
359
|
+
let(:config) { super.merge({ 'cloud_auth' => 'invalid-format' }) }
|
360
|
+
|
361
|
+
it "should fail" do
|
362
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /cloud_auth.*? format/
|
363
|
+
end
|
364
|
+
end
|
365
|
+
|
366
|
+
context 'user also set' do
|
367
|
+
let(:config) { super.merge({ 'cloud_auth' => 'elastic:my-passwd-00', 'user' => 'another' }) }
|
368
|
+
|
369
|
+
it "should fail" do
|
370
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|
371
|
+
end
|
372
|
+
end
|
373
|
+
end if LOGSTASH_VERSION > '6.0'
|
374
|
+
|
375
|
+
describe "api_key" do
|
376
|
+
context "without ssl" do
|
377
|
+
let(:config) { super.merge({ 'api_key' => LogStash::Util::Password.new('foo:bar') }) }
|
378
|
+
|
379
|
+
it "should fail" do
|
380
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /api_key authentication requires SSL\/TLS/
|
381
|
+
end
|
382
|
+
end
|
383
|
+
|
384
|
+
context "with ssl" do
|
385
|
+
let(:config) { super.merge({ 'api_key' => LogStash::Util::Password.new('foo:bar'), "ssl" => true }) }
|
386
|
+
|
387
|
+
it "should set authorization" do
|
388
|
+
plugin.register
|
389
|
+
client = plugin.send(:get_client).client
|
390
|
+
auth_header = client.transport.options[:transport_options][:headers][:Authorization]
|
391
|
+
|
392
|
+
expect( auth_header ).to eql "ApiKey #{Base64.strict_encode64('foo:bar')}"
|
393
|
+
end
|
394
|
+
|
395
|
+
context 'user also set' do
|
396
|
+
let(:config) { super.merge({ 'api_key' => 'foo:bar', 'user' => 'another' }) }
|
397
|
+
|
398
|
+
it "should fail" do
|
399
|
+
expect { plugin.register }.to raise_error LogStash::ConfigurationError, /Multiple authentication options are specified/
|
400
|
+
end
|
401
|
+
end
|
402
|
+
end
|
403
|
+
end if LOGSTASH_VERSION > '6.0'
|
404
|
+
end
|
405
|
+
|
406
|
+
describe "query template" do
|
407
|
+
let(:config) do
|
408
|
+
{
|
409
|
+
"query_template" => File.join(File.dirname(__FILE__), "fixtures", "query_template_unicode.json"),
|
410
|
+
}
|
411
|
+
end
|
412
|
+
|
413
|
+
let(:plugin) { described_class.new(config) }
|
414
|
+
|
415
|
+
let(:client) { double(:client) }
|
416
|
+
|
417
|
+
before(:each) do
|
418
|
+
allow(LogStash::Filters::OpenSearchClient).to receive(:new).and_return(client)
|
419
|
+
allow(plugin).to receive(:test_connection!)
|
420
|
+
plugin.register
|
421
|
+
end
|
422
|
+
|
423
|
+
it "should read and send non-ascii query" do
|
424
|
+
expect(client).to receive(:search).with(
|
425
|
+
:body => { "query" => { "terms" => { "lock" => [ "잠금", "uzávěr" ] } } },
|
426
|
+
:index => "")
|
427
|
+
|
428
|
+
plugin.filter(LogStash::Event.new)
|
429
|
+
end
|
430
|
+
end
|
431
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
module OpenSearchHelper
|
2
|
+
def self.get_host_port
|
3
|
+
if ENV["INTEGRATION"] == "true"
|
4
|
+
"opensearch:9200"
|
5
|
+
else
|
6
|
+
"localhost:9200"
|
7
|
+
end
|
8
|
+
end
|
9
|
+
|
10
|
+
def self.get_client
|
11
|
+
OpenSearch::Client.new(:hosts => [get_host_port])
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.doc_type
|
15
|
+
if OpenSearchHelper.opensearch_version_satisfies?(">=8")
|
16
|
+
nil
|
17
|
+
elsif OpenSearchHelper.opensearch_version_satisfies?(">=7")
|
18
|
+
"_doc"
|
19
|
+
else
|
20
|
+
"doc"
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def self.index_doc(opensearch, params)
|
25
|
+
type = doc_type
|
26
|
+
params[:type] = doc_type unless type.nil?
|
27
|
+
opensearch.index(params)
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.opensearch_version
|
31
|
+
ENV['OPENSEARCH_VERSION']
|
32
|
+
end
|
33
|
+
|
34
|
+
def self.opensearch_version_satisfies?(*requirement)
|
35
|
+
opensearch_version = RSpec.configuration.filter[:opensearch_version] || ENV['OPENSEARCH_VERSION']
|
36
|
+
if opensearch_version.nil?
|
37
|
+
puts "Info: OPENSEARCH_VERSION or 'opensearch_version' tag wasn't set. Returning false to all `opensearch_version_satisfies?` call."
|
38
|
+
return false
|
39
|
+
end
|
40
|
+
opensearch_release_version = Gem::Version.new(opensearch_version).release
|
41
|
+
Gem::Requirement.new(requirement).satisfied_by?(opensearch_release_version)
|
42
|
+
end
|
43
|
+
end
|
metadata
ADDED
@@ -0,0 +1,139 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: logstash-filter-opensearch-manticore
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Anton Klyba
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2023-05-15 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: logstash-core-plugin-api
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ">="
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.60'
|
20
|
+
- - "<="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: '2.99'
|
23
|
+
type: :runtime
|
24
|
+
prerelease: false
|
25
|
+
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.60'
|
30
|
+
- - "<="
|
31
|
+
- !ruby/object:Gem::Version
|
32
|
+
version: '2.99'
|
33
|
+
- !ruby/object:Gem::Dependency
|
34
|
+
name: opensearch-ruby
|
35
|
+
requirement: !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
version: '0'
|
40
|
+
type: :runtime
|
41
|
+
prerelease: false
|
42
|
+
version_requirements: !ruby/object:Gem::Requirement
|
43
|
+
requirements:
|
44
|
+
- - ">="
|
45
|
+
- !ruby/object:Gem::Version
|
46
|
+
version: '0'
|
47
|
+
- !ruby/object:Gem::Dependency
|
48
|
+
name: manticore
|
49
|
+
requirement: !ruby/object:Gem::Requirement
|
50
|
+
requirements:
|
51
|
+
- - "~>"
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: '0.6'
|
54
|
+
type: :runtime
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0.6'
|
61
|
+
- !ruby/object:Gem::Dependency
|
62
|
+
name: logstash-devutils
|
63
|
+
requirement: !ruby/object:Gem::Requirement
|
64
|
+
requirements:
|
65
|
+
- - ">="
|
66
|
+
- !ruby/object:Gem::Version
|
67
|
+
version: '0'
|
68
|
+
type: :development
|
69
|
+
prerelease: false
|
70
|
+
version_requirements: !ruby/object:Gem::Requirement
|
71
|
+
requirements:
|
72
|
+
- - ">="
|
73
|
+
- !ruby/object:Gem::Version
|
74
|
+
version: '0'
|
75
|
+
description: This gem is a Logstash plugin required to be installed on top of the
|
76
|
+
Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
|
77
|
+
gem is not a stand-alone program
|
78
|
+
email: anarhyst266@gmail.com
|
79
|
+
executables: []
|
80
|
+
extensions: []
|
81
|
+
extra_rdoc_files: []
|
82
|
+
files:
|
83
|
+
- CHANGELOG.md
|
84
|
+
- CONTRIBUTORS
|
85
|
+
- Gemfile
|
86
|
+
- LICENSE
|
87
|
+
- NOTICE.TXT
|
88
|
+
- README.md
|
89
|
+
- docs/index.asciidoc
|
90
|
+
- lib/logstash/filters/opensearch.rb
|
91
|
+
- lib/logstash/filters/opensearch/patches/_opensearch_transport_connections_selector.rb
|
92
|
+
- lib/logstash/filters/opensearch/patches/_opensearch_transport_http_manticore.rb
|
93
|
+
- logstash-filter-opensearch-manticore.gemspec
|
94
|
+
- spec/filters/fixtures/opensearch_7.x_hits_total_as_object.json
|
95
|
+
- spec/filters/fixtures/query_template.json
|
96
|
+
- spec/filters/fixtures/query_template_unicode.json
|
97
|
+
- spec/filters/fixtures/request_error.json
|
98
|
+
- spec/filters/fixtures/request_size0_agg.json
|
99
|
+
- spec/filters/fixtures/request_x_1.json
|
100
|
+
- spec/filters/fixtures/request_x_10.json
|
101
|
+
- spec/filters/integration/opensearch_spec.rb
|
102
|
+
- spec/filters/opensearch_spec.rb
|
103
|
+
- spec/opensearch_helper.rb
|
104
|
+
homepage: https://github.com/Anarhyst266/logstash-filter-opensearch-manticore
|
105
|
+
licenses:
|
106
|
+
- Apache License (2.0)
|
107
|
+
metadata:
|
108
|
+
logstash_plugin: 'true'
|
109
|
+
logstash_group: filter
|
110
|
+
post_install_message:
|
111
|
+
rdoc_options: []
|
112
|
+
require_paths:
|
113
|
+
- lib
|
114
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
115
|
+
requirements:
|
116
|
+
- - ">="
|
117
|
+
- !ruby/object:Gem::Version
|
118
|
+
version: '0'
|
119
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
120
|
+
requirements:
|
121
|
+
- - ">="
|
122
|
+
- !ruby/object:Gem::Version
|
123
|
+
version: '0'
|
124
|
+
requirements: []
|
125
|
+
rubygems_version: 3.0.3.1
|
126
|
+
signing_key:
|
127
|
+
specification_version: 4
|
128
|
+
summary: Copies fields from previous log events in OpenSearch to current events
|
129
|
+
test_files:
|
130
|
+
- spec/filters/fixtures/opensearch_7.x_hits_total_as_object.json
|
131
|
+
- spec/filters/fixtures/query_template.json
|
132
|
+
- spec/filters/fixtures/query_template_unicode.json
|
133
|
+
- spec/filters/fixtures/request_error.json
|
134
|
+
- spec/filters/fixtures/request_size0_agg.json
|
135
|
+
- spec/filters/fixtures/request_x_1.json
|
136
|
+
- spec/filters/fixtures/request_x_10.json
|
137
|
+
- spec/filters/integration/opensearch_spec.rb
|
138
|
+
- spec/filters/opensearch_spec.rb
|
139
|
+
- spec/opensearch_helper.rb
|