logstash-filter-range 3.0.0-java

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a85a9c8c75a462fa30ba0bb41b2013d5c49f2a0d
+  data.tar.gz: aa692005e83af7745461bb17212598bfd7fe4fc2
+SHA512:
+  metadata.gz: fe599119d01d1a33e1342ca01741c6585c86145930743f1da24d83ec715a26c16c00a978c0739ea8addf4e4c7eb69fa1a12acc72497667f76485abc247a6928c
+  data.tar.gz: 39c70678585bdeef28b7a84753760a0e398d9722845d6a8e5a9028ce2c34756ea151971105a7172a97e99c329b5b7347b1c0253cd744697187bb107621e41ab0

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+## 3.0.0
+ - breaking: Updated plugin to use new Java Event APIs
+
+## 2.0.4
+ - internal,deps: Depend on logstash-core-plugin-api instead of logstash-core, removing the need to mass update plugins on major releases of logstash
+
+## 2.0.3
+ - internal,deps: New dependency requirements for logstash-core for the 5.0 release
+
+## 2.0.0
+ - internal: Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully, 
+   instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
+ - internal,deps: Dependency on logstash-core update to 2.0
+

data/CONTRIBUTORS

@@ -0,0 +1,17 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+* Aaron Mildenstein (untergeek)
+* Danny Berger (dpb587)
+* Jordan Sissel (jordansissel)
+* Nick Ethier (nickethier)
+* Pier-Hugues Pellerin (ph)
+* Richard Pijnenburg (electrical)
+* Suyog Rao (suyograo)
+* piavlo
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012–2016 Elasticsearch <http://www.elastic.co>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/NOTICE.TXT

@@ -0,0 +1,5 @@
+Elasticsearch
+Copyright 2012-2015 Elasticsearch
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

data/README.md

@@ -0,0 +1,98 @@
+# Logstash Plugin
+
+[![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-range.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-range)
+
+This is a plugin for [Logstash](https://github.com/elastic/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+# Logstash 2.3 and higher
+bin/logstash-plugin install --no-verify
+
+# Prior to Logstash 2.3
+bin/plugin install --no-verify
+
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/filters/range.rb

@@ -0,0 +1,140 @@
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+
+
+# This filter is used to check that certain fields are within expected size/length ranges.
+# Supported types are numbers and strings.
+# Numbers are checked to be within numeric value range.
+# Strings are checked to be within string length range.
+# More than one range can be specified for same fieldname, actions will be applied incrementally.
+# When field value is within a specified range an action will be taken.
+# Supported actions are drop event, add tag, or add field with specified value.
+#
+# Example use cases are for histogram-like tagging of events
+# or for finding anomaly values in fields or too big events that should be dropped.
+
+class LogStash::Filters::Range < LogStash::Filters::Base
+  config_name "range"
+
+  # An array of field, min, max, action tuples.
+  # Example:
+  # [source,ruby]
+  #     filter {
+  #       %PLUGIN% {
+  #         ranges => [ "message", 0, 10, "tag:short",
+  #                     "message", 11, 100, "tag:medium",
+  #                     "message", 101, 1000, "tag:long",
+  #                     "message", 1001, 1e1000, "drop",
+  #                     "duration", 0, 100, "field:latency:fast",
+  #                     "duration", 101, 200, "field:latency:normal",
+  #                     "duration", 201, 1000, "field:latency:slow",
+  #                     "duration", 1001, 1e1000, "field:latency:outlier",
+  #                     "requests", 0, 10, "tag:too_few_%{host}_requests" ]
+  #       }
+  #     }
+  #
+  # Supported actions are drop tag or field with specified value.
+  # Added tag names and field names and field values can have `%{dynamic}` values.
+  #
+  config :ranges, :validate => :array, :default => []
+
+  # Negate the range match logic, events should be outsize of the specified range to match.
+  config :negate, :validate => :boolean, :default => false
+
+  public
+  def register
+    if @ranges.length % 4 != 0
+      raise "#{self.class.name}: ranges array should consist of 4 field tuples (field,min,max,action)"
+    end
+  
+    @range_tuples = {}
+
+    while !@ranges.empty?
+      fieldname, min, max, action = @ranges.shift(4)
+      
+      raise "#{self.class.name}: range field name value should be a string" if !fieldname.is_a?(String)
+      raise "#{self.class.name}: range min value should be a number" if !min.is_a?(Integer) and !min.is_a?(Float)
+      raise "#{self.class.name}: range max value should be a number" if !max.is_a?(Integer) and !max.is_a?(Float)
+      raise "#{self.class.name}: range action value should be a string" if !action.is_a?(String)
+      
+      action = action.split(':')
+      
+      case action.first
+      when "drop"
+        raise "#{self.class.name}: drop action does not accept any parameters" unless action.length == 1
+        action = { :name => :drop }
+      when "tag"
+        raise "#{self.class.name}: tag action accepts exactly one arg which is a tag name" unless action.length == 2
+        action = { :name => :add_tag, :tag => action.last }
+      when "field"
+        raise "#{self.class.name}: field action accepts exactly 2 args which are a field name and field value" unless action.length == 3
+        if action.last == action.last.to_i.to_s
+          value = action.last.to_i
+        elsif action.last == action.last.to_f.to_s
+          value = action.last.to_f
+        else
+          value = action.last
+        end
+        action = { :name => :add_field, :field => action[1], :value => value }
+      else
+        raise "#{self.class.name}: unsupported action #{action}"
+      end
+      
+      @range_tuples[fieldname] ||= []
+      @range_tuples[fieldname] << { :min => min, :max => max, :action => action }
+    end
+  end # def register
+
+ 
+  public
+  def filter(event)
+    
+
+    @range_tuples.each_key do |fieldname|
+      if event.include?(fieldname)
+        @range_tuples[fieldname].each do |range|
+          matched = false
+        
+          field = event.get(fieldname)
+          case field
+          when Integer
+            matched = field.between?(range[:min], range[:max])
+          when Float
+            matched = field.between?(range[:min], range[:max])
+          when String
+            matched = field.length.between?(range[:min], range[:max])
+          else
+            @logger.warn("#{self.class.name}: action field value has unsupported type")
+          end
+
+          matched = !matched if @negate
+          next unless matched
+        
+          case range[:action][:name]
+          when :drop
+            @logger.debug? and @logger.debug("#{self.class.name}: dropping event due to range match", :event => event)
+            event.cancel
+            return
+          when :add_tag
+            @logger.debug? and @logger.debug("#{self.class.name}: adding tag due to range match",
+                                             :event => event, :tag => range[:action][:tag] )
+            event.tag(event.sprintf(range[:action][:tag]))
+          when :add_field
+            @logger.debug? and @logger.debug("#{self.class.name}: adding field due to range match",
+                                              :event => event, :field => range[:action][:field], :value => range[:action][:value])
+            new_field = event.sprintf(range[:action][:field])
+            if event.get(new_field)
+              event.set(new_field, [event.get(new_field)]) if !event.get(new_field).is_a?(Array)
+              event.set(new_field, event.get(new_field) << event.sprintf(range[:action][:value]))
+            else
+              event.set(new_field, range[:action][:value].is_a?(String) ? event.sprintf(range[:action][:value]) : range[:action][:value])
+            end
+          end
+        end
+      end
+    end
+    
+    filter_matched(event)
+  end # def filter
+end # class LogStash::Filters::Range

data/logstash-filter-range.gemspec

@@ -0,0 +1,28 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-filter-range'
+  s.version         = '3.0.0'
+  s.platform        = 'java'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "This filter is used to check that certain fields are within expected size/length ranges."
+  s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
+  s.authors         = ["Elastic"]
+  s.email           = 'info@elastic.co'
+  s.homepage        = "http://www.elastic.co/guide/en/logstash/current/index.html"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
+
+  # Gem dependencies
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+
+  s.add_development_dependency 'logstash-devutils'
+end
+

data/spec/filters/range_spec.rb

@@ -0,0 +1,169 @@
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/filters/range"
+
+describe LogStash::Filters::Range do
+  
+
+  describe "range match integer field on tag action" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "tag:cool",
+                      "duration", 1, 1, "tag:boring" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50) do
+      insist { subject.get("tags") }.include?("cool")
+      reject { subject.get("tags") }.include?("boring")
+    end
+  end
+
+  describe "range match float field on tag action" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 0, 100, "tag:cool",
+                      "duration", 0, 1, "tag:boring" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50.0) do
+      insist { subject.get("tags") }.include?("cool")
+      reject { subject.get("tags") }.include?("boring")
+    end
+  end
+
+  describe "range match string field on tag action" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "length", 0, 10, "tag:cool",
+                      "length", 0, 1, "tag:boring" ]
+        }
+      }
+    CONFIG
+
+    sample("length" => "123456789") do
+      insist { subject.get("tags") }.include?("cool")
+      reject { subject.get("tags") }.include?("boring")
+    end
+  end
+
+  describe "range match with negation" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "length", 0, 10, "tag:cool",
+                      "length", 0, 1, "tag:boring" ]
+          negate => true
+        }
+      }
+    CONFIG
+
+    sample("length" => "123456789") do
+      reject { subject.get("tags") }.include?("cool")
+      insist { subject.get("tags") }.include?("boring")
+    end
+  end
+
+  describe "range match on drop action" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "length", 0, 10, "drop" ]
+        }
+      }
+    CONFIG
+
+    sample("length" => "123456789") do
+      insist { subject }.nil?
+    end
+  end
+
+  describe "range match on field action with string value" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "field:cool:foo",
+                      "duration", 1, 1, "field:boring:foo" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50) do
+      insist { subject }.include?("cool")
+      insist { subject.get("cool") } == "foo"
+      reject { subject }.include?("boring")
+    end
+  end
+
+  describe "range match on field action with integer value" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "field:cool:666",
+                      "duration", 1, 1, "field:boring:666" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50) do
+      insist { subject }.include?("cool")
+      insist { subject.get("cool") } == 666
+      reject { subject }.include?("boring")
+    end
+  end
+
+  describe "range match on field action with float value" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "field:cool:3.14",
+                      "duration", 1, 1, "field:boring:3.14" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50) do
+      insist { subject }.include?("cool")
+      insist { subject.get("cool") } == 3.14
+      reject { subject }.include?("boring")
+    end
+  end
+
+  describe "range match on tag action with dynamic string value" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "tag:cool_%{dynamic}_dynamic",
+                      "duration", 1, 1, "tag:boring_%{dynamic}_dynamic" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50, "dynamic" => "and") do
+      insist { subject.get("tags") }.include?("cool_and_dynamic")
+      reject { subject.get("tags") }.include?("boring_and_dynamic")
+    end
+  end
+
+  describe "range match on field action with dynamic string field and value" do
+    config <<-CONFIG
+      filter {
+        range {
+          ranges => [ "duration", 10, 100, "field:cool_%{dynamic}_dynamic:foo_%{dynamic}_bar",
+                      "duration", 1, 1, "field:boring_%{dynamic}_dynamic:foo_%{dynamic}_bar" ]
+        }
+      }
+    CONFIG
+
+    sample("duration" => 50, "dynamic" => "and") do
+      insist { subject }.include?("cool_and_dynamic")
+      insist { subject.get("cool_and_dynamic") } == "foo_and_bar"
+      reject { subject }.include?("boring_and_dynamic")
+    end
+  end
+end

metadata

@@ -0,0 +1,89 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-range
+version: !ruby/object:Gem::Version
+  version: 3.0.0
+platform: java
+authors:
+- Elastic
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-09-08 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
+email: info@elastic.co
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+- README.md
+- lib/logstash/filters/range.rb
+- logstash-filter-range.gemspec
+- spec/filters/range_spec.rb
+homepage: http://www.elastic.co/guide/en/logstash/current/index.html
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.4.8
+signing_key:
+specification_version: 4
+summary: This filter is used to check that certain fields are within expected size/length ranges.
+test_files:
+- spec/filters/range_spec.rb