logstash-filter-request_parser 0.2.11

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 1295ed7c348d2ccb8db0f48d465ee5434fa0358f4b825c361191065fddcafcc0
+  data.tar.gz: c3f8ecbe5afbb2192e685489e97d230ca20d00fe53bce4d937bcfd1dad72ea03
+SHA512:
+  metadata.gz: 3e309a1d827e445c350f1640ff9a5cf2d7784d998aae9b6ba87816d3d9b7865bd0c8aee460837b6b64dd0577b6971edc54039347a75d9faaa3448f19b26e568e
+  data.tar.gz: 4128161876a365d4c4b7ca0363bf1954440408dafd26d6d747481453e86a64a158cae39d7c5b85d926f76ff944a03285624a7e7d40ad3804622f088e735010fa

data/CHANGELOG.md

@@ -0,0 +1,13 @@
+## 1.0.0
+- Updated for GA release of native support for Java plugins. Includes:
+  - Improved Gradle task wrappers
+  - Removal of auto-generated Ruby source files 
+
+## 0.2.0
+- Updated for beta version of native support for Java plugins. Includes:
+  - Gradle task wrappers
+  - Updated plugin API
+  - Full feature parity with Ruby plugins
+
+## 0.0.1
+- Initial version for experimental v0 of native support for Java plugins.

data/Gemfile

@@ -0,0 +1,12 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+source 'https://rubygems.org'
+
+gemspec
+
+logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
+use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
+
+if Dir.exist?(logstash_path) && use_logstash_source
+  gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
+  gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
+end

data/README.md

@@ -0,0 +1,62 @@
+# Logstash Request Parser 
+
+The `request_parser` plugin parses the `request` field from the access log or F5 ASM or LTM log. It extracts the `path`, `query` and `parameters` and decodes it. With this deeper parsing, it can be analyzed further, and is easy to read for humans.
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are free to use it however you want.
+
+This is a Request Parser plugin for [Logstash](https://github.com/elastic/logstash).
+
+## Sample
+
+```logstash
+input { stdin { } }
+
+# '1.1.1.1 - - [09/Jul/2019:11:41:32 +0200] "GET /api/v4/projects/4/merge_requests?page=1&per_page=100&state=opened HTTP/2.0" 304 0 "" "Mozilla/5.0"'
+
+filter {
+  grok {
+    match => { "message" => "%{COMBINEDAPACHELOG}" }
+  }
+  date {
+    match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
+  }
+}
+
+filter {
+  request_parser {
+    request => "request"
+    target_path => "url.path"
+    target_query => "url.query"
+    target_query_parameters => "url.parameters"
+    parse_query_parameters => true # requires ES mapping as non-indexed object
+  }
+}
+
+output {
+  elasticsearch { hosts => ["localhost:9200"] }
+  stdout { codec => json }
+}
+
+#  {
+#    "request": "/api/v4/projects/4/merge_requests?page=1&per_page=100&state=opened",
+#    "url.path": "/api/v4/projects/4/merge_requests",
+#    "url.query": "page=1&per_page=100&state=opened",
+#    "prameters": {
+#      "page": "1",
+#      "per_page": "100",
+#      "state": "opened"
+#    }
+#  }
+```
+
+## Options
+
+| Setting                | Input type | Required | Default        |
+| ---------------------- | ---------- | -------- | -------------- |
+| request                | string     | No       | request        |
+| separate_query_field   | boolean    | No       | false          |
+| query                  | string     | No       | query          |
+| target_path            | string     | No       | path           |
+| target_query           | string     | No       | query          |
+| target_query_parameters| string     | No       | parameters     |
+| parse_query_parameters | boolean    | No       | true           |

data/VERSION

@@ -0,0 +1 @@
+0.2.11

data/docs/index.asciidoc

@@ -0,0 +1,87 @@
+:plugin: example
+:type: filter
+// Update header with plugin name
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+:version: %VERSION%
+:release_date: %RELEASE_DATE%
+:changelog_url: %CHANGELOG_URL%
+:include_path: ../../../../logstash/docs/include
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="plugins-{type}s-{plugin}"]
+
+=== Example filter plugin
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+Add plugin description here
+
+// Format anchors and links to support generated ids for versioning
+// Sample anchor: [id="plugins-{type}s-{plugin}-setting_name"]
+// Sample link: <<plugins-{type}s-{plugin}-setting_name>>
+
+[id="plugins-{type}s-{plugin}-options"]
+==== Example Filter Configuration Options
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<plugins-{type}s-{plugin}-a_setting_name>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-another_setting_name>> |<<hash,hash>>|No
+| <<plugins-{type}s-{plugin}-setting_name_3>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-setting_name_4>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-setting_name_5>> |<<array,array>>|No
+|=======================================================================
+
+[id="plugins-{type}s-{plugin}-a_setting_name"]
+===== `a_setting_name` 
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `true`
+
+Add description here
+
+[id="plugins-{type}s-{plugin}-another_setting_name"]
+===== `another_setting_name` 
+
+  * Value type is <<hash,hash>>
+  * Default value is `{}`
+
+Add description here
+
+[id="plugins-{type}s-{plugin}-setting_name_3"]
+===== `setting_name_3` 
+
+  * Value type is <<string,string>>
+  * Default value is `{}`
+
+Add description here
+
+[id="plugins-{type}s-{plugin}-setting_name_4"]
+===== `setting_name_4` 
+
+  * Value type is <<number,number>>
+  * Default value is `0`
+
+Add description here
+
+[id="plugins-{type}s-{plugin}-setting_name_5"]
+===== `setting_name_5` 
+
+  * Value type is <<array,array>>
+  * Default value is {}
+
+Add description here
+
+// The full list of Value Types is here: 
+// https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html
+
+[id="plugins-{type}s-{plugin}-common-options"]
+include::{include_path}/{type}.asciidoc[]

data/lib/logstash-filter-request_parser_jars.rb

@@ -0,0 +1,5 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+# encoding: utf-8
+
+require 'jar_dependencies'
+require_jar('org.logstashplugins', 'logstash-filter-request_parser', '0.2.11')

data/lib/logstash/filters/request_parser.rb

@@ -0,0 +1,12 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+# encoding: utf-8
+require "logstash/filters/base"
+require "logstash/namespace"
+require "logstash-filter-request_parser_jars"
+require "java"
+
+class LogStash::Filters::RequestParser < LogStash::Filters::Base
+  config_name "request_parser"
+
+  def self.javaClass() Java::org.logstashplugins.RequestParser.java_class; end
+end

data/logstash-filter-request_parser.gemspec

@@ -0,0 +1,22 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+Gem::Specification.new do |s|
+  s.name            = 'logstash-filter-request_parser'
+  s.version         = ::File.read('VERSION').split('\n').first
+  s.licenses        = ['Apache-2.0']
+  s.summary         = 'Parse access logs and ADC logs in a structured format'
+  s.description     = 'This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program'
+  s.authors         = ['Securely']
+  s.email           = ['dev@securely.ai']
+  s.homepage        = 'https://logstash.securely.ai/requestparser'
+  s.require_paths = ['lib', 'vendor/jar-dependencies']
+
+  s.files = Dir["lib/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'filter', 'java_plugin' => 'true'}
+
+  # Gem dependencies
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'jar-dependencies'
+  s.add_development_dependency 'logstash-devutils'
+end

metadata

@@ -0,0 +1,107 @@
+--- !ruby/object:Gem::Specification
+name: logstash-filter-request_parser
+version: !ruby/object:Gem::Version
+  version: 0.2.11
+platform: ruby
+authors:
+- Securely
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2019-08-29 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: jar-dependencies
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem is a Logstash plugin required to be installed on top of the
+  Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This
+  gem is not a stand-alone program
+email:
+- dev@securely.ai
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- Gemfile
+- README.md
+- VERSION
+- docs/index.asciidoc
+- lib/logstash-filter-request_parser_jars.rb
+- lib/logstash/filters/request_parser.rb
+- logstash-filter-request_parser.gemspec
+- vendor/jar-dependencies/org/logstashplugins/logstash-filter-request_parser/0.2.11/logstash-filter-request_parser-0.2.11.jar
+homepage: https://logstash.securely.ai/requestparser
+licenses:
+- Apache-2.0
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: filter
+  java_plugin: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+- vendor/jar-dependencies
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.7.9
+signing_key:
+specification_version: 4
+summary: Parse access logs and ADC logs in a structured format
+test_files: []