logstash-filter-search-engine 2.0.0

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: e9649351501dc1b39f656104814c11835050bb9e
4
+ data.tar.gz: c6144f7652f2281ca6d695fb8849bb765a7077c6
5
+ SHA512:
6
+ metadata.gz: eba35c45ad5d07452a408a9c938d4659588a3479220f8b73425073ed27c2e1e0f95b0b5992ce4f350d80344eec127756dbfcba35f2e90e44bfa821b9b63ae4ee
7
+ data.tar.gz: bc3efad8fe59c16005f034665c49f6b2cfc8f008fd97b692d363967409ae5635273b015d52f55647444fdaf812c8e9b38defb29c8b4c28e679598c269fdc568a
@@ -0,0 +1,5 @@
1
+ ## 2.0.0
2
+ - Plugins were updated to follow the new shutdown semantic, this mainly allows Logstash to instruct input plugins to terminate gracefully,
3
+ instead of using Thread.raise on the plugins' threads. Ref: https://github.com/elastic/logstash/pull/3895
4
+ - Dependency on logstash-core update to 2.0
5
+
@@ -0,0 +1,11 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * Aaron Mildenstein (untergeek)
6
+ * Pier-Hugues Pellerin (ph)
7
+
8
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
9
+ Logstash, and you aren't on the list above and want to be, please let us know
10
+ and we'll make sure you're here. Contributions from folks like you are what make
11
+ open source awesome.
@@ -0,0 +1,2 @@
1
+ # logstash-filter-example
2
+ Example filter plugin. This should help bootstrap your effort to write your own filter plugin!
data/Gemfile ADDED
@@ -0,0 +1,2 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
data/LICENSE ADDED
@@ -0,0 +1,14 @@
1
+ Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
2
+ Copyright (c) 2018 Stormshield <https://www.stormshield.com>
3
+
4
+ Licensed under the Apache License, Version 2.0 (the "License");
5
+ you may not use this file except in compliance with the License.
6
+ You may obtain a copy of the License at
7
+
8
+ http://www.apache.org/licenses/LICENSE-2.0
9
+
10
+ Unless required by applicable law or agreed to in writing, software
11
+ distributed under the License is distributed on an "AS IS" BASIS,
12
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ See the License for the specific language governing permissions and
14
+ limitations under the License.
@@ -0,0 +1,5 @@
1
+ Elasticsearch
2
+ Copyright 2012-2015 Elasticsearch
3
+
4
+ This product includes software developed by The Apache Software
5
+ Foundation (http://www.apache.org/).
@@ -0,0 +1,123 @@
1
+ # Stormshield's search engine filter plugin
2
+
3
+ This plugin aims to extract query from an HTTP request for main search engines (Google, Bing and Yahoo).
4
+
5
+ ## Usage
6
+
7
+ The plugin can be used with the following config.
8
+
9
+ ```
10
+ search_engine {
11
+ engines => ["Google", "Bing", "Yahoo"]
12
+ site_name_field => "dstname"
13
+ query_field => "arg"
14
+ output_field => "search_engine_query"
15
+ }
16
+ ```
17
+
18
+ | Field | Usage | Default |
19
+ |----|----|----|
20
+ | engines | Search engines to intercept. Only Google, Bing and Yahoo are available. | `["Google", "Bing", "Yahoo"]` |
21
+ | site_name_field | Field of the log event from which to extract the URL (e.g. www.google.com) | `dstname` |
22
+ | query_field | Field of the log event from which to extract the HTTP request (e.g. /search.q=Kibana) | `arg` |
23
+ | output_field | Name of the field that will contains the extracted query (keywords separated by whitespace) | `search_engine_query` |
24
+
25
+
26
+ # Logstash Plugin
27
+
28
+ [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-filter-example.svg)](https://travis-ci.org/logstash-plugins/logstash-filter-example)
29
+
30
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
31
+
32
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
33
+
34
+ ## Documentation
35
+
36
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
37
+
38
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
39
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
40
+
41
+ ## Need Help?
42
+
43
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
44
+
45
+ ## Developing
46
+
47
+ ### 1. Plugin Developement and Testing
48
+
49
+ #### Code
50
+ - To get started, you'll need JRuby with the Bundler gem installed.
51
+
52
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
53
+
54
+ - Install dependencies
55
+ ```sh
56
+ bundle install
57
+ ```
58
+
59
+ #### Test
60
+
61
+ - Update your dependencies
62
+
63
+ ```sh
64
+ bundle install
65
+ ```
66
+
67
+ - Run tests
68
+
69
+ ```sh
70
+ bundle exec rspec
71
+ ```
72
+
73
+ ### 2. Running your unpublished Plugin in Logstash
74
+
75
+ #### 2.1 Run in a local Logstash clone
76
+
77
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
78
+ ```ruby
79
+ gem "logstash-filter-search-engine", :path => "/your/local/logstash-filter-search-engine"
80
+ ```
81
+ - Install plugin
82
+ ```sh
83
+ # Logstash 2.3 and higher
84
+ bin/logstash-plugin install --no-verify
85
+
86
+ # Prior to Logstash 2.3
87
+ bin/plugin install --no-verify
88
+
89
+ ```
90
+ - Run Logstash with your plugin
91
+ ```sh
92
+ bin/logstash -e 'filter {search_engine {}}'
93
+ ```
94
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
95
+
96
+ #### 2.2 Run in an installed Logstash
97
+
98
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
99
+
100
+ - Build your plugin gem
101
+ ```sh
102
+ gem build logstash-filter-search-engine.gemspec
103
+ ```
104
+ - Install the plugin from the Logstash home
105
+ ```sh
106
+ # Logstash 2.3 and higher
107
+ bin/logstash-plugin install --no-verify
108
+
109
+ # Prior to Logstash 2.3
110
+ bin/plugin install --no-verify
111
+
112
+ ```
113
+ - Start Logstash and proceed to test the plugin
114
+
115
+ ## Contributing
116
+
117
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
118
+
119
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
120
+
121
+ It is more important to the community that you are able to contribute.
122
+
123
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -0,0 +1,25 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/utils"
3
+
4
+ class BingQueryParser
5
+
6
+ public
7
+ def initialize
8
+ @re_url = /(?:www\.)?bing\..*/
9
+ @re_query = /^\/search\?(?:[^&]*&)?q=(?<query>[^&#]*)/i
10
+ end
11
+
12
+ public
13
+ def match(siteName)
14
+ return @re_url.match(siteName)
15
+ end
16
+
17
+ def parse(query)
18
+ query = Utils.removeInvalidChars(query)
19
+ m = @re_query.match(query)
20
+ if m then
21
+ return m["query"].tr("+", " ").split.join(" ")
22
+ end
23
+ end
24
+
25
+ end
@@ -0,0 +1,25 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/utils"
3
+
4
+ class GoogleQueryParser
5
+
6
+ public
7
+ def initialize
8
+ @re_url = /(?:www\.)?google\..*/
9
+ @re_query = /^\/search\?(?:[^&]*&)?q=(?<query>[^&#]*)/i
10
+ end
11
+
12
+ public
13
+ def match(siteName)
14
+ return @re_url.match(siteName)
15
+ end
16
+
17
+ def parse(query)
18
+ query = Utils.removeInvalidChars(query)
19
+ m = @re_query.match(query)
20
+ if m then
21
+ return m["query"].tr("+", " ").split.join(" ")
22
+ end
23
+ end
24
+
25
+ end
@@ -0,0 +1,25 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/utils"
3
+
4
+ class YahooQueryParser
5
+
6
+ public
7
+ def initialize
8
+ @re_url = /(?:[^\.]*\.)?search.yahoo\..*/
9
+ @re_query = /^\/search\?(?:[^&]*&)?p=(?<query>[^&#]*)/i
10
+ end
11
+
12
+ public
13
+ def match(siteName)
14
+ return @re_url.match(siteName)
15
+ end
16
+
17
+ def parse(query)
18
+ query = Utils.removeInvalidChars(query)
19
+ m = @re_query.match(query)
20
+ if m then
21
+ return m["query"].tr("+", " ").split.join(" ")
22
+ end
23
+ end
24
+
25
+ end
@@ -0,0 +1,55 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/base"
3
+ require "logstash/filters/parsers/bing"
4
+ require "logstash/filters/parsers/google"
5
+ require "logstash/filters/parsers/yahoo"
6
+ require "logstash/filters/utils"
7
+ require "logstash/namespace"
8
+ require "uri"
9
+
10
+ # Filter to extract search engine query from HTTP query
11
+ class LogStash::Filters::SearchEngine < LogStash::Filters::Base
12
+
13
+ #
14
+ # filter {
15
+ # search_engine {
16
+ # engines => ["Google", "Bing", "Yahoo"]
17
+ # site_name_field => "dstname"
18
+ # query_field => "arg"
19
+ # output_field => "search_engine_query"
20
+ # }
21
+ # }
22
+ #
23
+ config_name "search_engine"
24
+
25
+ config :engines, :validate => :array, :default => ["Google", "Bing", "Yahoo"]
26
+ config :site_name_field, :validate => :string, :default => "dstname"
27
+ config :query_field, :validate => :string, :default => "arg"
28
+ config :output_field, :validate => :string, :default => "search_engine_query"
29
+
30
+ public
31
+ def register
32
+ @queryParsers = {
33
+ "Google" => GoogleQueryParser.new,
34
+ "Bing" => BingQueryParser.new,
35
+ "Yahoo" => YahooQueryParser.new
36
+ }
37
+ end
38
+
39
+ public
40
+ def filter(event)
41
+
42
+ @queryParsers.each do |name, parser|
43
+ if @engines.include?(name) && parser.match(event.get(@site_name_field))
44
+ valid_query_field = Utils.removeInvalidChars(event.get(@query_field))
45
+ if (valid_query_field)
46
+ event.set(@output_field, parser.parse(URI.decode(valid_query_field)))
47
+ else
48
+ @logger.warn? && @logger.warn("Search engine failed to parse query field")
49
+ end
50
+ end
51
+ end
52
+
53
+ filter_matched(event)
54
+ end
55
+ end
@@ -0,0 +1,14 @@
1
+ # encoding: utf-8
2
+
3
+ # Utility class
4
+ class Utils
5
+
6
+ # Sanitize a UTF 8 string : remove invalid characters
7
+ def self.removeInvalidChars(str)
8
+ if(str && !str.valid_encoding?)
9
+ return str.encode('UTF-8', 'binary', invalid: :replace, undef: :replace, replace: "")
10
+ end
11
+ return str
12
+ end
13
+
14
+ end
@@ -0,0 +1,23 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-filter-search-engine'
3
+ s.version = '2.0.0'
4
+ s.licenses = ['Apache License (2.0)']
5
+ s.summary = "Extract search engine queries from HTTP queries"
6
+ s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
7
+ s.authors = ["Elastic", "Stormshield"]
8
+ s.email = 'svc@stormshield.eu'
9
+ s.homepage = "https://www.stormshield.eu"
10
+ s.require_paths = ["lib"]
11
+
12
+ # Files
13
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+ # Tests
15
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
16
+
17
+ # Special flag to let us know this is actually a logstash plugin
18
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "filter" }
19
+
20
+ # Gem dependencies
21
+ s.add_runtime_dependency 'logstash-core-plugin-api', '>= 1.60', '<= 2.99'
22
+ s.add_development_dependency "logstash-devutils", "= 1.3.4"
23
+ end
@@ -0,0 +1,57 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/parsers/bing"
3
+
4
+ describe BingQueryParser do
5
+ parser = BingQueryParser.new
6
+
7
+ describe "match site name" do
8
+ it "should match whatever the file extension" do
9
+ country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
10
+ country_extensions.each do |extension|
11
+ expect(parser.match("www.bing.#{extension}")).to be_truthy
12
+ end
13
+ end
14
+
15
+ it "should match without www" do
16
+ expect(parser.match("bing.com")).to be_truthy
17
+ end
18
+
19
+ it "should not match if not bing" do
20
+ expect(parser.match("ding.com")).to be_falsy
21
+ end
22
+ end
23
+
24
+ describe "extract query" do
25
+ it "should not return query when no query" do
26
+ expect(parser.parse("/search?hl=fr")).to be_nil
27
+ end
28
+
29
+ it "should not return query when other api" do
30
+ expect(parser.parse("/complete/search?q=kibana")).to be_nil
31
+ end
32
+
33
+ it "should return query when no other parameter" do
34
+ expect(parser.parse("/search?q=kibana")).to eq("kibana")
35
+ end
36
+
37
+ it "should return query when other parameters afterwards" do
38
+ expect(parser.parse("/search?q=kibana&hl=fr")).to eq("kibana")
39
+ end
40
+
41
+ it "should return query when other parameters before" do
42
+ expect(parser.parse("/search?hl=fr&q=kibana")).to eq("kibana")
43
+ end
44
+
45
+ it "should return query when anchor" do
46
+ expect(parser.parse("/search?hl=fr&q=kibana#q=toto")).to eq("kibana")
47
+ end
48
+
49
+ it "should return query without plus sign when multiple words" do
50
+ expect(parser.parse("/search?hl=fr&q=kibana+4#q=toto")).to eq("kibana 4")
51
+ end
52
+
53
+ it "should handle utf 8 invalid characters" do
54
+ expect(parser.parse("/search?hl&q=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
55
+ end
56
+ end
57
+ end
@@ -0,0 +1,57 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/parsers/google"
3
+
4
+ describe GoogleQueryParser do
5
+ parser = GoogleQueryParser.new
6
+
7
+ describe "match site name" do
8
+ it "should match whatever the file extension" do
9
+ country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
10
+ country_extensions.each do |extension|
11
+ expect(parser.match("www.google.#{extension}")).to be_truthy
12
+ end
13
+ end
14
+
15
+ it "should match without www" do
16
+ expect(parser.match("google.com")).to be_truthy
17
+ end
18
+
19
+ it "should not match if not google" do
20
+ expect(parser.match("booble.com")).to be_falsy
21
+ end
22
+ end
23
+
24
+ describe "extract query" do
25
+ it "should not return query when no query" do
26
+ expect(parser.parse("/search?hl=fr")).to be_nil
27
+ end
28
+
29
+ it "should not return query when other api" do
30
+ expect(parser.parse("/complete/search?q=kibana")).to be_nil
31
+ end
32
+
33
+ it "should return query when no other parameter" do
34
+ expect(parser.parse("/search?q=kibana")).to eq("kibana")
35
+ end
36
+
37
+ it "should return query when other parameters afterwards" do
38
+ expect(parser.parse("/search?q=kibana&hl=fr")).to eq("kibana")
39
+ end
40
+
41
+ it "should return query when other parameters before" do
42
+ expect(parser.parse("/search?hl=fr&q=kibana")).to eq("kibana")
43
+ end
44
+
45
+ it "should return query when anchor" do
46
+ expect(parser.parse("/search?hl=fr&q=kibana#q=toto")).to eq("kibana")
47
+ end
48
+
49
+ it "should return query without plus sign when multiple words" do
50
+ expect(parser.parse("/search?hl=fr&q=kibana+4#q=toto")).to eq("kibana 4")
51
+ end
52
+
53
+ it "should handle utf 8 invalid characters" do
54
+ expect(parser.parse("/search?hl&q=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
55
+ end
56
+ end
57
+ end
@@ -0,0 +1,57 @@
1
+ # encoding: utf-8
2
+ require "logstash/filters/parsers/yahoo"
3
+
4
+ describe YahooQueryParser do
5
+ parser = YahooQueryParser.new
6
+
7
+ describe "match site name" do
8
+ it "should match whatever the file extension" do
9
+ country_extensions = ["fr", "com", "eu", "it", "hn", "co"]
10
+ country_extensions.each do |extension|
11
+ expect(parser.match("#{extension}.search.yahoo.#{extension}")).to be_truthy
12
+ end
13
+ end
14
+
15
+ it "should match without country prefix" do
16
+ expect(parser.match("search.yahoo.com")).to be_truthy
17
+ end
18
+
19
+ it "should not match if not yahoo" do
20
+ expect(parser.match("search.yaboo.com")).to be_falsy
21
+ end
22
+ end
23
+
24
+ describe "extract query" do
25
+ it "should not return query when no query" do
26
+ expect(parser.parse("/search?hl=fr")).to be_nil
27
+ end
28
+
29
+ it "should not return query when other api" do
30
+ expect(parser.parse("/complete/search?p=kibana")).to be_nil
31
+ end
32
+
33
+ it "should return query when no other parameter" do
34
+ expect(parser.parse("/search?p=kibana")).to eq("kibana")
35
+ end
36
+
37
+ it "should return query when other parameters afterwards" do
38
+ expect(parser.parse("/search?p=kibana&hl=fr")).to eq("kibana")
39
+ end
40
+
41
+ it "should return query when other parameters before" do
42
+ expect(parser.parse("/search?hl=fr&p=kibana")).to eq("kibana")
43
+ end
44
+
45
+ it "should return query when anchor" do
46
+ expect(parser.parse("/search?hl=fr&p=kibana#p=toto")).to eq("kibana")
47
+ end
48
+
49
+ it "should return query without plus sign when multiple words" do
50
+ expect(parser.parse("/search?hl=fr&p=kibana+4#p=toto")).to eq("kibana 4")
51
+ end
52
+
53
+ it "should handle utf 8 invalid characters" do
54
+ expect(parser.parse("/search?p=\xFF+amazing\xFF+test\xFF")).to eq("amazing test")
55
+ end
56
+ end
57
+ end
@@ -0,0 +1,125 @@
1
+ # encoding: utf-8
2
+ require 'logstash/devutils/rspec/spec_helper'
3
+ require "logstash/filters/search_engine"
4
+
5
+ describe LogStash::Filters::SearchEngine do
6
+ describe "should do nothing if no engine specified" do
7
+ let(:config) do <<-CONFIG
8
+ filter {
9
+ search_engine {
10
+ engines => []
11
+ }
12
+ }
13
+ CONFIG
14
+ end
15
+
16
+ sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
17
+ expect(subject.get("search_engine_query")).to be_nil
18
+ end
19
+ end
20
+
21
+ describe "should do nothing if unknown engine specified" do
22
+ let(:config) do <<-CONFIG
23
+ filter {
24
+ search_engine {
25
+ engines => ["FakeEngine"]
26
+ }
27
+ }
28
+ CONFIG
29
+ end
30
+
31
+ sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
32
+ expect(subject.get("search_engine_query")).to be_nil
33
+ end
34
+ end
35
+
36
+ describe "should extract query from Google search" do
37
+ let(:config) do <<-CONFIG
38
+ filter {
39
+ search_engine {
40
+ engines => ["Google"]
41
+ }
42
+ }
43
+ CONFIG
44
+ end
45
+
46
+ sample("dstname" => "www.google.fr", "arg" => "/search?q=Kibana") do
47
+ expect(subject.get("search_engine_query")).to eq('Kibana')
48
+ end
49
+ end
50
+
51
+ describe "should extract query from Bing search" do
52
+ let(:config) do <<-CONFIG
53
+ filter {
54
+ search_engine {
55
+ engines => ["Bing"]
56
+ }
57
+ }
58
+ CONFIG
59
+ end
60
+
61
+ sample("dstname" => "www.bing.fr", "arg" => "/search?q=Kibana") do
62
+ expect(subject.get("search_engine_query")).to eq('Kibana')
63
+ end
64
+ end
65
+
66
+ describe "should extract query from Yahoo search" do
67
+ let(:config) do <<-CONFIG
68
+ filter {
69
+ search_engine {
70
+ engines => ["Yahoo"]
71
+ }
72
+ }
73
+ CONFIG
74
+ end
75
+
76
+ sample("dstname" => "fr.search.yahoo.com", "arg" => "/search?p=Kibana") do
77
+ expect(subject.get("search_engine_query")).to eq('Kibana')
78
+ end
79
+ end
80
+
81
+ describe "should extract query with encoded parameters" do
82
+ let(:config) do <<-CONFIG
83
+ filter {
84
+ search_engine {
85
+ engines => ["Google", "Bing", "Yahoo"]
86
+ }
87
+ }
88
+ CONFIG
89
+ end
90
+
91
+ sample("dstname" => "fr.search.yahoo.com", "arg" => "/search%3Fp%3DKibana%26ie%3Dutf-8%26oe%3Dutf-8%26safe%3Dstrict") do
92
+ expect(subject.get("search_engine_query")).to eq('Kibana')
93
+ end
94
+ end
95
+
96
+ describe "should remove utf 8 invalid characters in URL" do
97
+ let(:config) do <<-CONFIG
98
+ filter {
99
+ search_engine {
100
+ engines => ["Bing"]
101
+ }
102
+ }
103
+ CONFIG
104
+ end
105
+ sample("dstname" => "www.bing.com", "arg" => "/search?q=%FF+one%FF+test+%FF") do
106
+ expect(subject.get("search_engine_query")).to eq('one test')
107
+ end
108
+ end
109
+
110
+ describe "should do nothing if arg is not specified" do
111
+ let(:config) do <<-CONFIG
112
+ filter {
113
+ search_engine {
114
+ engines => ["Google"]
115
+ }
116
+ }
117
+ CONFIG
118
+ end
119
+
120
+ sample("dstname" => "www.google.fr") do
121
+ expect(subject.get("search_engine_query")).to be_nil
122
+ end
123
+ end
124
+
125
+ end
@@ -0,0 +1,2 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
metadata ADDED
@@ -0,0 +1,103 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-filter-search-engine
3
+ version: !ruby/object:Gem::Version
4
+ version: 2.0.0
5
+ platform: ruby
6
+ authors:
7
+ - Elastic
8
+ - Stormshield
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2018-12-10 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ requirement: !ruby/object:Gem::Requirement
16
+ requirements:
17
+ - - ">="
18
+ - !ruby/object:Gem::Version
19
+ version: '1.60'
20
+ - - "<="
21
+ - !ruby/object:Gem::Version
22
+ version: '2.99'
23
+ name: logstash-core-plugin-api
24
+ prerelease: false
25
+ type: :runtime
26
+ version_requirements: !ruby/object:Gem::Requirement
27
+ requirements:
28
+ - - ">="
29
+ - !ruby/object:Gem::Version
30
+ version: '1.60'
31
+ - - "<="
32
+ - !ruby/object:Gem::Version
33
+ version: '2.99'
34
+ - !ruby/object:Gem::Dependency
35
+ requirement: !ruby/object:Gem::Requirement
36
+ requirements:
37
+ - - '='
38
+ - !ruby/object:Gem::Version
39
+ version: 1.3.4
40
+ name: logstash-devutils
41
+ prerelease: false
42
+ type: :development
43
+ version_requirements: !ruby/object:Gem::Requirement
44
+ requirements:
45
+ - - '='
46
+ - !ruby/object:Gem::Version
47
+ version: 1.3.4
48
+ description: This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program
49
+ email: svc@stormshield.eu
50
+ executables: []
51
+ extensions: []
52
+ extra_rdoc_files: []
53
+ files:
54
+ - CHANGELOG.md
55
+ - CONTRIBUTORS
56
+ - DEVELOPER.md
57
+ - Gemfile
58
+ - LICENSE
59
+ - NOTICE.TXT
60
+ - README.md
61
+ - lib/logstash/filters/parsers/bing.rb
62
+ - lib/logstash/filters/parsers/google.rb
63
+ - lib/logstash/filters/parsers/yahoo.rb
64
+ - lib/logstash/filters/search_engine.rb
65
+ - lib/logstash/filters/utils.rb
66
+ - logstash-filter-search-engine.gemspec
67
+ - spec/filters/parsers/bing_spec.rb
68
+ - spec/filters/parsers/google_spec.rb
69
+ - spec/filters/parsers/yahoo_spec.rb
70
+ - spec/filters/search_engine_spec.rb
71
+ - spec/spec_helper.rb
72
+ homepage: https://www.stormshield.eu
73
+ licenses:
74
+ - Apache License (2.0)
75
+ metadata:
76
+ logstash_plugin: 'true'
77
+ logstash_group: filter
78
+ post_install_message:
79
+ rdoc_options: []
80
+ require_paths:
81
+ - lib
82
+ required_ruby_version: !ruby/object:Gem::Requirement
83
+ requirements:
84
+ - - ">="
85
+ - !ruby/object:Gem::Version
86
+ version: '0'
87
+ required_rubygems_version: !ruby/object:Gem::Requirement
88
+ requirements:
89
+ - - ">="
90
+ - !ruby/object:Gem::Version
91
+ version: '0'
92
+ requirements: []
93
+ rubyforge_project:
94
+ rubygems_version: 2.4.8
95
+ signing_key:
96
+ specification_version: 4
97
+ summary: Extract search engine queries from HTTP queries
98
+ test_files:
99
+ - spec/filters/parsers/bing_spec.rb
100
+ - spec/filters/parsers/google_spec.rb
101
+ - spec/filters/parsers/yahoo_spec.rb
102
+ - spec/filters/search_engine_spec.rb
103
+ - spec/spec_helper.rb