logstash-input-azure_blob_storage 0.12.9 → 0.12.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4714d163b8085f62c285af7e18cae4b0075e89ee11aa6e6f2a9e18a2fd0dde1a
-  data.tar.gz: 0ebb527c554c1b48d7c1d3cb4b17b4ecb8aaa7745dab55b6d0eaa22660722fa2
+  metadata.gz: ebb6ddba4c6e8d122a85901fe33f03125951facfb164fa16e8aa987cf314c34b
+  data.tar.gz: 5fc3537dcbbeacfefb51b45f29493c8494e74a6fcc2fc0d8414626dc86a209aa
 SHA512:
-  metadata.gz: c0696b1431363cd1e828340a54fe044eacceb6c494f8f054f0082777f9bf78512fd3a3c893cea063eedfe006f0fad973fc72ebe7af8f7f03bde290a89fb77b89
-  data.tar.gz: 41a63e6decb12a501528b349b3c88b04c083f09f645360381af0cfaa520853989a9425fe8bf5c30a69666c3c87887efe649cc622291afdea6118abf462b7af3e
+  metadata.gz: 85abf8fdd855702ddb710ef82fce98d108dac266f4bd1afc8693626ef2319c838e751e03e029dedd3c13eddf090137078a061164bf8748b967aedf875f4d734e
+  data.tar.gz: 256db7cef14c127bccfcd409d5b161e7c9a82571eea17c0255709fd3995a70d49fb08e12a36f221b72c9c4d4f5a4205f1b2380d7df20e311afb65bf260563b7e

data/CHANGELOG.md

@@ -1,3 +1,10 @@
+## 0.12.10 (Not yet started)
+  - gzip support
+  - csv support
+
+## 0.12.9
+  - fixed the processing of non json and json_lines codecs
+
 ## 0.12.8
   - support append blob (use codec json_lines and logtype raw)
   - change the default head and tail to an empty string, unless the logtype is nsgflowlog

data/README.md

@@ -1,18 +1,27 @@
-# Logstash 
+# WARNING !!!
+Because of on update of logstash or azure I can't seem to get this plugin to work.
+https://github.com/janmg/logstash-input-azure_blob_storage/issues/44
+It doesn't look like I'll be able to fix this, even the quick start example is broken.
+
+Going forward I will rebuild an NSGFLOWLOG only tool in GOLANG, that can fetch the log entries and feed them to stdout, a log file, or a queue like kafka, this way I cut the JRUBY dependancies with logstash. With the logstash-input-kafka plugin you can still suck in the flow logs in logstash or use an Azure eventhub. The GOLANG program is a proof of concept. It will take some time before it's going to be useable.
+
+blob-to-kafka.go can already list blobs, list the blocks of a blob, read the blob, loop through the json and find the flowtuples and send them to kafka. It's work in progress. It's not yet using the file listing, the blob is fully read and partial reads are not yet implemented and there is no tracking of which files got read. but at least it looks hopeful and I get some progress done.
+
+For problems or feature requests with this specific program, raise a github issue [GITHUB/janmg/logstash-input-azure_blob_storage/](https://github.com/janmg/logstash-input-azure_blob_storage). Pull requests will also be welcomed after discussion through an issue.
 
-This is a plugin for [Logstash](https://github.com/elastic/logstash). It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. All logstash plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/). Need generic logstash help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+# Logstash 
 
-For problems or feature requests with this specific plugin, raise a github issue [GITHUB/janmg/logstash-input-azure_blob_storage/](https://github.com/janmg/logstash-input-azure_blob_storage). Pull requests will also be welcomed after discussion through an issue.
+This was a plugin for [Logstash](https://github.com/elastic/logstash). It was fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way. All logstash plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/). Need generic logstash help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
 
 ## Purpose
-This plugin can read from Azure Storage Blobs, for instance JSON diagnostics logs for NSG flow logs or LINE based accesslogs from App Services. 
+This plugin was abled to read from Azure Storage Blobs, for instance JSON diagnostics logs for NSG flow logs or LINE based accesslogs from App Services. 
 [Azure Blob Storage](https://azure.microsoft.com/en-us/services/storage/blobs/)
 
 ## Alternatives
 This plugin was inspired by the Azure diagnostics tools, but should work better for bigger amounts of files. the configuration is not compatible, the configuration azureblob refers to the diagnostics tools plugin and this plugin uses azure_blob_storage
 https://github.com/Azure/azure-diagnostics-tools/tree/master/Logstash/logstash-input-azureblob
 
-There is a Filebeat plugin, that may work in the future
+There is a Filebeat plugin, that may work in the future (or not?)
 https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-input-azure-blob-storage.html
 
 ## Innerworking
@@ -28,11 +37,28 @@ The plugin executes the following steps
 7. If logstash is stopped, a stop signal will try to finish the current file, save the registry and than quit
 
 ## Installation 
-This plugin can be installed through logstash-plugin
+This plugin can be installed through logstash-plugin as documented https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html#listing-plugins. This should pull the latest version from rubygems https://rubygems.org/gems/logstash-input-azure_blob_storage
+
 ```
 /usr/share/logstash/bin/logstash-plugin install logstash-input-azure_blob_storage
 ```
 
+For Ubuntu I use these commands, to list, update, remove and install
+```
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin list --verbose
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin update
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin update logstash-input-azure_blob_storage
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin remove logstash-input-azurestorage
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin install logstash-input-azure_blob_storage
+```
+
+Alternatively you can use the commands from the build.sh script to build and install the gem locally. This you don't have to do, unless you want to modify the code in lib/logstash/inputs/azure_blob_storage.rb
+```
+sudo -u logstash gem build logstash-input-azure_blob_storage.gemspec
+sudo -u logstash gem install logstash-input-azure_blob_storage-${VERSION}.gem
+sudo -u logstash /usr/share/logstash/bin/logstash-plugin install ${GEMPWD}/logstash-input-azure_blob_storage-${VERSION}.gem
+```
+
 ## Minimal Configuration
 The minimum configuration required as input is storageaccount, access_key and container.
 
@@ -74,9 +100,13 @@ The pipeline can be started in several ways.
    pipe.id = test
    pipe.path = /etc/logstash/conf.d/test.conf
    ```
+   and then started as a service
+   ```
+   service logstash start
+   ```
  - As managed pipeline from Kibana
 
-Logstash itself (so not specific to this plugin) has a feature where multiple instances can run on the same system. The default TCP port is 9600, but if it's already in use it will use 9601 (and up), this is probably not true anymore from v8. To update a config file on a running instance on the commandline you can add the argument --config.reload.automatic and if you modify the files that are in the pipeline.yml you can send a SIGHUP channel to reload the pipelines where the config was changed. 
+To update a config file on a running instance on the commandline you can add the argument --config.reload.automatic and if you modify the files that are in the pipeline.yml you can send a SIGHUP channel to reload the pipelines where the config was changed. 
 [https://www.elastic.co/guide/en/logstash/current/reloading-config.html](https://www.elastic.co/guide/en/logstash/current/reloading-config.html)
 
 ## Internal Working 
@@ -88,6 +118,10 @@ Additional fields can be enabled with addfilename and addall, ecs_compatibility
 
 The configurations and the rest of the code are in [https://github.com/janmg/logstash-input-azure_blob_storage/tree/master/lib/logstash/inputs](lib/logstash/inputs) [https://github.com/janmg/logstash-input-azure_blob_storage/blob/master/lib/logstash/inputs/azure_blob_storage.rb#L10](azure_blob_storage.rb)
 
+## Codecs
+The default codec is json, the plugin should also work with json_lines, line. Other codecs like gzip and csv may work, but this plugin doesn't have specific code to handle them. This plugin reads all the binary from the file and gives it to the codec to make into events. For the logtype nsgflowlogs the plugin will read all the blocks and chops it into one event per rule.
+https://www.elastic.co/guide/en/logstash/current/codec-plugins.html
+
 ## Enabling NSG Flowlogs
 1. Enable Network Watcher in your regions
 2. Create Storage account per region

data/lib/logstash/inputs/azure_blob_storage.rb

@@ -331,6 +331,9 @@ public
                                 begin
                                     @codec.decode(chunk) do |event|
                                         counter += 1
+                                        if @addfilename
+                                            event.set('filename', name)
+                                        end
                                         queue << event
                                     end
                                     @processed += counter

data/logstash-input-azure_blob_storage.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
     s.name          = 'logstash-input-azure_blob_storage'
-    s.version       = '0.12.9'
+    s.version       = '0.12.10'
     s.licenses      = ['Apache-2.0']
     s.summary       = 'This logstash plugin reads and parses data from Azure Storage Blobs.'
     s.description   = <<-EOF

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-azure_blob_storage
 version: !ruby/object:Gem::Version
-  version: 0.12.9
+  version: 0.12.10
 platform: ruby
 authors:
 - Jan Geertsma
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-07-15 00:00:00.000000000 Z
+date: 2023-12-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement