logstash-input-azuretable 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: b1fb69c3c5e9bc8237619c21ccd2e43765d63941
4
+ data.tar.gz: 13703ef6bf23c484f9432ded4b265ea6b6c6f27c
5
+ SHA512:
6
+ metadata.gz: ea4e019a1407cc9f13af6d181a84dc8627a5fda888145e272364b30f0d44a63b0758689f8830c0db250df5d565416227ee926143362ccb1b628470ac3618cf62
7
+ data.tar.gz: c612e0beb5b84b58624428170ac374e567f3fff1e62c6849cc0756b4ab57d31db68ba024f05f867273e5c4f881192136ae33a6456f5b9635cad4035762fe4f74
data/CHANGELOG.md ADDED
@@ -0,0 +1,2 @@
1
+ ## 0.1.0
2
+ - Plugin created with the logstash plugin generator
data/CONTRIBUTORS ADDED
@@ -0,0 +1,10 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * -
6
+
7
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
8
+ Logstash, and you aren't on the list above and want to be, please let us know
9
+ and we'll make sure you're here. Contributions from folks like you are what make
10
+ open source awesome.
data/DEVELOPER.md ADDED
@@ -0,0 +1,2 @@
1
+ # logstash-input-azuretable
2
+ Example input plugin. This should help bootstrap your effort to write your own input plugin!
data/Gemfile ADDED
@@ -0,0 +1,3 @@
1
+ source 'https://rubygems.org'
2
+ gemspec
3
+
data/LICENSE ADDED
@@ -0,0 +1,11 @@
1
+ Licensed under the Apache License, Version 2.0 (the "License");
2
+ you may not use this file except in compliance with the License.
3
+ You may obtain a copy of the License at
4
+
5
+ http://www.apache.org/licenses/LICENSE-2.0
6
+
7
+ Unless required by applicable law or agreed to in writing, software
8
+ distributed under the License is distributed on an "AS IS" BASIS,
9
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
10
+ See the License for the specific language governing permissions and
11
+ limitations under the License.
data/README.md ADDED
@@ -0,0 +1,86 @@
1
+ # Logstash Plugin
2
+
3
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
4
+
5
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
6
+
7
+ ## Documentation
8
+
9
+ Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
10
+
11
+ - For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
12
+ - For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
13
+
14
+ ## Need Help?
15
+
16
+ Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
17
+
18
+ ## Developing
19
+
20
+ ### 1. Plugin Developement and Testing
21
+
22
+ #### Code
23
+ - To get started, you'll need JRuby with the Bundler gem installed.
24
+
25
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
26
+
27
+ - Install dependencies
28
+ ```sh
29
+ bundle install
30
+ ```
31
+
32
+ #### Test
33
+
34
+ - Update your dependencies
35
+
36
+ ```sh
37
+ bundle install
38
+ ```
39
+
40
+ - Run tests
41
+
42
+ ```sh
43
+ bundle exec rspec
44
+ ```
45
+
46
+ ### 2. Running your unpublished Plugin in Logstash
47
+
48
+ #### 2.1 Run in a local Logstash clone
49
+
50
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
51
+ ```ruby
52
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
53
+ ```
54
+ - Install plugin
55
+ ```sh
56
+ bin/logstash-plugin install --no-verify
57
+ ```
58
+ - Run Logstash with your plugin
59
+ ```sh
60
+ bin/logstash -e 'filter {awesome {}}'
61
+ ```
62
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
63
+
64
+ #### 2.2 Run in an installed Logstash
65
+
66
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
67
+
68
+ - Build your plugin gem
69
+ ```sh
70
+ gem build logstash-filter-awesome.gemspec
71
+ ```
72
+ - Install the plugin from the Logstash home
73
+ ```sh
74
+ bin/logstash-plugin install /your/local/plugin/logstash-filter-awesome.gem
75
+ ```
76
+ - Start Logstash and proceed to test the plugin
77
+
78
+ ## Contributing
79
+
80
+ All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
81
+
82
+ Programming is not a required skill. Whatever you've seen about open source and maintainers or community members saying "send patches or die" - you will not see that here.
83
+
84
+ It is more important to the community that you are able to contribute.
85
+
86
+ For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
@@ -0,0 +1,174 @@
1
+ # encoding: utf-8
2
+ require "logstash/inputs/base"
3
+ require "logstash/namespace"
4
+ require "stud/interval"
5
+ require "socket" # for Socket.gethostname
6
+ require "time"
7
+ require "azure"
8
+
9
+ class LogStash::Inputs::Azuretable < LogStash::Inputs::Base
10
+ class Interrupred < StandardError; end
11
+
12
+ config_name "azuretable"
13
+
14
+ # If undefined, Logstash will complain, even if codec is unused.
15
+ default :codec, "plain"
16
+
17
+ # The message string to use in the event.
18
+ config :storage_sas_token, :validate => :string
19
+ config :table_name, :validate => :string
20
+ config :entity_count_to_process, :validate => :string, :default => 100
21
+ config :collection_start_time_utc, :validate => :string, :default => Time.now.utc.iso8601
22
+ config :etw_pretty_print, :validate => :boolean, :default => false
23
+ config :idle_delay_seconds, :validate => :number, :default => 15
24
+ config :endpoint, :validate => :string, :default => "core.windows.net"
25
+
26
+ # Default 1 minute delay to ensure all data is published to the table before querying.
27
+ # See issue #23 for more: https://github.com/Azure/azure-diagnostics-tools/issues/23
28
+ config :data_latency_minutes, :validate => :number, :default => 1
29
+
30
+ public
31
+ def register
32
+ @host = Socket.gethostname
33
+
34
+ Azure.configure do |config|
35
+ config.storage_sas_token = @account_name
36
+ end
37
+ @azure_table_service = Azure::Table::TableService.new
38
+ @last_timestamp = @collection_start_time_utc
39
+ @idle_delay = @idle_delay_seconds
40
+ @continuation_token = nil
41
+ end # def register
42
+
43
+ def run(queue)
44
+ while !stop?
45
+ @logger.debug("Starting process method @" + Time.now.to_s);
46
+ process(output_queue)
47
+ @logger.debug("Starting delay of: " + @idle_delay.to_s + " seconds @" + Time.now.to_s);
48
+ sleep @idle_delay
49
+ end # while
50
+ end # def run
51
+
52
+ def stop
53
+ # nothing to do in this case so it is not necessary to define stop
54
+ # examples of common "stop" tasks:
55
+ # * close sockets (unblocking blocking reads/accepts)
56
+ # * cleanup temporary files
57
+ # * terminate spawned threads
58
+ end
59
+
60
+ def build_latent_query
61
+ @logger.debug("from #{@last_timestamp} to #{@until_timestamp}")
62
+ query_filter = "(PartitionKey gt '#{partitionkey_from_datetime(@last_timestamp)}' and PartitionKey lt '#{partitionkey_from_datetime(@until_timestamp)}')"
63
+ for i in 0..99
64
+ query_filter << " or (PartitionKey gt '#{i.to_s.rjust(19, '0')}___#{partitionkey_from_datetime(@last_timestamp)}' and PartitionKey lt '#{i.to_s.rjust(19, '0')}___#{partitionkey_from_datetime(@until_timestamp)}')"
65
+ end # for block
66
+ query_filter = query_filter.gsub('"','')
67
+ query_filter
68
+ end
69
+
70
+ def build_zero_latency_query
71
+ @logger.debug("from #{@last_timestamp} to most recent data")
72
+ # query data using start_from_time
73
+ query_filter = "(PartitionKey gt '#{partitionkey_from_datetime(@last_timestamp)}')"
74
+ for i in 0..99
75
+ query_filter << " or (PartitionKey gt '#{i.to_s.rjust(19, '0')}___#{partitionkey_from_datetime(@last_timestamp)}' and PartitionKey lt '#{i.to_s.rjust(19, '0')}___9999999999999999999')"
76
+ end # for block
77
+ query_filter = query_filter.gsub('"','')
78
+ query_filter
79
+ end
80
+
81
+ def process(output_queue)
82
+ if @data_latency_minutes > 0
83
+ @until_timestamp = (Time.now - (60 * @data_latency_minutes)).iso8601 unless @continuation_token
84
+ query_filter = build_latent_query
85
+ else
86
+ query_filter = build_zero_latency_query
87
+ end
88
+ @logger.debug("Query filter: " + query_filter)
89
+ query = { :top => @entity_count_to_process, :filter => query_filter, :continuation_token => @continuation_token }
90
+ result = @azure_table_service.query_entities(@table_name, query)
91
+ @continuation_token = result.continuation_token
92
+
93
+ if result and result.length > 0
94
+ @logger.debug("#{result.length} results found.")
95
+ last_good_timestamp = nil
96
+ result.each do |entity|
97
+ event = LogStash::Event.new(entity.properties)
98
+ event.set("type", @table_name)
99
+
100
+ # Help pretty print etw files
101
+ if (@etw_pretty_print && !event.get("EventMessage").nil? && !event.get("Message").nil?)
102
+ @logger.debug("event: " + event.to_s)
103
+ eventMessage = event.get("EventMessage").to_s
104
+ message = event.get("Message").to_s
105
+ @logger.debug("EventMessage: " + eventMessage)
106
+ @logger.debug("Message: " + message)
107
+ if (eventMessage.include? "%")
108
+ @logger.debug("starting pretty print")
109
+ toReplace = eventMessage.scan(/%\d+/)
110
+ payload = message.scan(/(?<!\\S)([a-zA-Z]+)=(\"[^\"]*\")(?!\\S)/)
111
+ # Split up the format string to seperate all of the numbers
112
+ toReplace.each do |key|
113
+ @logger.debug("Replacing key: " + key.to_s)
114
+ index = key.scan(/\d+/).join.to_i
115
+ newValue = payload[index - 1][1]
116
+ @logger.debug("New Value: " + newValue)
117
+ eventMessage[key] = newValue
118
+ end # do block
119
+ event.set("EventMessage", eventMessage)
120
+ @logger.debug("pretty print end. result: " + event.get("EventMessage").to_s)
121
+ end
122
+ end
123
+ decorate(event)
124
+ if event.get('PreciseTimeStamp').is_a?(Time)
125
+ event.set('PreciseTimeStamp', LogStash::Timestamp.new(event.get('PreciseTimeStamp')))
126
+ end
127
+ theTIMESTAMP = event.get('TIMESTAMP')
128
+ if theTIMESTAMP.is_a?(LogStash::Timestamp)
129
+ last_good_timestamp = theTIMESTAMP.to_iso8601
130
+ elsif theTIMESTAMP.is_a?(Time)
131
+ last_good_timestamp = theTIMESTAMP.iso8601
132
+ event.set('TIMESTAMP', LogStash::Timestamp.new(theTIMESTAMP))
133
+ else
134
+ @logger.warn("Found result with invalid TIMESTAMP. " + event.to_hash.to_s)
135
+ end
136
+ output_queue << event
137
+ end # each block
138
+ @idle_delay = 0
139
+ if (!last_good_timestamp.nil?)
140
+ @last_timestamp = last_good_timestamp unless @continuation_token
141
+ end
142
+ else
143
+ @logger.debug("No new results found.")
144
+ @idle_delay = @idle_delay_seconds
145
+ end # if block
146
+
147
+ rescue => e
148
+ @logger.error("Oh My, An error occurred.", :exception => e)
149
+ raise
150
+ end # process
151
+
152
+ # Windows Azure Diagnostic's algorithm for determining the partition key based on time is as follows:
153
+ # 1. Take time in UTC without seconds.
154
+ # 2. Convert it into .net ticks
155
+ # 3. add a '0' prefix.
156
+ def partitionkey_from_datetime(time_string)
157
+ collection_time = Time.parse(time_string)
158
+ if collection_time
159
+ @logger.debug("collection time parsed successfully #{collection_time}")
160
+ else
161
+ raise(ArgumentError, "Could not parse the time_string")
162
+ end # if else block
163
+
164
+ collection_time -= collection_time.sec
165
+ ticks = to_ticks(collection_time)
166
+ "0#{ticks}"
167
+ end # partitionkey_from_datetime
168
+
169
+ # Convert time to ticks
170
+ def to_ticks(time_to_convert)
171
+ @logger.debug("Converting time to ticks")
172
+ time_to_convert.to_i * 10000000 - TICKS_SINCE_EPOCH
173
+ end # to_ticks
174
+ end # class LogStash::Inputs::Azuretable
@@ -0,0 +1,26 @@
1
+ Gem::Specification.new do |s|
2
+ s.name = 'logstash-input-azuretable'
3
+ s.version = '0.1.0'
4
+ s.licenses = ['Apache License (2.0)']
5
+ s.summary = 'WADLogsTable Logging'
6
+ s.description = 'WADLogsTable Logging'
7
+ s.homepage = ''
8
+ s.authors = ['']
9
+ s.email = ''
10
+ s.require_paths = ['lib']
11
+
12
+ # Files
13
+ s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
14
+ # Tests
15
+ s.test_files = s.files.grep(%r{^(test|spec|features)/})
16
+
17
+ # Special flag to let us know this is actually a logstash plugin
18
+ s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
19
+
20
+ # Gem dependencies
21
+ s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
22
+ s.add_runtime_dependency 'logstash-codec-plain'
23
+ s.add_runtime_dependency 'stud', '>= 0.0.22'
24
+ s.add_runtime_dependency 'azure', '~> 0.7.3'
25
+ s.add_development_dependency 'logstash-devutils', '>= 0.0.16'
26
+ end
@@ -0,0 +1,11 @@
1
+ # encoding: utf-8
2
+ require "logstash/devutils/rspec/spec_helper"
3
+ require "logstash/inputs/azuretable"
4
+
5
+ describe LogStash::Inputs::Azuretable do
6
+
7
+ it_behaves_like "an interruptible input plugin" do
8
+ let(:config) { { "interval" => 100 } }
9
+ end
10
+
11
+ end
metadata ADDED
@@ -0,0 +1,125 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: logstash-input-azuretable
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.1.0
5
+ platform: ruby
6
+ authors:
7
+ - ''
8
+ autorequire:
9
+ bindir: bin
10
+ cert_chain: []
11
+ date: 2017-06-29 00:00:00.000000000 Z
12
+ dependencies:
13
+ - !ruby/object:Gem::Dependency
14
+ requirement: !ruby/object:Gem::Requirement
15
+ requirements:
16
+ - - "~>"
17
+ - !ruby/object:Gem::Version
18
+ version: '2.0'
19
+ name: logstash-core-plugin-api
20
+ prerelease: false
21
+ type: :runtime
22
+ version_requirements: !ruby/object:Gem::Requirement
23
+ requirements:
24
+ - - "~>"
25
+ - !ruby/object:Gem::Version
26
+ version: '2.0'
27
+ - !ruby/object:Gem::Dependency
28
+ requirement: !ruby/object:Gem::Requirement
29
+ requirements:
30
+ - - ">="
31
+ - !ruby/object:Gem::Version
32
+ version: '0'
33
+ name: logstash-codec-plain
34
+ prerelease: false
35
+ type: :runtime
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - ">="
39
+ - !ruby/object:Gem::Version
40
+ version: '0'
41
+ - !ruby/object:Gem::Dependency
42
+ requirement: !ruby/object:Gem::Requirement
43
+ requirements:
44
+ - - ">="
45
+ - !ruby/object:Gem::Version
46
+ version: 0.0.22
47
+ name: stud
48
+ prerelease: false
49
+ type: :runtime
50
+ version_requirements: !ruby/object:Gem::Requirement
51
+ requirements:
52
+ - - ">="
53
+ - !ruby/object:Gem::Version
54
+ version: 0.0.22
55
+ - !ruby/object:Gem::Dependency
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: 0.7.3
61
+ name: azure
62
+ prerelease: false
63
+ type: :runtime
64
+ version_requirements: !ruby/object:Gem::Requirement
65
+ requirements:
66
+ - - "~>"
67
+ - !ruby/object:Gem::Version
68
+ version: 0.7.3
69
+ - !ruby/object:Gem::Dependency
70
+ requirement: !ruby/object:Gem::Requirement
71
+ requirements:
72
+ - - ">="
73
+ - !ruby/object:Gem::Version
74
+ version: 0.0.16
75
+ name: logstash-devutils
76
+ prerelease: false
77
+ type: :development
78
+ version_requirements: !ruby/object:Gem::Requirement
79
+ requirements:
80
+ - - ">="
81
+ - !ruby/object:Gem::Version
82
+ version: 0.0.16
83
+ description: WADLogsTable Logging
84
+ email: ''
85
+ executables: []
86
+ extensions: []
87
+ extra_rdoc_files: []
88
+ files:
89
+ - CHANGELOG.md
90
+ - CONTRIBUTORS
91
+ - DEVELOPER.md
92
+ - Gemfile
93
+ - LICENSE
94
+ - README.md
95
+ - lib/logstash/inputs/azuretable.rb
96
+ - logstash-input-azuretable.gemspec
97
+ - spec/inputs/azuretable_spec.rb
98
+ homepage: ''
99
+ licenses:
100
+ - Apache License (2.0)
101
+ metadata:
102
+ logstash_plugin: 'true'
103
+ logstash_group: input
104
+ post_install_message:
105
+ rdoc_options: []
106
+ require_paths:
107
+ - lib
108
+ required_ruby_version: !ruby/object:Gem::Requirement
109
+ requirements:
110
+ - - ">="
111
+ - !ruby/object:Gem::Version
112
+ version: '0'
113
+ required_rubygems_version: !ruby/object:Gem::Requirement
114
+ requirements:
115
+ - - ">="
116
+ - !ruby/object:Gem::Version
117
+ version: '0'
118
+ requirements: []
119
+ rubyforge_project:
120
+ rubygems_version: 2.6.4
121
+ signing_key:
122
+ specification_version: 4
123
+ summary: WADLogsTable Logging
124
+ test_files:
125
+ - spec/inputs/azuretable_spec.rb