logstash-input-azurewadtable 0.9.1 → 0.9.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 2c52175d384a4df303c5ae93cb37868cfdd410bd
-  data.tar.gz: 475b6e9fa71710960df7bf2f774e49f969881235
+  metadata.gz: beb23cfe2ea41fa12ddda3b4621787935dd2702c
+  data.tar.gz: 47d847d746dfc9bc09c26cc9635a6b1d704866a2
 SHA512:
-  metadata.gz: d90bded3dd0d45faf847404bf011ef6487d8c314b920f76d79e4b502a5bf9eb44a863ee903e01cfae84bd5511f7ddc9d7c50264f5aa54090525a1ef3b4c32303
-  data.tar.gz: 77e5c43625b91bdf5dd5145f08a65d89f9d96c4227d7c33ce6bf3d175bd4539d3b031de22f65bd6de1a4699750d98d6904538287533d89b6274d7108f76c44cc
+  metadata.gz: fe7208633ee481551f0da0a69713cd7e3160423cf2cbb345ed8345da3c36c0cdbaf48ed5d14a8dc51c11439e2b5559d47e142c835f796dfe208536a3ba5ac7f2
+  data.tar.gz: f4ac28d8cfb5b2fa7f51682c082fc44e9529655ff0bbcfa230ba574da8e0ce1276dde40d2a225df869a66c708c7b88ba285f6b0b9929588eb445d630c9adbc17

data/lib/logstash/inputs/azurewadtable.rb

@@ -15,6 +15,8 @@ class LogStash::Inputs::AzureWADTable < LogStash::Inputs::Base
   config :table_name, :validate => :string
   config :entity_count_to_process, :validate => :string, :default => 100
   config :collection_start_time_utc, :validate => :string, :default => Time.now.utc.inspect
+  config :etw_pretty_print, :validate => :boolean, :default => false
+  config :idle_delay_seconds, :validate => :number, :default => 15
 
   TICKS_SINCE_EPOCH = Time.utc(0001, 01, 01).to_i * 10000000
 
@@ -30,12 +32,16 @@ class LogStash::Inputs::AzureWADTable < LogStash::Inputs::Base
      end
     @azure_table_service = Azure::TableService.new
     @last_timestamp = @collection_start_time_utc
+	@idle_delay = @idle_delay_seconds
   end # register
   
   public
   def run(output_queue)
-    while true
+    loop do
+	  @logger.debug("Starting process method @" + Time.now.to_s);
       process(output_queue)
+	  @logger.debug("Starting delay of: " + @idle_delay_seconds.to_s + " seconds @" + Time.now.to_s);
+	  sleep @idle_delay
     end # loop
   end # run
  
@@ -44,6 +50,7 @@ class LogStash::Inputs::AzureWADTable < LogStash::Inputs::Base
   end  
 
   def process(output_queue)
+    @logger.debug(@last_timestamp)
     # query data using start_from_time
     query_filter = "PartitionKey gt '#{partitionkey_from_datetime(@last_timestamp)}' and PreciseTimeStamp gt datetime'#{@last_timestamp}'".gsub('"','')
     query = { :top => @entity_count_to_process, :filter => query_filter }
@@ -53,12 +60,38 @@ class LogStash::Inputs::AzureWADTable < LogStash::Inputs::Base
       result.each do |entity|
         event = LogStash::Event.new(entity.properties)
         event["type"] = @table_name
+
+		# Help pretty print etw files
+		if (@etw_pretty_print && !event["EventMessage"].nil? && !event["Message"].nil?)
+		  logger.debug("event: " + event.to_s)
+		  eventMessage = event["EventMessage"].to_s
+		  message = event["Message"].to_s
+		  logger.debug("EventMessage: " + eventMessage)
+		  logger.debug("Message: " + message)
+		  if (eventMessage.include? "%")
+		    logger.debug("starting pretty print")
+		    toReplace = eventMessage.scan(/%\d+/)
+		    payload = message.scan(/(?<!\\S)([a-zA-Z]+)=(\"[^\"]*\")(?!\\S)/)
+		    # Split up the format string to seperate all of the numbers
+	        toReplace.each do |key| 
+		      logger.debug("Replacing key: " + key.to_s)
+		      index = key.scan(/\d+/).join.to_i
+			  newValue = payload[index - 1][1]
+			  logger.debug("New Value: " + newValue)
+		      eventMessage[key] = newValue
+		    end
+		  event["EventMessage"] = eventMessage
+		  logger.debug("pretty print end. result: " + event["EventMessage"].to_s)
+		  end
+		end
+		
         output_queue << event
       end # each block
-      
+      @idle_delay = 0
       @last_timestamp = result.last.properties["PreciseTimeStamp"].inspect
     else
-      @logger.warn("No new results found. This is not an error.")
+      @logger.debug("No new results found.")
+	  @idle_delay = @idle_delay_seconds
     end # if block
     
   rescue => e

data/logstash-input-azurewadtable.gemspec

@@ -1,12 +1,12 @@
 Gem::Specification.new do |s|
   s.name = 'logstash-input-azurewadtable'
-  s.version         = '0.9.1'
+  s.version = '0.9.2'
   s.licenses = ['Apache License (2.0)']
   s.summary = "This plugin will collect Microsoft Azure Diagnostics data from Azure Storage."
   s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
   s.authors = ["Microsoft Corporation"]
   s.email = 'juliusl@microsoft.com'
-  s.homepage = "https://github.com/juliusl/logstash-input-azurewadtable/tree/0.9.1"
+  s.homepage = "https://github.com/juliusl/logstash-input-azurewadtable/"
   s.require_paths = ["lib"]
 
   # Files

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-azurewadtable
 version: !ruby/object:Gem::Version
-  version: 0.9.1
+  version: 0.9.2
 platform: ruby
 authors:
 - Microsoft Corporation
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-11 00:00:00.000000000 Z
+date: 2015-06-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: logstash-core
@@ -72,7 +72,7 @@ files:
 - lib/logstash/inputs/azurewadtable.rb
 - logstash-input-azurewadtable.gemspec
 - spec/inputs/azurewadtable_spec.rb
-homepage: https://github.com/juliusl/logstash-input-azurewadtable/tree/0.9.1
+homepage: https://github.com/juliusl/logstash-input-azurewadtable/
 licenses:
 - Apache License (2.0)
 metadata: