logstash-input-azurewadtable 0.9.3 → 0.9.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6f6de3a1e70eaf98e44d3363ebf01b2d64f3f37e
-  data.tar.gz: dee366f2ec4288ad9fa364c00f5d27dec133bd47
+  metadata.gz: fbd7dc54a19150d4b4eaba163e963ff360cda10c
+  data.tar.gz: 121b8dbf3080916a5f687725b388342a323336fa
 SHA512:
-  metadata.gz: f7880dfd70b8e3356934594525f20c1faa8688fd6af6805fc63d9b47c70fefd1ac8b1509a1b26eb0e0dcb37c5987c3b8b2b5dfc55d181500c4ae09dc8dcbb511
-  data.tar.gz: 15ff8a51d2ab6cd6af2c213d31e98cc77be6990ca1d24ba6945ad18224c8f7d43e434ece5ea94a5ce24aba8bc606ce9c128c8fc77b9d1733841524410ed3d7d9
+  metadata.gz: 9d3d69dcbc9ceae5603ff65fc692549049d943d13136504cd0f1e6da46c509c585e327e2ff982d3962eadb2199304cf9c9a07489bd1d6af4f50419e655f6bbb6
+  data.tar.gz: 363537e4cb311c3cf6192fec45f60a72d97c587cbabb10ac0e4272d3fe5a5f3fa1457fafe76699a166f86af7d52b5d457ec7d83ff64264f3a1ba5546153b4e7d

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+gemspec
+gem 'azure', '~> 0.7.1'

data/LICENSE

@@ -0,0 +1,17 @@
+
+Copyright (c) Microsoft.  All rights reserved.
+Microsoft would like to thank its contributors, a list
+of whom are at http://aka.ms/entlib-contributors
+
+Licensed under the Apache License, Version 2.0 (the "License"); you
+may not use this file except in compliance with the License. You may
+obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied. See the License for the specific language governing permissions
+and limitations under the License.
+

data/README.md

@@ -0,0 +1,91 @@
+# Notice
+This plugin is a part of [Microsoft Azure Diagnostics with ELK](https://github.com/mspnp/semantic-logging/tree/v3/ELK).
+
+[See more documentation.](https://github.com/mspnp/semantic-logging/blob/v3/ELK/md/LogstashExtensions.md#azure-wad-table)
+
+# Logstash Plugin
+
+This is a plugin for [Logstash](https://github.com/elasticsearch/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elasticsearch.org/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elasticsearch/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+bin/plugin install --no-verify
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.

data/Rakefile

@@ -0,0 +1 @@
+require "logstash/devutils/rake"

data/lib/logstash/inputs/azurewadtable.rb

@@ -0,0 +1,132 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/namespace"
+
+require "azure"
+
+class LogStash::Inputs::AzureWADTable < LogStash::Inputs::Base
+  class Interrupted < StandardError; end
+
+  config_name "azurewadtable"
+  milestone 0
+  
+  config :account_name, :validate => :string
+  config :access_key, :validate => :string
+  config :table_name, :validate => :string
+  config :entity_count_to_process, :validate => :string, :default => 100
+  config :collection_start_time_utc, :validate => :string, :default => Time.now.utc.iso8601
+  config :etw_pretty_print, :validate => :boolean, :default => false
+  config :idle_delay_seconds, :validate => :number, :default => 15
+
+  TICKS_SINCE_EPOCH = Time.utc(0001, 01, 01).to_i * 10000000
+
+  def initialize(*args)
+    super(*args)
+  end # initialize
+
+  public
+  def register
+    Azure.configure do |config|
+      config.storage_account_name = @account_name
+      config.storage_access_key = @access_key
+     end
+    @azure_table_service = Azure::Table::TableService.new
+    @last_timestamp = @collection_start_time_utc
+    @idle_delay = @idle_delay_seconds
+    @continuation_token = nil
+  end # register
+  
+  public
+  def run(output_queue)
+    loop do
+	  @logger.debug("Starting process method @" + Time.now.to_s);
+      process(output_queue)
+	  @logger.debug("Starting delay of: " + @idle_delay_seconds.to_s + " seconds @" + Time.now.to_s);
+	  sleep @idle_delay
+    end # loop
+  end # run
+ 
+  public
+  def teardown
+  end  
+
+  def process(output_queue)
+    @logger.debug(@last_timestamp)
+    # query data using start_from_time
+    query_filter = "(PartitionKey gt '#{partitionkey_from_datetime(@last_timestamp)}')"
+    for i in 0..99
+      query_filter << " or (PartitionKey gt '#{i.to_s.rjust(19, '0')}___#{partitionkey_from_datetime(@last_timestamp)}' and PartitionKey lt '#{i.to_s.rjust(19, '0')}___9999999999999999999')"
+    end # for block
+    query_filter = query_filter.gsub('"','')
+    @logger.debug("Query filter: " + query_filter)
+    query = { :top => @entity_count_to_process, :filter => query_filter, :continuation_token => @continuation_token }
+    result = @azure_table_service.query_entities(@table_name, query)
+    @continuation_token = result.continuation_token
+    
+    if result and result.length > 0
+      result.each do |entity|
+        event = LogStash::Event.new(entity.properties)
+        event["type"] = @table_name
+
+		# Help pretty print etw files
+		if (@etw_pretty_print && !event["EventMessage"].nil? && !event["Message"].nil?)
+		  logger.debug("event: " + event.to_s)
+		  eventMessage = event["EventMessage"].to_s
+		  message = event["Message"].to_s
+		  logger.debug("EventMessage: " + eventMessage)
+		  logger.debug("Message: " + message)
+		  if (eventMessage.include? "%")
+		    logger.debug("starting pretty print")
+		    toReplace = eventMessage.scan(/%\d+/)
+		    payload = message.scan(/(?<!\\S)([a-zA-Z]+)=(\"[^\"]*\")(?!\\S)/)
+		    # Split up the format string to seperate all of the numbers
+	        toReplace.each do |key| 
+		      logger.debug("Replacing key: " + key.to_s)
+		      index = key.scan(/\d+/).join.to_i
+			  newValue = payload[index - 1][1]
+			  logger.debug("New Value: " + newValue)
+		      eventMessage[key] = newValue
+		    end
+		  event["EventMessage"] = eventMessage
+		  logger.debug("pretty print end. result: " + event["EventMessage"].to_s)
+		  end
+		end
+		
+        output_queue << event
+      end # each block
+      @idle_delay = 0
+      @last_timestamp = result.last.properties["TIMESTAMP"].iso8601 unless @continuation_token
+    else
+      @logger.debug("No new results found.")
+	  @idle_delay = @idle_delay_seconds
+    end # if block
+    
+  rescue => e
+    @logger.error("Oh My, An error occurred.", :exception => e)
+    raise
+  end # process
+
+  # Windows Azure Diagnostic's algorithm for determining the partition key based on time is as follows:
+  # 1. Take time in UTC without seconds.
+  # 2. Convert it into .net ticks
+  # 3. add a '0' prefix.
+  def partitionkey_from_datetime(time_string)
+    collection_time = Time.parse(time_string)
+    if collection_time
+      @logger.debug("collection time parsed successfully #{collection_time}")
+    else
+      raise(ArgumentError, "Could not parse the time_string")
+    end # if else block
+
+    collection_time -= collection_time.sec
+    ticks = to_ticks(collection_time)
+    "0#{ticks}"
+  end # partitionkey_from_datetime
+  
+  # Convert time to ticks
+  def to_ticks(time_to_convert)
+    @logger.debug("Converting time to ticks")
+    time_to_convert.to_i * 10000000 - TICKS_SINCE_EPOCH 
+  end # to_ticks
+
+end # LogStash::Inputs::AzureWADTable

data/logstash-input-azurewadtable.gemspec

@@ -0,0 +1,24 @@
+Gem::Specification.new do |s|
+  s.name          = 'logstash-input-azurewadtable'
+  s.version       = '0.9.4'
+  s.licenses      = ['Apache License (2.0)']
+  s.summary       = "This plugin will collect Microsoft Azure Diagnostics data from Azure Storage."
+  s.description   = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program."
+  s.authors       = ["Microsoft Corporation"]
+  s.email         = 'azdiag@microsoft.com'
+  s.homepage      = "https://github.com/Azure/azure-diagnostics-tools"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = `git ls-files`.split($\)
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core', '>= 1.4.0', '< 2.0.0'
+  s.add_runtime_dependency 'azure', '~> 0.7.1'
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/inputs/azurewadtable_spec.rb

@@ -0,0 +1 @@
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-azurewadtable
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.9.4
 platform: ruby
 authors:
 - Microsoft Corporation
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-02-12 00:00:00.000000000 Z
+date: 2016-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -63,8 +63,16 @@ email: azdiag@microsoft.com
 executables: []
 extensions: []
 extra_rdoc_files: []
-files: []
-homepage: https://github.com/juliusl/logstash-input-azurewadtable
+files:
+- CHANGELOG.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- lib/logstash/inputs/azurewadtable.rb
+- logstash-input-azurewadtable.gemspec
+- spec/inputs/azurewadtable_spec.rb
+homepage: https://github.com/Azure/azure-diagnostics-tools
 licenses:
 - Apache License (2.0)
 metadata:
@@ -90,4 +98,5 @@ rubygems_version: 2.4.8
 signing_key:
 specification_version: 4
 summary: This plugin will collect Microsoft Azure Diagnostics data from Azure Storage.
-test_files: []
+test_files:
+- spec/inputs/azurewadtable_spec.rb