logstash-input-beats 6.0.11-java → 6.1.1-java
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +1 -1
- data/VERSION +1 -1
- data/docs/agent.asciidoc +320 -0
- data/docs/index.asciidoc +40 -5
- data/lib/logstash-input-beats_jars.rb +1 -1
- data/lib/logstash/inputs/beats.rb +86 -34
- data/lib/logstash/inputs/beats/decoded_event_transform.rb +10 -1
- data/lib/logstash/inputs/beats/event_transform_common.rb +2 -2
- data/lib/logstash/inputs/beats/message_listener.rb +30 -5
- data/logstash-input-beats.gemspec +1 -0
- data/spec/inputs/beats/decoded_event_transform_spec.rb +4 -3
- data/spec/inputs/beats/event_transform_common_spec.rb +2 -1
- data/spec/inputs/beats/message_listener_spec.rb +82 -54
- data/spec/inputs/beats/raw_event_transform_spec.rb +2 -1
- data/spec/inputs/beats_spec.rb +38 -13
- data/spec/integration/filebeat_spec.rb +9 -9
- data/spec/integration/logstash_forwarder_spec.rb +1 -1
- data/spec/support/logstash_test.rb +7 -0
- data/spec/support/shared_examples.rb +39 -33
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.0.11/logstash-input-beats-6.0.11.jar → 6.1.1/logstash-input-beats-6.1.1.jar} +0 -0
- metadata +18 -3
|
@@ -74,7 +74,7 @@ describe "Logstash-Forwarder", :integration => true do
|
|
|
74
74
|
context "TLS" do
|
|
75
75
|
context "Server Verification" do
|
|
76
76
|
let(:input_config) do
|
|
77
|
-
super.merge({
|
|
77
|
+
super().merge({
|
|
78
78
|
"ssl" => true,
|
|
79
79
|
"ssl_certificate" => certificate_file,
|
|
80
80
|
"ssl_key" => certificate_key_file,
|
|
@@ -13,6 +13,13 @@ module BeatsInputTest
|
|
|
13
13
|
|
|
14
14
|
system("openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout #{ssl_key} -out #{ssl_cert} -subj /CN=localhost > /dev/null 2>&1")
|
|
15
15
|
end
|
|
16
|
+
|
|
17
|
+
def p12_key
|
|
18
|
+
p12_key = Stud::Temporary.pathname("p12_key")
|
|
19
|
+
system "openssl pkcs12 -export -passout pass:123 -inkey #{ssl_key} -in #{ssl_cert} -out #{p12_key}"
|
|
20
|
+
p12_key
|
|
21
|
+
end
|
|
22
|
+
|
|
16
23
|
end
|
|
17
24
|
|
|
18
25
|
class << self
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
# encoding: utf-8
|
|
2
|
-
shared_examples "Common Event Transformation" do
|
|
2
|
+
shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_name|
|
|
3
3
|
let(:tag) { "140-rpm-beats" }
|
|
4
4
|
let(:config) do
|
|
5
5
|
{
|
|
@@ -21,17 +21,23 @@ shared_examples "Common Event Transformation" do
|
|
|
21
21
|
}
|
|
22
22
|
end
|
|
23
23
|
|
|
24
|
+
def key_as_nested_maps(key, value)
|
|
25
|
+
evt = LogStash::Event.new
|
|
26
|
+
evt.set(key, value)
|
|
27
|
+
evt.to_hash_with_metadata
|
|
28
|
+
end
|
|
29
|
+
|
|
24
30
|
it "adds configured tags to the event" do
|
|
25
31
|
expect(subject.get("tags")).to include(tag)
|
|
26
32
|
end
|
|
27
33
|
|
|
28
34
|
context 'when add_hostname is true' do
|
|
29
|
-
let(:config) { super.merge({'add_hostname' => true})}
|
|
35
|
+
let(:config) { super().merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
|
|
30
36
|
|
|
31
37
|
context 'when a host is provided in beat.host.name' do
|
|
32
38
|
let(:already_exist) { "already_exist" }
|
|
33
39
|
let(:producer_host) { "newhost01" }
|
|
34
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
|
40
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
|
35
41
|
|
|
36
42
|
context "when no `host` key already exists on the event" do
|
|
37
43
|
it "does not set the host value" do
|
|
@@ -41,7 +47,7 @@ shared_examples "Common Event Transformation" do
|
|
|
41
47
|
|
|
42
48
|
context "when `host` key exists on the event" do
|
|
43
49
|
let(:already_exist) { "already_exist" }
|
|
44
|
-
let(:event_map) { super.merge({ "host" => already_exist }) }
|
|
50
|
+
let(:event_map) { super().merge({ "host" => already_exist }) }
|
|
45
51
|
|
|
46
52
|
it "doesn't override it" do
|
|
47
53
|
expect(subject.get("host")).to eq(already_exist)
|
|
@@ -51,99 +57,99 @@ shared_examples "Common Event Transformation" do
|
|
|
51
57
|
|
|
52
58
|
context "when a host is set in `beat.hostname`" do
|
|
53
59
|
let(:producer_host) { "newhost01" }
|
|
54
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
|
60
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
|
55
61
|
|
|
56
|
-
context "when no `
|
|
57
|
-
it "copies the value in `beat.hostname` to `
|
|
58
|
-
expect(subject.get(
|
|
62
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
|
63
|
+
it "copies the value in `beat.hostname` to `#{host_field_name}`" do
|
|
64
|
+
expect(subject.get(host_field_name)).to eq(producer_host)
|
|
59
65
|
end
|
|
60
66
|
end
|
|
61
67
|
|
|
62
|
-
context "when `
|
|
68
|
+
context "when `#{host_field_name}` key exists on the event" do
|
|
63
69
|
let(:already_exist) { "already_exist" }
|
|
64
|
-
let(:event_map) { super.merge(
|
|
70
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
|
65
71
|
|
|
66
72
|
it "doesn't override it" do
|
|
67
|
-
expect(subject.get(
|
|
73
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
|
68
74
|
end
|
|
69
75
|
end
|
|
70
76
|
end
|
|
71
77
|
|
|
72
78
|
context "when no host is provided in beat" do
|
|
73
|
-
context "when no `
|
|
79
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
|
74
80
|
it "does not set the host" do
|
|
75
|
-
expect(subject.get(
|
|
81
|
+
expect(subject.get(host_field_name)).to be_nil
|
|
76
82
|
end
|
|
77
83
|
end
|
|
78
84
|
|
|
79
|
-
context "when `
|
|
85
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
|
80
86
|
let(:already_exist) { "already_exist" }
|
|
81
|
-
let(:event_map) { super.merge(
|
|
87
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
|
82
88
|
|
|
83
89
|
it "doesn't override it" do
|
|
84
|
-
expect(subject.get(
|
|
90
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
|
85
91
|
end
|
|
86
92
|
end
|
|
87
93
|
end
|
|
88
94
|
end
|
|
89
95
|
|
|
90
96
|
context 'when add hostname is false' do
|
|
91
|
-
let(:config) { super.merge({'add_hostname' => false})}
|
|
97
|
+
let(:config) { super().merge({'add_hostname' => false})}
|
|
92
98
|
|
|
93
99
|
context 'when a host is provided in beat.host.name' do
|
|
94
100
|
let(:already_exist) { "already_exist" }
|
|
95
101
|
let(:producer_host) { "newhost01" }
|
|
96
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
|
102
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
|
97
103
|
|
|
98
|
-
context "when no `
|
|
104
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
|
99
105
|
it "does not set the host" do
|
|
100
|
-
expect(subject.get(
|
|
106
|
+
expect(subject.get(host_field_name)).to be_nil
|
|
101
107
|
end
|
|
102
108
|
end
|
|
103
109
|
|
|
104
|
-
context "when `
|
|
110
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
|
105
111
|
let(:already_exist) { "already_exist" }
|
|
106
|
-
let(:event_map) { super.merge(
|
|
112
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
|
107
113
|
|
|
108
114
|
it "doesn't override it" do
|
|
109
|
-
expect(subject.get(
|
|
115
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
|
110
116
|
end
|
|
111
117
|
end
|
|
112
118
|
end
|
|
113
119
|
|
|
114
120
|
context "when a host is provided in `beat.hostname`" do
|
|
115
121
|
let(:producer_host) { "newhost01" }
|
|
116
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
|
122
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
|
117
123
|
|
|
118
|
-
context "when no `
|
|
124
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
|
119
125
|
it "does not set the host" do
|
|
120
|
-
expect(subject.get(
|
|
126
|
+
expect(subject.get(host_field_name)).to be_nil
|
|
121
127
|
end
|
|
122
128
|
end
|
|
123
129
|
|
|
124
130
|
context "when `host` key already exists on the event" do
|
|
125
131
|
let(:already_exist) { "already_exist" }
|
|
126
|
-
let(:event_map) { super.merge(
|
|
132
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
|
127
133
|
|
|
128
134
|
it "doesn't override it" do
|
|
129
|
-
expect(subject.get(
|
|
135
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
|
130
136
|
end
|
|
131
137
|
end
|
|
132
138
|
end
|
|
133
139
|
|
|
134
140
|
context "when no host is provided in beat" do
|
|
135
|
-
context "when no `
|
|
141
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
|
136
142
|
it "does not set the host" do
|
|
137
|
-
expect(subject.get(
|
|
143
|
+
expect(subject.get(host_field_name)).to be_nil
|
|
138
144
|
end
|
|
139
145
|
end
|
|
140
146
|
|
|
141
|
-
context "when `
|
|
147
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
|
142
148
|
let(:already_exist) { "already_exist" }
|
|
143
|
-
let(:event_map) { super.merge(
|
|
149
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
|
144
150
|
|
|
145
151
|
it "doesn't override it" do
|
|
146
|
-
expect(subject.get(
|
|
152
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
|
147
153
|
end
|
|
148
154
|
end
|
|
149
155
|
end
|
|
Binary file
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-input-beats
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 6.
|
|
4
|
+
version: 6.1.1
|
|
5
5
|
platform: java
|
|
6
6
|
authors:
|
|
7
7
|
- Elastic
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2021-03-30 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -106,6 +106,20 @@ dependencies:
|
|
|
106
106
|
- - ">="
|
|
107
107
|
- !ruby/object:Gem::Version
|
|
108
108
|
version: 0.3.4
|
|
109
|
+
- !ruby/object:Gem::Dependency
|
|
110
|
+
requirement: !ruby/object:Gem::Requirement
|
|
111
|
+
requirements:
|
|
112
|
+
- - "~>"
|
|
113
|
+
- !ruby/object:Gem::Version
|
|
114
|
+
version: '1.1'
|
|
115
|
+
name: logstash-mixin-ecs_compatibility_support
|
|
116
|
+
prerelease: false
|
|
117
|
+
type: :runtime
|
|
118
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
119
|
+
requirements:
|
|
120
|
+
- - "~>"
|
|
121
|
+
- !ruby/object:Gem::Version
|
|
122
|
+
version: '1.1'
|
|
109
123
|
- !ruby/object:Gem::Dependency
|
|
110
124
|
requirement: !ruby/object:Gem::Requirement
|
|
111
125
|
requirements:
|
|
@@ -234,6 +248,7 @@ files:
|
|
|
234
248
|
- PROTOCOL.md
|
|
235
249
|
- README.md
|
|
236
250
|
- VERSION
|
|
251
|
+
- docs/agent.asciidoc
|
|
237
252
|
- docs/index.asciidoc
|
|
238
253
|
- lib/logstash-input-beats_jars.rb
|
|
239
254
|
- lib/logstash/inputs/beats.rb
|
|
@@ -271,7 +286,7 @@ files:
|
|
|
271
286
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
|
|
272
287
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
|
|
273
288
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
|
274
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.
|
|
289
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.1/logstash-input-beats-6.1.1.jar
|
|
275
290
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
|
276
291
|
licenses:
|
|
277
292
|
- Apache License (2.0)
|