logstash-input-beats 6.0.11-java → 6.1.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +18 -0
- data/README.md +1 -1
- data/VERSION +1 -1
- data/docs/agent.asciidoc +320 -0
- data/docs/index.asciidoc +40 -5
- data/lib/logstash-input-beats_jars.rb +1 -1
- data/lib/logstash/inputs/beats.rb +86 -34
- data/lib/logstash/inputs/beats/decoded_event_transform.rb +10 -1
- data/lib/logstash/inputs/beats/event_transform_common.rb +2 -2
- data/lib/logstash/inputs/beats/message_listener.rb +30 -5
- data/logstash-input-beats.gemspec +1 -0
- data/spec/inputs/beats/decoded_event_transform_spec.rb +4 -3
- data/spec/inputs/beats/event_transform_common_spec.rb +2 -1
- data/spec/inputs/beats/message_listener_spec.rb +82 -54
- data/spec/inputs/beats/raw_event_transform_spec.rb +2 -1
- data/spec/inputs/beats_spec.rb +38 -13
- data/spec/integration/filebeat_spec.rb +9 -9
- data/spec/integration/logstash_forwarder_spec.rb +1 -1
- data/spec/support/logstash_test.rb +7 -0
- data/spec/support/shared_examples.rb +39 -33
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.0.11/logstash-input-beats-6.0.11.jar → 6.1.1/logstash-input-beats-6.1.1.jar} +0 -0
- metadata +18 -3
@@ -74,7 +74,7 @@ describe "Logstash-Forwarder", :integration => true do
|
|
74
74
|
context "TLS" do
|
75
75
|
context "Server Verification" do
|
76
76
|
let(:input_config) do
|
77
|
-
super.merge({
|
77
|
+
super().merge({
|
78
78
|
"ssl" => true,
|
79
79
|
"ssl_certificate" => certificate_file,
|
80
80
|
"ssl_key" => certificate_key_file,
|
@@ -13,6 +13,13 @@ module BeatsInputTest
|
|
13
13
|
|
14
14
|
system("openssl req -x509 -batch -nodes -newkey rsa:2048 -keyout #{ssl_key} -out #{ssl_cert} -subj /CN=localhost > /dev/null 2>&1")
|
15
15
|
end
|
16
|
+
|
17
|
+
def p12_key
|
18
|
+
p12_key = Stud::Temporary.pathname("p12_key")
|
19
|
+
system "openssl pkcs12 -export -passout pass:123 -inkey #{ssl_key} -in #{ssl_cert} -out #{p12_key}"
|
20
|
+
p12_key
|
21
|
+
end
|
22
|
+
|
16
23
|
end
|
17
24
|
|
18
25
|
class << self
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# encoding: utf-8
|
2
|
-
shared_examples "Common Event Transformation" do
|
2
|
+
shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_name|
|
3
3
|
let(:tag) { "140-rpm-beats" }
|
4
4
|
let(:config) do
|
5
5
|
{
|
@@ -21,17 +21,23 @@ shared_examples "Common Event Transformation" do
|
|
21
21
|
}
|
22
22
|
end
|
23
23
|
|
24
|
+
def key_as_nested_maps(key, value)
|
25
|
+
evt = LogStash::Event.new
|
26
|
+
evt.set(key, value)
|
27
|
+
evt.to_hash_with_metadata
|
28
|
+
end
|
29
|
+
|
24
30
|
it "adds configured tags to the event" do
|
25
31
|
expect(subject.get("tags")).to include(tag)
|
26
32
|
end
|
27
33
|
|
28
34
|
context 'when add_hostname is true' do
|
29
|
-
let(:config) { super.merge({'add_hostname' => true})}
|
35
|
+
let(:config) { super().merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
|
30
36
|
|
31
37
|
context 'when a host is provided in beat.host.name' do
|
32
38
|
let(:already_exist) { "already_exist" }
|
33
39
|
let(:producer_host) { "newhost01" }
|
34
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
40
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
35
41
|
|
36
42
|
context "when no `host` key already exists on the event" do
|
37
43
|
it "does not set the host value" do
|
@@ -41,7 +47,7 @@ shared_examples "Common Event Transformation" do
|
|
41
47
|
|
42
48
|
context "when `host` key exists on the event" do
|
43
49
|
let(:already_exist) { "already_exist" }
|
44
|
-
let(:event_map) { super.merge({ "host" => already_exist }) }
|
50
|
+
let(:event_map) { super().merge({ "host" => already_exist }) }
|
45
51
|
|
46
52
|
it "doesn't override it" do
|
47
53
|
expect(subject.get("host")).to eq(already_exist)
|
@@ -51,99 +57,99 @@ shared_examples "Common Event Transformation" do
|
|
51
57
|
|
52
58
|
context "when a host is set in `beat.hostname`" do
|
53
59
|
let(:producer_host) { "newhost01" }
|
54
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
60
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
55
61
|
|
56
|
-
context "when no `
|
57
|
-
it "copies the value in `beat.hostname` to `
|
58
|
-
expect(subject.get(
|
62
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
63
|
+
it "copies the value in `beat.hostname` to `#{host_field_name}`" do
|
64
|
+
expect(subject.get(host_field_name)).to eq(producer_host)
|
59
65
|
end
|
60
66
|
end
|
61
67
|
|
62
|
-
context "when `
|
68
|
+
context "when `#{host_field_name}` key exists on the event" do
|
63
69
|
let(:already_exist) { "already_exist" }
|
64
|
-
let(:event_map) { super.merge(
|
70
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
65
71
|
|
66
72
|
it "doesn't override it" do
|
67
|
-
expect(subject.get(
|
73
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
68
74
|
end
|
69
75
|
end
|
70
76
|
end
|
71
77
|
|
72
78
|
context "when no host is provided in beat" do
|
73
|
-
context "when no `
|
79
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
74
80
|
it "does not set the host" do
|
75
|
-
expect(subject.get(
|
81
|
+
expect(subject.get(host_field_name)).to be_nil
|
76
82
|
end
|
77
83
|
end
|
78
84
|
|
79
|
-
context "when `
|
85
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
80
86
|
let(:already_exist) { "already_exist" }
|
81
|
-
let(:event_map) { super.merge(
|
87
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
82
88
|
|
83
89
|
it "doesn't override it" do
|
84
|
-
expect(subject.get(
|
90
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
85
91
|
end
|
86
92
|
end
|
87
93
|
end
|
88
94
|
end
|
89
95
|
|
90
96
|
context 'when add hostname is false' do
|
91
|
-
let(:config) { super.merge({'add_hostname' => false})}
|
97
|
+
let(:config) { super().merge({'add_hostname' => false})}
|
92
98
|
|
93
99
|
context 'when a host is provided in beat.host.name' do
|
94
100
|
let(:already_exist) { "already_exist" }
|
95
101
|
let(:producer_host) { "newhost01" }
|
96
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
102
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
97
103
|
|
98
|
-
context "when no `
|
104
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
99
105
|
it "does not set the host" do
|
100
|
-
expect(subject.get(
|
106
|
+
expect(subject.get(host_field_name)).to be_nil
|
101
107
|
end
|
102
108
|
end
|
103
109
|
|
104
|
-
context "when `
|
110
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
105
111
|
let(:already_exist) { "already_exist" }
|
106
|
-
let(:event_map) { super.merge(
|
112
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
107
113
|
|
108
114
|
it "doesn't override it" do
|
109
|
-
expect(subject.get(
|
115
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
110
116
|
end
|
111
117
|
end
|
112
118
|
end
|
113
119
|
|
114
120
|
context "when a host is provided in `beat.hostname`" do
|
115
121
|
let(:producer_host) { "newhost01" }
|
116
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
122
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
117
123
|
|
118
|
-
context "when no `
|
124
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
119
125
|
it "does not set the host" do
|
120
|
-
expect(subject.get(
|
126
|
+
expect(subject.get(host_field_name)).to be_nil
|
121
127
|
end
|
122
128
|
end
|
123
129
|
|
124
130
|
context "when `host` key already exists on the event" do
|
125
131
|
let(:already_exist) { "already_exist" }
|
126
|
-
let(:event_map) { super.merge(
|
132
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
127
133
|
|
128
134
|
it "doesn't override it" do
|
129
|
-
expect(subject.get(
|
135
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
130
136
|
end
|
131
137
|
end
|
132
138
|
end
|
133
139
|
|
134
140
|
context "when no host is provided in beat" do
|
135
|
-
context "when no `
|
141
|
+
context "when no `#{host_field_name}` key already exists on the event" do
|
136
142
|
it "does not set the host" do
|
137
|
-
expect(subject.get(
|
143
|
+
expect(subject.get(host_field_name)).to be_nil
|
138
144
|
end
|
139
145
|
end
|
140
146
|
|
141
|
-
context "when `
|
147
|
+
context "when `#{host_field_name}` key already exists on the event" do
|
142
148
|
let(:already_exist) { "already_exist" }
|
143
|
-
let(:event_map) { super.merge(
|
149
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
144
150
|
|
145
151
|
it "doesn't override it" do
|
146
|
-
expect(subject.get(
|
152
|
+
expect(subject.get(host_field_name)).to eq(already_exist)
|
147
153
|
end
|
148
154
|
end
|
149
155
|
end
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.
|
4
|
+
version: 6.1.1
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -106,6 +106,20 @@ dependencies:
|
|
106
106
|
- - ">="
|
107
107
|
- !ruby/object:Gem::Version
|
108
108
|
version: 0.3.4
|
109
|
+
- !ruby/object:Gem::Dependency
|
110
|
+
requirement: !ruby/object:Gem::Requirement
|
111
|
+
requirements:
|
112
|
+
- - "~>"
|
113
|
+
- !ruby/object:Gem::Version
|
114
|
+
version: '1.1'
|
115
|
+
name: logstash-mixin-ecs_compatibility_support
|
116
|
+
prerelease: false
|
117
|
+
type: :runtime
|
118
|
+
version_requirements: !ruby/object:Gem::Requirement
|
119
|
+
requirements:
|
120
|
+
- - "~>"
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
version: '1.1'
|
109
123
|
- !ruby/object:Gem::Dependency
|
110
124
|
requirement: !ruby/object:Gem::Requirement
|
111
125
|
requirements:
|
@@ -234,6 +248,7 @@ files:
|
|
234
248
|
- PROTOCOL.md
|
235
249
|
- README.md
|
236
250
|
- VERSION
|
251
|
+
- docs/agent.asciidoc
|
237
252
|
- docs/index.asciidoc
|
238
253
|
- lib/logstash-input-beats_jars.rb
|
239
254
|
- lib/logstash/inputs/beats.rb
|
@@ -271,7 +286,7 @@ files:
|
|
271
286
|
- vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
|
272
287
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
|
273
288
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
274
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.
|
289
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.1/logstash-input-beats-6.1.1.jar
|
275
290
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
276
291
|
licenses:
|
277
292
|
- Apache License (2.0)
|