logstash-input-beats 6.1.0-java → 6.1.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 5924244575544fab0560730b5e773b170a04e6c25d1a72c683ea27c2cc47a597
4
- data.tar.gz: 7e316315f18e4f33f821dc4c5655d78452e66d605b6db7edc1bc23b55ae3e1d4
3
+ metadata.gz: 6def71232c684cd74e5be5913809fbfa34a5922f600e433174ebe323525d7936
4
+ data.tar.gz: 27f0ebc4bd488cc3ccd64cec8a64194eae87484f6af55d02a00fae95dcaae45c
5
5
  SHA512:
6
- metadata.gz: c17ac9a8663f465fd38282753f4cda55e6bf5d6ac7659ecafc4524193742dfc7f22ab325b6cdff36cb20daaf18448ff0a1f0345471d0467e023c68b924b70dc3
7
- data.tar.gz: 422714a92f313e7f2d504c3b4927955759188a4246bb6417bbc4d77f24f1a5b4ce8ad403c7e059bc9c025ba97c9f3175bb5e186ff526dd34c850e7c97eb4befe
6
+ metadata.gz: 10b2fdc15611ca30aaba8fafb79b53588188788a96ca6a906fbef53c2c9d6f950e56ba53e0c961c1edb09c3d85a70f91f4b58b7979cf9b77f9894e25220e1733
7
+ data.tar.gz: dfc2a89ffba6de5955d2bfd6c8c0862d5d594d4762a4a608da64d85017e0b46086bc0028b3c89717d19839a36c7261348ab498123f2caa313e060ee7ffe2811a
data/CHANGELOG.md CHANGED
@@ -1,7 +1,10 @@
1
+ ## 6.1.1
2
+ - [DOC] Enhanced ECS compatibility information for ease of use and readability
3
+ [#413](https://github.com/logstash-plugins/logstash-input-beats/pull/413)
4
+
1
5
  ## 6.1.0
2
- - ECS compatibility enablement, now an `ecs_compatibility` setting is used to declare the level of ECS compatibility
3
- (`disabled` or `v1`) at plugin level. `disabled` let the plugin behave like before while `v1` does a rename of
4
- `host` and `@metadata.ip_address` event fields. [404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
6
+ - ECS compatibility enablement. Adds `ecs_compatibility` setting to declare the level of ECS compatibility (`disabled` or `v1`) at plugin level. When `disabled`, the plugin behaves like before, while `v1` does a rename of
7
+ `host` and `@metadata.ip_address` event fields. [#404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
5
8
 
6
9
  ## 6.0.14
7
10
  - Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)
data/VERSION CHANGED
@@ -1 +1 @@
1
- 6.1.0
1
+ 6.1.1
@@ -0,0 +1,320 @@
1
+ :plugin: agent
2
+ :type: input
3
+ :default_codec: plain
4
+
5
+ ///////////////////////////////////////////
6
+ START - GENERATED VARIABLES, DO NOT EDIT!
7
+ ///////////////////////////////////////////
8
+
9
+ // Copied from Beats generated plugin output.
10
+ // Not actively generated at this time!
11
+
12
+ ////
13
+ :version: %VERSION%
14
+ :release_date: %RELEASE_DATE%
15
+ :changelog_url: %CHANGELOG_URL%
16
+ :include_path: ../../../../logstash/docs/include
17
+ ////
18
+
19
+ ///////////////////////////////////////////
20
+ END - GENERATED VARIABLES, DO NOT EDIT!
21
+ ///////////////////////////////////////////
22
+
23
+ [id="plugins-{type}s-{plugin}"]
24
+
25
+ === Agent input plugin
26
+
27
+ include::{include_path}/plugin_header.asciidoc[]
28
+
29
+ ==== Description
30
+
31
+ This input plugin enables Logstash to receive events from the
32
+ https://www.elastic.co/products/beats[Elastic Beats] framework.
33
+
34
+ The following example shows how to configure Logstash to listen on port
35
+ 5044 for incoming Beats connections and to index into Elasticsearch.
36
+
37
+ [source,logstash]
38
+ -----
39
+
40
+ input {
41
+ beats {
42
+ port => 5044
43
+ }
44
+ }
45
+
46
+ output {
47
+ elasticsearch {
48
+ hosts => ["http://localhost:9200"]
49
+ index => "%{[@metadata][beat]}-%{[@metadata][version]}" <1>
50
+ }
51
+ }
52
+ -----
53
+ <1> `%{[@metadata][beat]}` sets the first part of the index name to the value
54
+ of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to
55
+ the Beat's version. For example:
56
+ metricbeat-7.4.0.
57
+
58
+ Events indexed into Elasticsearch with the Logstash configuration shown here
59
+ will be similar to events directly indexed by Beats into Elasticsearch.
60
+
61
+ NOTE: If ILM is not being used, set `index` to
62
+ `%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
63
+ Logstash creates an index per day, based on the `@timestamp` value of the events
64
+ coming from Beats.
65
+
66
+ IMPORTANT: If you are shipping events that span multiple lines, you need to use
67
+ the {filebeat-ref}/multiline-examples.html[configuration options available in
68
+ Filebeat] to handle multiline events before sending the event data to Logstash.
69
+ You cannot use the {logstash-ref}/plugins-codecs-multiline.html[Multiline codec
70
+ plugin] to handle multiline events. Doing so will result in the failure to start
71
+ Logstash.
72
+
73
+ [id="plugins-{type}s-{plugin}-versioned-indexes"]
74
+ ==== Versioned Beats Indices
75
+
76
+ To minimize the impact of future schema changes on your existing indices and
77
+ mappings in Elasticsearch, configure the Elasticsearch output to write to
78
+ versioned indices. The pattern that you specify for the `index` setting
79
+ controls the index name:
80
+
81
+ [source,yaml]
82
+ ----
83
+ index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
84
+ ----
85
+
86
+ `%{[@metadata][beat]}`:: Sets the first part of the index name to the value of
87
+ the `beat` metadata field, for example, `filebeat`.
88
+ `%{[@metadata][version]}`:: Sets the second part of the name to the Beat
89
+ version, for example, +{logstash_version}+.
90
+ `%{+YYYY.MM.dd}`:: Sets the third part of the name to a date based on the
91
+ Logstash `@timestamp` field.
92
+
93
+ This configuration results in daily index names like
94
+ +filebeat-{logstash_version}-{localdate}+.
95
+
96
+
97
+ [id="plugins-{type}s-{plugin}-ecs_metadata"]
98
+ ==== Event Metadata and the Elastic Common Schema (ECS)
99
+ When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
100
+ which contains the `hostname` provided by beats and the `ip_address` containing the remote address
101
+ of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
102
+ enabled these are now moved in ECS compatible namespace.
103
+
104
+ [id="plugins-{type}s-{plugin}-options"]
105
+ ==== Agent Input Configuration Options
106
+
107
+ This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
108
+
109
+ [cols="<,<,<",options="header",]
110
+ |=======================================================================
111
+ |Setting |Input type|Required
112
+ | <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|No
113
+ | <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
114
+ | <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
115
+ | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
116
+ | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
117
+ | <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
118
+ | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
119
+ | <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
120
+ | <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
121
+ | <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
122
+ | <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
123
+ | <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
124
+ | <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
125
+ | <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
126
+ | <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|No
127
+ | <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
128
+ | <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
129
+ |=======================================================================
130
+
131
+ Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
132
+ input plugins.
133
+
134
+ &nbsp;
135
+
136
+ [id="plugins-{type}s-{plugin}-add_hostname"]
137
+ ===== `add_hostname`
138
+
139
+ deprecated[6.0.0, The default value has been changed to `false`. In 7.0.0 this setting will be removed]
140
+
141
+ * Value type is <<boolean,boolean>>
142
+ * Default value is `false`
143
+
144
+ Flag to determine whether to add `host` field to event using the value supplied by the beat in the `hostname` field.
145
+
146
+
147
+ [id="plugins-{type}s-{plugin}-cipher_suites"]
148
+ ===== `cipher_suites`
149
+
150
+ * Value type is <<array,array>>
151
+ * Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
152
+
153
+ The list of ciphers suite to use, listed by priorities.
154
+
155
+ [id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
156
+ ===== `client_inactivity_timeout`
157
+
158
+ * Value type is <<number,number>>
159
+ * Default value is `60`
160
+
161
+ Close Idle clients after X seconds of inactivity.
162
+
163
+ [id="plugins-{type}s-{plugin}-ecs_compatibility"]
164
+ ===== `ecs_compatibility`
165
+
166
+ * Value type is <<string,string>>
167
+ * Supported values are:
168
+ ** `disabled`: unstructured connection metadata added at root level
169
+ ** `v1`: structured connection metadata added under ECS compliant namespaces
170
+ * Default value depends on which version of Logstash is running:
171
+ ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
172
+ ** Otherwise, the default value is `disabled`.
173
+
174
+ Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
175
+ The value of this setting affects the keys for the Beats connection's metadata on the event:
176
+
177
+ .Metadata Location by `ecs_compatibility` value
178
+ [cols="<l,<l,e,<e"]
179
+ |=======================================================================
180
+ |`disabled` |`v1` |Availability |Description
181
+
182
+ |[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
183
+ |[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
184
+ |[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
185
+ |[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
186
+ |[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
187
+ |[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
188
+ |=======================================================================
189
+
190
+ [id="plugins-{type}s-{plugin}-host"]
191
+ ===== `host`
192
+
193
+ * Value type is <<string,string>>
194
+ * Default value is `"0.0.0.0"`
195
+
196
+ The IP address to listen on.
197
+
198
+ [id="plugins-{type}s-{plugin}-include_codec_tag"]
199
+ ===== `include_codec_tag`
200
+
201
+ * Value type is <<boolean,boolean>>
202
+ * Default value is `true`
203
+
204
+
205
+
206
+ [id="plugins-{type}s-{plugin}-port"]
207
+ ===== `port`
208
+
209
+ * This is a required setting.
210
+ * Value type is <<number,number>>
211
+ * There is no default value for this setting.
212
+
213
+ The port to listen on.
214
+
215
+ [id="plugins-{type}s-{plugin}-ssl"]
216
+ ===== `ssl`
217
+
218
+ * Value type is <<boolean,boolean>>
219
+ * Default value is `false`
220
+
221
+ Events are by default sent in plain text. You can
222
+ enable encryption by setting `ssl` to true and configuring
223
+ the `ssl_certificate` and `ssl_key` options.
224
+
225
+ [id="plugins-{type}s-{plugin}-ssl_certificate"]
226
+ ===== `ssl_certificate`
227
+
228
+ * Value type is <<path,path>>
229
+ * There is no default value for this setting.
230
+
231
+ SSL certificate to use.
232
+
233
+ [id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
234
+ ===== `ssl_certificate_authorities`
235
+
236
+ * Value type is <<array,array>>
237
+ * Default value is `[]`
238
+
239
+ Validate client certificates against these authorities.
240
+ You can define multiple files or paths. All the certificates will
241
+ be read and added to the trust store. You need to configure the `ssl_verify_mode`
242
+ to `peer` or `force_peer` to enable the verification.
243
+
244
+
245
+ [id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
246
+ ===== `ssl_handshake_timeout`
247
+
248
+ * Value type is <<number,number>>
249
+ * Default value is `10000`
250
+
251
+ Time in milliseconds for an incomplete ssl handshake to timeout
252
+
253
+ [id="plugins-{type}s-{plugin}-ssl_key"]
254
+ ===== `ssl_key`
255
+
256
+ * Value type is <<path,path>>
257
+ * There is no default value for this setting.
258
+
259
+ SSL key to use.
260
+ NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
261
+ for more information.
262
+
263
+ [id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
264
+ ===== `ssl_key_passphrase`
265
+
266
+ * Value type is <<password,password>>
267
+ * There is no default value for this setting.
268
+
269
+ SSL key passphrase to use.
270
+
271
+ [id="plugins-{type}s-{plugin}-ssl_verify_mode"]
272
+ ===== `ssl_verify_mode`
273
+
274
+ * Value can be any of: `none`, `peer`, `force_peer`
275
+ * Default value is `"none"`
276
+
277
+ By default the server doesn't do any client verification.
278
+
279
+ `peer` will make the server ask the client to provide a certificate.
280
+ If the client provides a certificate, it will be validated.
281
+
282
+ `force_peer` will make the server ask the client to provide a certificate.
283
+ If the client doesn't provide a certificate, the connection will be closed.
284
+
285
+ This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
286
+
287
+ [id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
288
+ ===== `ssl_peer_metadata`
289
+
290
+ * Value type is <<boolean,boolean>>
291
+ * Default value is `false`
292
+
293
+ Enables storing client certificate information in event's metadata.
294
+
295
+ This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer`.
296
+
297
+ [id="plugins-{type}s-{plugin}-tls_max_version"]
298
+ ===== `tls_max_version`
299
+
300
+ * Value type is <<number,number>>
301
+ * Default value is `1.2`
302
+
303
+ The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
304
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
305
+
306
+ [id="plugins-{type}s-{plugin}-tls_min_version"]
307
+ ===== `tls_min_version`
308
+
309
+ * Value type is <<number,number>>
310
+ * Default value is `1`
311
+
312
+ The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
313
+ 1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
314
+
315
+
316
+
317
+ [id="plugins-{type}s-{plugin}-common-options"]
318
+ include::{include_path}/{type}.asciidoc[]
319
+
320
+ :default_codec!:
data/docs/index.asciidoc CHANGED
@@ -92,7 +92,19 @@ This configuration results in daily index names like
92
92
  When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
93
93
  which contains the `hostname` provided by beats and the `ip_address` containing the remote address
94
94
  of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
95
- enabled these are now moved in ECS compatible namespace.
95
+ enabled these are now moved in ECS compatible namespace. Here's how <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> affects output.
96
+
97
+ [cols="<l,<l,e,<e"]
98
+ |=======================================================================
99
+ |ECS disabled |ECS v1 |Availability |Description
100
+
101
+ |[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
102
+ |[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
103
+ |[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
104
+ |[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
105
+ |[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
106
+ |[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
107
+ |=======================================================================
96
108
 
97
109
  [id="plugins-{type}s-{plugin}-options"]
98
110
  ==== Beats Input Configuration Options
@@ -164,21 +176,7 @@ Close Idle clients after X seconds of inactivity.
164
176
  ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
165
177
  ** Otherwise, the default value is `disabled`.
166
178
 
167
- Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
168
- The value of this setting affects the keys for the Beats connection's metadata on the event:
169
-
170
- .Metadata Location by `ecs_compatibility` value
171
- [cols="<l,<l,e,<e"]
172
- |=======================================================================
173
- |`disabled` |`v1` |Availability |Description
174
-
175
- |[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
176
- |[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
177
- |[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
178
- |[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
179
- |[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
180
- |[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
181
- |=======================================================================
179
+ Refer to <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information.
182
180
 
183
181
  [id="plugins-{type}s-{plugin}-host"]
184
182
  ===== `host`
@@ -8,4 +8,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
8
8
  require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.4')
9
9
  require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
10
10
  require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
11
- require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.0')
11
+ require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.1')
@@ -44,7 +44,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
44
44
  context "map contains a timestamp" do
45
45
  context "when its valid" do
46
46
  let(:timestamp) { Time.now }
47
- let(:map) { super.merge({"@timestamp" => timestamp }) }
47
+ let(:map) { super().merge({"@timestamp" => timestamp }) }
48
48
 
49
49
  it "uses as the event timestamp" do
50
50
  expect(subject.get("@timestamp")).to eq(LogStash::Timestamp.coerce(timestamp))
@@ -52,7 +52,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
52
52
  end
53
53
 
54
54
  context "when its not valid" do
55
- let(:map) { super.merge({"@timestamp" => "invalid" }) }
55
+ let(:map) { super().merge({"@timestamp" => "invalid" }) }
56
56
 
57
57
  it "fallback the current time" do
58
58
  expect(subject.get("@timestamp")).to be_kind_of(LogStash::Timestamp)
@@ -25,7 +25,7 @@ describe LogStash::Inputs::Beats do
25
25
 
26
26
  context "#register" do
27
27
  context "host related configuration" do
28
- let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
28
+ let(:config) { super().merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
29
29
  let(:host) { "192.168.1.20" }
30
30
  let(:port) { 9000 }
31
31
  let(:client_inactivity_timeout) { 400 }
@@ -76,7 +76,7 @@ describe LogStash::Inputs::Beats do
76
76
  end
77
77
 
78
78
  context "with invalid ciphers" do
79
- let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
79
+ let(:config) { super().merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
80
80
 
81
81
  it "should raise a configuration error" do
82
82
  plugin = LogStash::Inputs::Beats.new(config)
@@ -90,7 +90,7 @@ describe LogStash::Inputs::Beats do
90
90
 
91
91
  context "verify_mode" do
92
92
  context "verify_mode configured to PEER" do
93
- let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
93
+ let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "peer") }
94
94
 
95
95
  it "raise a ConfigurationError when certificate_authorities is not set" do
96
96
  plugin = LogStash::Inputs::Beats.new(config)
@@ -105,7 +105,7 @@ describe LogStash::Inputs::Beats do
105
105
  end
106
106
 
107
107
  context "verify_mode configured to FORCE_PEER" do
108
- let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
108
+ let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
109
109
 
110
110
  it "raise a ConfigurationError when certificate_authorities is not set" do
111
111
  plugin = LogStash::Inputs::Beats.new(config)
@@ -154,7 +154,7 @@ describe LogStash::Inputs::Beats do
154
154
  let(:codec) { LogStash::Codecs::Multiline.new("pattern" => '^2015',
155
155
  "what" => "previous",
156
156
  "negate" => true) }
157
- let(:config) { super.merge({ "codec" => codec }) }
157
+ let(:config) { super().merge({ "codec" => codec }) }
158
158
 
159
159
  it "raise a ConfigurationError when multiline codec is set" do
160
160
  plugin = LogStash::Inputs::Beats.new(config)
@@ -86,7 +86,7 @@ describe "Filebeat", :integration => true do
86
86
  end
87
87
 
88
88
  context "without pipelining" do
89
- let(:filebeat_config) { config = super; config["output"]["logstash"]["pipelining"] = 0; config }
89
+ let(:filebeat_config) { config = super(); config["output"]["logstash"]["pipelining"] = 0; config }
90
90
  include_examples "send events"
91
91
 
92
92
  context "with large batches" do
@@ -99,7 +99,7 @@ describe "Filebeat", :integration => true do
99
99
  context "TLS" do
100
100
  context "Server verification" do
101
101
  let(:filebeat_config) do
102
- super.merge({
102
+ super().merge({
103
103
  "output" => {
104
104
  "logstash" => {
105
105
  "hosts" => ["#{host}:#{port}"],
@@ -111,7 +111,7 @@ describe "Filebeat", :integration => true do
111
111
  end
112
112
 
113
113
  let(:input_config) do
114
- super.merge({
114
+ super().merge({
115
115
  "ssl" => true,
116
116
  "ssl_certificate" => certificate_file,
117
117
  "ssl_key" => certificate_key_file
@@ -129,7 +129,7 @@ describe "Filebeat", :integration => true do
129
129
 
130
130
  context "when specifying a cipher" do
131
131
  let(:filebeat_config) do
132
- super.merge({
132
+ super().merge({
133
133
  "output" => {
134
134
  "logstash" => {
135
135
  "hosts" => ["#{host}:#{port}"],
@@ -145,7 +145,7 @@ describe "Filebeat", :integration => true do
145
145
  end
146
146
 
147
147
  let(:input_config) {
148
- super.merge({
148
+ super().merge({
149
149
  "cipher_suites" => [logstash_cipher],
150
150
  "tls_min_version" => "1.2"
151
151
  })
@@ -194,7 +194,7 @@ describe "Filebeat", :integration => true do
194
194
  LogStash::Inputs::Beats.new(input_config)
195
195
  }
196
196
  let(:input_config) {
197
- super.merge({
197
+ super().merge({
198
198
  "ssl_key_passphrase" => passphrase,
199
199
  "ssl_key" => certificate_key_file_pkcs8
200
200
  })}
@@ -229,7 +229,7 @@ describe "Filebeat", :integration => true do
229
229
 
230
230
  context "Client verification / Mutual validation" do
231
231
  let(:filebeat_config) do
232
- super.merge({
232
+ super().merge({
233
233
  "output" => {
234
234
  "logstash" => {
235
235
  "hosts" => ["#{host}:#{port}"],
@@ -245,7 +245,7 @@ describe "Filebeat", :integration => true do
245
245
  end
246
246
 
247
247
  let(:input_config) do
248
- super.merge({
248
+ super().merge({
249
249
  "ssl" => true,
250
250
  "ssl_certificate_authorities" => certificate_authorities,
251
251
  "ssl_certificate" => server_certificate_file,
@@ -327,7 +327,7 @@ describe "Filebeat", :integration => true do
327
327
 
328
328
  context "client from secondary CA" do
329
329
  let(:filebeat_config) do
330
- super.merge({
330
+ super().merge({
331
331
  "output" => {
332
332
  "logstash" => {
333
333
  "hosts" => ["#{host}:#{port}"],
@@ -74,7 +74,7 @@ describe "Logstash-Forwarder", :integration => true do
74
74
  context "TLS" do
75
75
  context "Server Verification" do
76
76
  let(:input_config) do
77
- super.merge({
77
+ super().merge({
78
78
  "ssl" => true,
79
79
  "ssl_certificate" => certificate_file,
80
80
  "ssl_key" => certificate_key_file,
@@ -32,12 +32,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
32
32
  end
33
33
 
34
34
  context 'when add_hostname is true' do
35
- let(:config) { super.merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
35
+ let(:config) { super().merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
36
36
 
37
37
  context 'when a host is provided in beat.host.name' do
38
38
  let(:already_exist) { "already_exist" }
39
39
  let(:producer_host) { "newhost01" }
40
- let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
40
+ let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
41
41
 
42
42
  context "when no `host` key already exists on the event" do
43
43
  it "does not set the host value" do
@@ -47,7 +47,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
47
47
 
48
48
  context "when `host` key exists on the event" do
49
49
  let(:already_exist) { "already_exist" }
50
- let(:event_map) { super.merge({ "host" => already_exist }) }
50
+ let(:event_map) { super().merge({ "host" => already_exist }) }
51
51
 
52
52
  it "doesn't override it" do
53
53
  expect(subject.get("host")).to eq(already_exist)
@@ -57,7 +57,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
57
57
 
58
58
  context "when a host is set in `beat.hostname`" do
59
59
  let(:producer_host) { "newhost01" }
60
- let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
60
+ let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
61
61
 
62
62
  context "when no `#{host_field_name}` key already exists on the event" do
63
63
  it "copies the value in `beat.hostname` to `#{host_field_name}`" do
@@ -67,7 +67,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
67
67
 
68
68
  context "when `#{host_field_name}` key exists on the event" do
69
69
  let(:already_exist) { "already_exist" }
70
- let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
70
+ let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
71
71
 
72
72
  it "doesn't override it" do
73
73
  expect(subject.get(host_field_name)).to eq(already_exist)
@@ -84,7 +84,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
84
84
 
85
85
  context "when `#{host_field_name}` key already exists on the event" do
86
86
  let(:already_exist) { "already_exist" }
87
- let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
87
+ let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
88
88
 
89
89
  it "doesn't override it" do
90
90
  expect(subject.get(host_field_name)).to eq(already_exist)
@@ -94,12 +94,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
94
94
  end
95
95
 
96
96
  context 'when add hostname is false' do
97
- let(:config) { super.merge({'add_hostname' => false})}
97
+ let(:config) { super().merge({'add_hostname' => false})}
98
98
 
99
99
  context 'when a host is provided in beat.host.name' do
100
100
  let(:already_exist) { "already_exist" }
101
101
  let(:producer_host) { "newhost01" }
102
- let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
102
+ let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
103
103
 
104
104
  context "when no `#{host_field_name}` key already exists on the event" do
105
105
  it "does not set the host" do
@@ -109,7 +109,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
109
109
 
110
110
  context "when `#{host_field_name}` key already exists on the event" do
111
111
  let(:already_exist) { "already_exist" }
112
- let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
112
+ let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
113
113
 
114
114
  it "doesn't override it" do
115
115
  expect(subject.get(host_field_name)).to eq(already_exist)
@@ -119,7 +119,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
119
119
 
120
120
  context "when a host is provided in `beat.hostname`" do
121
121
  let(:producer_host) { "newhost01" }
122
- let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
122
+ let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
123
123
 
124
124
  context "when no `#{host_field_name}` key already exists on the event" do
125
125
  it "does not set the host" do
@@ -129,7 +129,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
129
129
 
130
130
  context "when `host` key already exists on the event" do
131
131
  let(:already_exist) { "already_exist" }
132
- let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
132
+ let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
133
133
 
134
134
  it "doesn't override it" do
135
135
  expect(subject.get(host_field_name)).to eq(already_exist)
@@ -146,7 +146,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
146
146
 
147
147
  context "when `#{host_field_name}` key already exists on the event" do
148
148
  let(:already_exist) { "already_exist" }
149
- let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
149
+ let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
150
150
 
151
151
  it "doesn't override it" do
152
152
  expect(subject.get(host_field_name)).to eq(already_exist)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-beats
3
3
  version: !ruby/object:Gem::Version
4
- version: 6.1.0
4
+ version: 6.1.1
5
5
  platform: java
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-02-18 00:00:00.000000000 Z
11
+ date: 2021-03-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -248,6 +248,7 @@ files:
248
248
  - PROTOCOL.md
249
249
  - README.md
250
250
  - VERSION
251
+ - docs/agent.asciidoc
251
252
  - docs/index.asciidoc
252
253
  - lib/logstash-input-beats_jars.rb
253
254
  - lib/logstash/inputs/beats.rb
@@ -285,7 +286,7 @@ files:
285
286
  - vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
286
287
  - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
287
288
  - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
288
- - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.0/logstash-input-beats-6.1.0.jar
289
+ - vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.1/logstash-input-beats-6.1.1.jar
289
290
  homepage: http://www.elastic.co/guide/en/logstash/current/index.html
290
291
  licenses:
291
292
  - Apache License (2.0)