logstash-input-beats 6.1.0-java → 6.1.1-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5924244575544fab0560730b5e773b170a04e6c25d1a72c683ea27c2cc47a597
-  data.tar.gz: 7e316315f18e4f33f821dc4c5655d78452e66d605b6db7edc1bc23b55ae3e1d4
+  metadata.gz: 6def71232c684cd74e5be5913809fbfa34a5922f600e433174ebe323525d7936
+  data.tar.gz: 27f0ebc4bd488cc3ccd64cec8a64194eae87484f6af55d02a00fae95dcaae45c
 SHA512:
-  metadata.gz: c17ac9a8663f465fd38282753f4cda55e6bf5d6ac7659ecafc4524193742dfc7f22ab325b6cdff36cb20daaf18448ff0a1f0345471d0467e023c68b924b70dc3
-  data.tar.gz: 422714a92f313e7f2d504c3b4927955759188a4246bb6417bbc4d77f24f1a5b4ce8ad403c7e059bc9c025ba97c9f3175bb5e186ff526dd34c850e7c97eb4befe
+  metadata.gz: 10b2fdc15611ca30aaba8fafb79b53588188788a96ca6a906fbef53c2c9d6f950e56ba53e0c961c1edb09c3d85a70f91f4b58b7979cf9b77f9894e25220e1733
+  data.tar.gz: dfc2a89ffba6de5955d2bfd6c8c0862d5d594d4762a4a608da64d85017e0b46086bc0028b3c89717d19839a36c7261348ab498123f2caa313e060ee7ffe2811a

data/CHANGELOG.md

@@ -1,7 +1,10 @@
+## 6.1.1
+ - [DOC] Enhanced ECS compatibility information for ease of use and readability
+ [#413](https://github.com/logstash-plugins/logstash-input-beats/pull/413)
+
 ## 6.1.0
- - ECS compatibility enablement, now an `ecs_compatibility` setting is used to declare the level of ECS compatibility 
-   (`disabled` or `v1`) at plugin level. `disabled` let the plugin behave like before while `v1` does a rename of
-   `host` and `@metadata.ip_address` event fields. [404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
+ - ECS compatibility enablement. Adds `ecs_compatibility` setting to declare the level of ECS compatibility (`disabled` or `v1`) at plugin level. When `disabled`, the plugin behaves like before, while `v1` does a rename of
+   `host` and `@metadata.ip_address` event fields. [#404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
 
 ## 6.0.14
 - Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)

data/VERSION

@@ -1 +1 @@
-6.1.0
+6.1.1

data/docs/agent.asciidoc

@@ -0,0 +1,320 @@
+:plugin: agent
+:type: input
+:default_codec: plain
+
+///////////////////////////////////////////
+START - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+// Copied from Beats generated plugin output.
+// Not actively generated at this time!
+
+////
+:version: %VERSION%
+:release_date: %RELEASE_DATE%
+:changelog_url: %CHANGELOG_URL%
+:include_path: ../../../../logstash/docs/include
+////
+
+///////////////////////////////////////////
+END - GENERATED VARIABLES, DO NOT EDIT!
+///////////////////////////////////////////
+
+[id="plugins-{type}s-{plugin}"]
+
+=== Agent input plugin
+
+include::{include_path}/plugin_header.asciidoc[]
+
+==== Description
+
+This input plugin enables Logstash to receive events from the
+https://www.elastic.co/products/beats[Elastic Beats] framework.
+
+The following example shows how to configure Logstash to listen on port
+5044 for incoming Beats connections and to index into Elasticsearch.
+
+[source,logstash]
+-----
+
+input {
+  beats {
+    port => 5044
+  }
+}
+
+output {
+  elasticsearch {
+    hosts => ["http://localhost:9200"]
+    index => "%{[@metadata][beat]}-%{[@metadata][version]}" <1>
+  }
+}
+-----
+<1> `%{[@metadata][beat]}` sets the first part of the index name to the value
+of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to
+the Beat's version. For example:
+metricbeat-7.4.0.
+
+Events indexed into Elasticsearch with the Logstash configuration shown here
+will be similar to events directly indexed by Beats into Elasticsearch.
+
+NOTE: If ILM is not being used, set `index` to
+`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
+Logstash creates an index per day, based on the `@timestamp` value of the events
+coming from Beats.
+
+IMPORTANT: If you are shipping events that span multiple lines, you need to use
+the {filebeat-ref}/multiline-examples.html[configuration options available in
+Filebeat] to handle multiline events before sending the event data to Logstash.
+You cannot use the {logstash-ref}/plugins-codecs-multiline.html[Multiline codec
+plugin] to handle multiline events. Doing so will result in the failure to start
+Logstash.
+
+[id="plugins-{type}s-{plugin}-versioned-indexes"]
+==== Versioned Beats Indices
+
+To minimize the impact of future schema changes on your existing indices and
+mappings in Elasticsearch, configure the Elasticsearch output to write to
+versioned indices. The pattern that you specify for the `index` setting
+controls the index name:
+
+[source,yaml]
+----
+index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
+----
+
+`%{[@metadata][beat]}`:: Sets the first part of the index name to the value of
+the `beat` metadata field, for example, `filebeat`.
+`%{[@metadata][version]}`:: Sets the second part of the name to the Beat
+version, for example, +{logstash_version}+.
+`%{+YYYY.MM.dd}`:: Sets the third part of the name to a date based on the
+Logstash `@timestamp` field.
+
+This configuration results in daily index names like
++filebeat-{logstash_version}-{localdate}+.
+
+
+[id="plugins-{type}s-{plugin}-ecs_metadata"]
+==== Event Metadata and the Elastic Common Schema (ECS)
+When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
+which contains the `hostname` provided by beats and the `ip_address` containing the remote address
+of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
+enabled these are now moved in ECS compatible namespace.
+
+[id="plugins-{type}s-{plugin}-options"]
+==== Agent Input Configuration Options
+
+This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
+
+[cols="<,<,<",options="header",]
+|=======================================================================
+|Setting |Input type|Required
+| <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
+| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
+| <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
+| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
+| <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
+| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
+| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
+| <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
+| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
+|=======================================================================
+
+Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
+input plugins.
+
+&nbsp;
+
+[id="plugins-{type}s-{plugin}-add_hostname"]
+===== `add_hostname`
+
+  deprecated[6.0.0, The default value has been changed to `false`. In 7.0.0 this setting will be removed]
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `false`
+
+Flag to determine whether to add `host` field to event using the value supplied by the beat in the `hostname` field.
+
+
+[id="plugins-{type}s-{plugin}-cipher_suites"]
+===== `cipher_suites`
+
+  * Value type is <<array,array>>
+  * Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
+
+The list of ciphers suite to use, listed by priorities.
+
+[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
+===== `client_inactivity_timeout`
+
+  * Value type is <<number,number>>
+  * Default value is `60`
+
+Close Idle clients after X seconds of inactivity.
+
+[id="plugins-{type}s-{plugin}-ecs_compatibility"]
+===== `ecs_compatibility`
+
+* Value type is <<string,string>>
+* Supported values are:
+** `disabled`: unstructured connection metadata added at root level
+** `v1`: structured connection metadata added under ECS compliant namespaces
+* Default value depends on which version of Logstash is running:
+** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
+** Otherwise, the default value is `disabled`.
+
+Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
+The value of this setting affects the keys for the Beats connection's metadata on the event:
+
+.Metadata Location by `ecs_compatibility` value
+[cols="<l,<l,e,<e"]
+|=======================================================================
+|`disabled`              |`v1`                      |Availability |Description
+
+|[host]                  |[@metadata][input][beats][host][name]   |Always       |Name or address of the beat host
+|[@metadata][ip_address] |[@metadata][input][beats][host][ip]     |Always       |IP address of the Beats client
+|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
+|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
+|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
+|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
+|=======================================================================
+
+[id="plugins-{type}s-{plugin}-host"]
+===== `host`
+
+  * Value type is <<string,string>>
+  * Default value is `"0.0.0.0"`
+
+The IP address to listen on.
+
+[id="plugins-{type}s-{plugin}-include_codec_tag"]
+===== `include_codec_tag`
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `true`
+
+
+
+[id="plugins-{type}s-{plugin}-port"]
+===== `port`
+
+  * This is a required setting.
+  * Value type is <<number,number>>
+  * There is no default value for this setting.
+
+The port to listen on.
+
+[id="plugins-{type}s-{plugin}-ssl"]
+===== `ssl`
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `false`
+
+Events are by default sent in plain text. You can
+enable encryption by setting `ssl` to true and configuring
+the `ssl_certificate` and `ssl_key` options.
+
+[id="plugins-{type}s-{plugin}-ssl_certificate"]
+===== `ssl_certificate`
+
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+
+SSL certificate to use.
+
+[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
+===== `ssl_certificate_authorities`
+
+  * Value type is <<array,array>>
+  * Default value is `[]`
+
+Validate client certificates against these authorities.
+You can define multiple files or paths. All the certificates will
+be read and added to the trust store. You need to configure the `ssl_verify_mode`
+to `peer` or `force_peer` to enable the verification.
+
+
+[id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
+===== `ssl_handshake_timeout`
+
+  * Value type is <<number,number>>
+  * Default value is `10000`
+
+Time in milliseconds for an incomplete ssl handshake to timeout
+
+[id="plugins-{type}s-{plugin}-ssl_key"]
+===== `ssl_key`
+
+  * Value type is <<path,path>>
+  * There is no default value for this setting.
+
+SSL key to use.
+NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
+for more information.
+
+[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
+===== `ssl_key_passphrase`
+
+  * Value type is <<password,password>>
+  * There is no default value for this setting.
+
+SSL key passphrase to use.
+
+[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
+===== `ssl_verify_mode`
+
+  * Value can be any of: `none`, `peer`, `force_peer`
+  * Default value is `"none"`
+
+By default the server doesn't do any client verification.
+
+`peer` will make the server ask the client to provide a certificate.
+If the client provides a certificate, it will be validated.
+
+`force_peer` will make the server ask the client to provide a certificate.
+If the client doesn't provide a certificate, the connection will be closed.
+
+This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
+
+[id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
+===== `ssl_peer_metadata`
+
+  * Value type is <<boolean,boolean>>
+  * Default value is `false`
+
+Enables storing client certificate information in event's metadata.
+
+This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer`.
+
+[id="plugins-{type}s-{plugin}-tls_max_version"]
+===== `tls_max_version`
+
+  * Value type is <<number,number>>
+  * Default value is `1.2`
+
+The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
+1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
+
+[id="plugins-{type}s-{plugin}-tls_min_version"]
+===== `tls_min_version`
+
+  * Value type is <<number,number>>
+  * Default value is `1`
+
+The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
+1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
+
+
+
+[id="plugins-{type}s-{plugin}-common-options"]
+include::{include_path}/{type}.asciidoc[]
+
+:default_codec!:

data/docs/index.asciidoc

@@ -92,7 +92,19 @@ This configuration results in daily index names like
 When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
 which contains the `hostname` provided by beats and the `ip_address` containing the remote address
 of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
-enabled these are now moved in ECS compatible namespace.
+enabled these are now moved in ECS compatible namespace. Here's how <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> affects output.  
+
+[cols="<l,<l,e,<e"]
+|=======================================================================
+|ECS disabled |ECS v1 |Availability |Description
+
+|[host]                  |[@metadata][input][beats][host][name]   |Always       |Name or address of the beat host
+|[@metadata][ip_address] |[@metadata][input][beats][host][ip]     |Always       |IP address of the Beats client
+|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
+|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
+|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
+|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
+|=======================================================================
 
 [id="plugins-{type}s-{plugin}-options"]
 ==== Beats Input Configuration Options
@@ -164,21 +176,7 @@ Close Idle clients after X seconds of inactivity.
 ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
 ** Otherwise, the default value is `disabled`.
 
-Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
-The value of this setting affects the keys for the Beats connection's metadata on the event:
-
-.Metadata Location by `ecs_compatibility` value
-[cols="<l,<l,e,<e"]
-|=======================================================================
-|`disabled`              |`v1`                      |Availability |Description
-
-|[host]                  |[@metadata][input][beats][host][name]   |Always       |Name or address of the beat host
-|[@metadata][ip_address] |[@metadata][input][beats][host][ip]     |Always       |IP address of the Beats client
-|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
-|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
-|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
-|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
-|=======================================================================
+Refer to <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information.
 
 [id="plugins-{type}s-{plugin}-host"]
 ===== `host`

data/lib/logstash-input-beats_jars.rb

@@ -8,4 +8,4 @@ require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
 require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.4')
 require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
 require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
-require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.0')
+require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.1')

data/spec/inputs/beats/decoded_event_transform_spec.rb

@@ -44,7 +44,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
   context "map contains a timestamp" do
     context "when its valid" do
       let(:timestamp) { Time.now }
-      let(:map) { super.merge({"@timestamp" => timestamp }) }
+      let(:map) { super().merge({"@timestamp" => timestamp }) }
      
       it "uses as the event timestamp" do
         expect(subject.get("@timestamp")).to eq(LogStash::Timestamp.coerce(timestamp)) 
@@ -52,7 +52,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
     end
 
     context "when its not valid" do
-      let(:map) { super.merge({"@timestamp" => "invalid" }) }
+      let(:map) { super().merge({"@timestamp" => "invalid" }) }
 
       it "fallback the current time" do
         expect(subject.get("@timestamp")).to be_kind_of(LogStash::Timestamp)

data/spec/inputs/beats_spec.rb

@@ -25,7 +25,7 @@ describe LogStash::Inputs::Beats do
 
   context "#register" do
     context "host related configuration" do
-      let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
+      let(:config) { super().merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
       let(:host) { "192.168.1.20" }
       let(:port) { 9000 }
       let(:client_inactivity_timeout) { 400 }
@@ -76,7 +76,7 @@ describe LogStash::Inputs::Beats do
       end
 
       context "with invalid ciphers" do
-        let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
+        let(:config) { super().merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
 
         it "should raise a configuration error" do
           plugin = LogStash::Inputs::Beats.new(config)
@@ -90,7 +90,7 @@ describe LogStash::Inputs::Beats do
 
       context "verify_mode" do
         context "verify_mode configured to PEER" do
-          let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
+          let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "peer") }
 
           it "raise a ConfigurationError when certificate_authorities is not set" do
             plugin = LogStash::Inputs::Beats.new(config)
@@ -105,7 +105,7 @@ describe LogStash::Inputs::Beats do
         end
 
         context "verify_mode configured to FORCE_PEER" do
-          let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
+          let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
 
           it "raise a ConfigurationError when certificate_authorities is not set" do
             plugin = LogStash::Inputs::Beats.new(config)
@@ -154,7 +154,7 @@ describe LogStash::Inputs::Beats do
       let(:codec) { LogStash::Codecs::Multiline.new("pattern" => '^2015',
                                                     "what" => "previous",
                                                     "negate" => true) }
-      let(:config) { super.merge({ "codec" => codec }) }
+      let(:config) { super().merge({ "codec" => codec }) }
 
       it "raise a ConfigurationError when multiline codec is set" do
         plugin = LogStash::Inputs::Beats.new(config)

data/spec/integration/filebeat_spec.rb

@@ -86,7 +86,7 @@ describe "Filebeat", :integration => true do
     end
 
     context "without pipelining" do
-      let(:filebeat_config) { config = super; config["output"]["logstash"]["pipelining"] = 0; config }
+      let(:filebeat_config) { config = super(); config["output"]["logstash"]["pipelining"] = 0; config }
       include_examples "send events"
 
       context "with large batches" do
@@ -99,7 +99,7 @@ describe "Filebeat", :integration => true do
   context "TLS" do
     context "Server verification" do
       let(:filebeat_config) do
-        super.merge({
+        super().merge({
           "output" => {
             "logstash" => {
               "hosts" => ["#{host}:#{port}"],
@@ -111,7 +111,7 @@ describe "Filebeat", :integration => true do
       end
 
       let(:input_config) do
-        super.merge({
+        super().merge({
           "ssl" => true,
           "ssl_certificate" => certificate_file,
           "ssl_key" => certificate_key_file
@@ -129,7 +129,7 @@ describe "Filebeat", :integration => true do
 
         context "when specifying a cipher" do
           let(:filebeat_config) do
-            super.merge({
+            super().merge({
               "output" => {
                 "logstash" => {
                   "hosts" => ["#{host}:#{port}"],
@@ -145,7 +145,7 @@ describe "Filebeat", :integration => true do
           end
 
           let(:input_config) {
-            super.merge({
+            super().merge({
               "cipher_suites" => [logstash_cipher],
               "tls_min_version" => "1.2"
             })
@@ -194,7 +194,7 @@ describe "Filebeat", :integration => true do
             LogStash::Inputs::Beats.new(input_config)
           }
           let(:input_config) {
-            super.merge({
+            super().merge({
             "ssl_key_passphrase" => passphrase,
             "ssl_key" => certificate_key_file_pkcs8
           })}
@@ -229,7 +229,7 @@ describe "Filebeat", :integration => true do
 
       context "Client verification / Mutual validation" do
         let(:filebeat_config) do
-          super.merge({
+          super().merge({
             "output" => {
               "logstash" => {
                 "hosts" => ["#{host}:#{port}"],
@@ -245,7 +245,7 @@ describe "Filebeat", :integration => true do
         end
 
         let(:input_config) do
-          super.merge({
+          super().merge({
             "ssl" => true,
             "ssl_certificate_authorities" => certificate_authorities,
             "ssl_certificate" => server_certificate_file,
@@ -327,7 +327,7 @@ describe "Filebeat", :integration => true do
 
               context "client from secondary CA" do
                 let(:filebeat_config) do
-                  super.merge({
+                  super().merge({
                     "output" => {
                       "logstash" => {
                         "hosts" => ["#{host}:#{port}"],

data/spec/integration/logstash_forwarder_spec.rb

@@ -74,7 +74,7 @@ describe "Logstash-Forwarder", :integration => true do
   context "TLS" do
     context "Server Verification" do
       let(:input_config) do
-        super.merge({
+        super().merge({
           "ssl" => true,
           "ssl_certificate" => certificate_file,
           "ssl_key" => certificate_key_file,

data/spec/support/shared_examples.rb

@@ -32,12 +32,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
   end
 
   context 'when add_hostname is true' do
-    let(:config) { super.merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
+    let(:config) { super().merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
 
     context 'when a host is provided in beat.host.name' do
       let(:already_exist) { "already_exist" }
       let(:producer_host) { "newhost01" }
-      let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
+      let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
 
       context "when no `host` key already exists on the event" do
         it "does not set the host value" do
@@ -47,7 +47,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `host` key exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge({ "host" => already_exist }) }
+        let(:event_map) { super().merge({ "host" => already_exist }) }
 
         it "doesn't override it" do
           expect(subject.get("host")).to eq(already_exist)
@@ -57,7 +57,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
     context "when a host is set in `beat.hostname`" do
       let(:producer_host) { "newhost01" }
-      let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
+      let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
 
       context "when no `#{host_field_name}` key already exists on the event" do
         it "copies the value in `beat.hostname` to `#{host_field_name}`" do
@@ -67,7 +67,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `#{host_field_name}` key exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
+        let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
 
         it "doesn't override it" do
           expect(subject.get(host_field_name)).to eq(already_exist)
@@ -84,7 +84,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `#{host_field_name}` key already exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
+        let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
 
         it "doesn't override it" do
           expect(subject.get(host_field_name)).to eq(already_exist)
@@ -94,12 +94,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
   end
 
   context 'when add hostname is false' do
-    let(:config) { super.merge({'add_hostname' => false})}
+    let(:config) { super().merge({'add_hostname' => false})}
 
     context 'when a host is provided in beat.host.name' do
       let(:already_exist) { "already_exist" }
       let(:producer_host) { "newhost01" }
-      let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
+      let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
 
       context "when no `#{host_field_name}` key already exists on the event" do
         it "does not set the host" do
@@ -109,7 +109,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `#{host_field_name}` key already exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
+        let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
 
         it "doesn't override it" do
           expect(subject.get(host_field_name)).to eq(already_exist)
@@ -119,7 +119,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
     context "when a host is provided in `beat.hostname`" do
       let(:producer_host) { "newhost01" }
-      let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
+      let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
 
       context "when no `#{host_field_name}` key already exists on the event" do
         it "does not set the host" do
@@ -129,7 +129,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `host` key already exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
+        let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
 
         it "doesn't override it" do
           expect(subject.get(host_field_name)).to eq(already_exist)
@@ -146,7 +146,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
 
       context "when `#{host_field_name}` key already exists on the event" do
         let(:already_exist) { "already_exist" }
-        let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
+        let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
 
         it "doesn't override it" do
           expect(subject.get(host_field_name)).to eq(already_exist)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-beats
 version: !ruby/object:Gem::Version
-  version: 6.1.0
+  version: 6.1.1
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-18 00:00:00.000000000 Z
+date: 2021-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -248,6 +248,7 @@ files:
 - PROTOCOL.md
 - README.md
 - VERSION
+- docs/agent.asciidoc
 - docs/index.asciidoc
 - lib/logstash-input-beats_jars.rb
 - lib/logstash/inputs/beats.rb
@@ -285,7 +286,7 @@ files:
 - vendor/jar-dependencies/io/netty/netty-all/4.1.49.Final/netty-all-4.1.49.Final.jar
 - vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
 - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
-- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.0/logstash-input-beats-6.1.0.jar
+- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.1/logstash-input-beats-6.1.1.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)