logstash-input-beats 6.1.0-java → 6.1.5-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -4
- data/VERSION +1 -1
- data/docs/index.asciidoc +34 -28
- data/lib/logstash-input-beats_jars.rb +3 -3
- data/spec/inputs/beats/decoded_event_transform_spec.rb +2 -2
- data/spec/inputs/beats_spec.rb +5 -5
- data/spec/integration/filebeat_spec.rb +9 -9
- data/spec/integration/logstash_forwarder_spec.rb +1 -1
- data/spec/support/shared_examples.rb +12 -12
- data/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/{2.9.10.4/jackson-databind-2.9.10.4.jar → 2.9.10.8/jackson-databind-2.9.10.8.jar} +0 -0
- data/vendor/jar-dependencies/io/netty/netty-all/{4.1.49.Final/netty-all-4.1.49.Final.jar → 4.1.65.Final/netty-all-4.1.65.Final.jar} +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.1.0/logstash-input-beats-6.1.0.jar → 6.1.5/logstash-input-beats-6.1.5.jar} +0 -0
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dfd025acbb07379ea0d9fa66d381cd0aa88e92b7e3f0d162efff407cd27763b5
|
4
|
+
data.tar.gz: f4071900f9e42da024156f3215699ecda37027ec137c6f5bb01d47daf9153562
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 902a418a13e1cf18e8c8125ed04a4f77f945786dcb9af0cfabb581ea5afe96199614bd3f240eba758897e677adc34948866394673550c061f19cf5b6bac5b4be
|
7
|
+
data.tar.gz: aa57f6663812fece5e775878d10904d003654c25cd4931fcf02cb692ab6fcb235d9cbbf3925450df8078abc71c613b1b95d8d251d65f9e2d3fd4011ac4c3a161
|
data/CHANGELOG.md
CHANGED
@@ -1,10 +1,26 @@
|
|
1
|
+
## 6.1.5
|
2
|
+
- Changed jar dependencies to reflect newer versions [#425](https://github.com/logstash-plugins/logstash-input-http/pull/425)
|
3
|
+
|
4
|
+
## 6.1.4
|
5
|
+
- Fix: reduce error logging on connection resets [#424](https://github.com/logstash-plugins/logstash-input-beats/pull/424)
|
6
|
+
|
7
|
+
## 6.1.3
|
8
|
+
- Fix: safe-guard byte buf allocation [#420](https://github.com/logstash-plugins/logstash-input-beats/pull/420)
|
9
|
+
- Updated Jackson dependencies
|
10
|
+
|
11
|
+
## 6.1.2
|
12
|
+
- [DOC] Added naming attribute to control plugin name that appears in docs, and set up framework to make attributes viable in code sample
|
13
|
+
|
14
|
+
## 6.1.1
|
15
|
+
- [DOC] Enhanced ECS compatibility information for ease of use and readability
|
16
|
+
[#413](https://github.com/logstash-plugins/logstash-input-beats/pull/413)
|
17
|
+
|
1
18
|
## 6.1.0
|
2
|
-
- ECS compatibility enablement
|
3
|
-
|
4
|
-
`host` and `@metadata.ip_address` event fields. [404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
|
19
|
+
- ECS compatibility enablement. Adds `ecs_compatibility` setting to declare the level of ECS compatibility (`disabled` or `v1`) at plugin level. When `disabled`, the plugin behaves like before, while `v1` does a rename of
|
20
|
+
`host` and `@metadata.ip_address` event fields. [#404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
|
5
21
|
|
6
22
|
## 6.0.14
|
7
|
-
- Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)
|
23
|
+
- Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)
|
8
24
|
|
9
25
|
## 6.0.13
|
10
26
|
- [DOC] Update links to use shared attributes
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.1.
|
1
|
+
6.1.5
|
data/docs/index.asciidoc
CHANGED
@@ -1,6 +1,7 @@
|
|
1
1
|
:plugin: beats
|
2
2
|
:type: input
|
3
3
|
:default_codec: plain
|
4
|
+
:plugin-uc: Beats
|
4
5
|
|
5
6
|
///////////////////////////////////////////
|
6
7
|
START - GENERATED VARIABLES, DO NOT EDIT!
|
@@ -15,7 +16,10 @@ END - GENERATED VARIABLES, DO NOT EDIT!
|
|
15
16
|
|
16
17
|
[id="plugins-{type}s-{plugin}"]
|
17
18
|
|
18
|
-
===
|
19
|
+
=== {plugin-uc} input plugin
|
20
|
+
|
21
|
+
NOTE: The `input-elastic_agent` plugin is the next generation of the
|
22
|
+
`input-beats` plugin. They currently share a common codebase.
|
19
23
|
|
20
24
|
include::{include_path}/plugin_header.asciidoc[]
|
21
25
|
|
@@ -25,13 +29,13 @@ This input plugin enables Logstash to receive events from the
|
|
25
29
|
https://www.elastic.co/products/beats[Elastic Beats] framework.
|
26
30
|
|
27
31
|
The following example shows how to configure Logstash to listen on port
|
28
|
-
5044 for incoming
|
32
|
+
5044 for incoming {plugin-uc} connections and to index into Elasticsearch.
|
29
33
|
|
30
|
-
[source,
|
34
|
+
["source","sh",subs="attributes"]
|
31
35
|
-----
|
32
36
|
|
33
37
|
input {
|
34
|
-
|
38
|
+
{plugin} {
|
35
39
|
port => 5044
|
36
40
|
}
|
37
41
|
}
|
@@ -45,16 +49,16 @@ output {
|
|
45
49
|
-----
|
46
50
|
<1> `%{[@metadata][beat]}` sets the first part of the index name to the value
|
47
51
|
of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to
|
48
|
-
the
|
52
|
+
the {plugin-uc} version. For example:
|
49
53
|
metricbeat-7.4.0.
|
50
54
|
|
51
55
|
Events indexed into Elasticsearch with the Logstash configuration shown here
|
52
|
-
will be similar to events directly indexed by
|
56
|
+
will be similar to events directly indexed by {plugin-uc} into Elasticsearch.
|
53
57
|
|
54
58
|
NOTE: If ILM is not being used, set `index` to
|
55
59
|
`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
|
56
60
|
Logstash creates an index per day, based on the `@timestamp` value of the events
|
57
|
-
coming from
|
61
|
+
coming from {plugin-uc}.
|
58
62
|
|
59
63
|
IMPORTANT: If you are shipping events that span multiple lines, you need to use
|
60
64
|
the {filebeat-ref}/multiline-examples.html[configuration options available in
|
@@ -64,7 +68,7 @@ plugin] to handle multiline events. Doing so will result in the failure to start
|
|
64
68
|
Logstash.
|
65
69
|
|
66
70
|
[id="plugins-{type}s-{plugin}-versioned-indexes"]
|
67
|
-
==== Versioned
|
71
|
+
==== Versioned indices
|
68
72
|
|
69
73
|
To minimize the impact of future schema changes on your existing indices and
|
70
74
|
mappings in Elasticsearch, configure the Elasticsearch output to write to
|
@@ -89,13 +93,29 @@ This configuration results in daily index names like
|
|
89
93
|
|
90
94
|
[id="plugins-{type}s-{plugin}-ecs_metadata"]
|
91
95
|
==== Event Metadata and the Elastic Common Schema (ECS)
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
+
|
97
|
+
When decoding {plugin-uc} events, this plugin adds two fields related to the event:
|
98
|
+
the deprecated `host` which contains the `hostname` provided by {plugin-uc} and the
|
99
|
+
`ip_address` containing the remote address of the client's connection. When
|
100
|
+
<<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is enabled
|
101
|
+
these are now moved in ECS compatible namespace. Here's how
|
102
|
+
<<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> affects
|
103
|
+
output.
|
104
|
+
|
105
|
+
[cols="<l,<l,e,<e"]
|
106
|
+
|=======================================================================
|
107
|
+
|ECS disabled |ECS v1 |Availability |Description
|
108
|
+
|
109
|
+
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
|
110
|
+
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
|
111
|
+
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
|
112
|
+
|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
|
113
|
+
|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
|
114
|
+
|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
|
115
|
+
|=======================================================================
|
96
116
|
|
97
117
|
[id="plugins-{type}s-{plugin}-options"]
|
98
|
-
====
|
118
|
+
==== {plugin-uc} Input Configuration Options
|
99
119
|
|
100
120
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
101
121
|
|
@@ -164,21 +184,7 @@ Close Idle clients after X seconds of inactivity.
|
|
164
184
|
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
165
185
|
** Otherwise, the default value is `disabled`.
|
166
186
|
|
167
|
-
|
168
|
-
The value of this setting affects the keys for the Beats connection's metadata on the event:
|
169
|
-
|
170
|
-
.Metadata Location by `ecs_compatibility` value
|
171
|
-
[cols="<l,<l,e,<e"]
|
172
|
-
|=======================================================================
|
173
|
-
|`disabled` |`v1` |Availability |Description
|
174
|
-
|
175
|
-
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
|
176
|
-
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
|
177
|
-
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
|
178
|
-
|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
|
179
|
-
|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
|
180
|
-
|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
|
181
|
-
|=======================================================================
|
187
|
+
Refer to <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information.
|
182
188
|
|
183
189
|
[id="plugins-{type}s-{plugin}-host"]
|
184
190
|
===== `host`
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
|
2
2
|
|
3
3
|
require 'jar_dependencies'
|
4
|
-
require_jar('io.netty', 'netty-all', '4.1.
|
4
|
+
require_jar('io.netty', 'netty-all', '4.1.65.Final')
|
5
5
|
require_jar('org.javassist', 'javassist', '3.24.0-GA')
|
6
6
|
require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
|
8
|
-
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.
|
8
|
+
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
|
9
9
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
|
10
10
|
require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.
|
11
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.5')
|
@@ -44,7 +44,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
|
|
44
44
|
context "map contains a timestamp" do
|
45
45
|
context "when its valid" do
|
46
46
|
let(:timestamp) { Time.now }
|
47
|
-
let(:map) { super.merge({"@timestamp" => timestamp }) }
|
47
|
+
let(:map) { super().merge({"@timestamp" => timestamp }) }
|
48
48
|
|
49
49
|
it "uses as the event timestamp" do
|
50
50
|
expect(subject.get("@timestamp")).to eq(LogStash::Timestamp.coerce(timestamp))
|
@@ -52,7 +52,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
|
|
52
52
|
end
|
53
53
|
|
54
54
|
context "when its not valid" do
|
55
|
-
let(:map) { super.merge({"@timestamp" => "invalid" }) }
|
55
|
+
let(:map) { super().merge({"@timestamp" => "invalid" }) }
|
56
56
|
|
57
57
|
it "fallback the current time" do
|
58
58
|
expect(subject.get("@timestamp")).to be_kind_of(LogStash::Timestamp)
|
data/spec/inputs/beats_spec.rb
CHANGED
@@ -25,7 +25,7 @@ describe LogStash::Inputs::Beats do
|
|
25
25
|
|
26
26
|
context "#register" do
|
27
27
|
context "host related configuration" do
|
28
|
-
let(:config) { super.merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
|
28
|
+
let(:config) { super().merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
|
29
29
|
let(:host) { "192.168.1.20" }
|
30
30
|
let(:port) { 9000 }
|
31
31
|
let(:client_inactivity_timeout) { 400 }
|
@@ -76,7 +76,7 @@ describe LogStash::Inputs::Beats do
|
|
76
76
|
end
|
77
77
|
|
78
78
|
context "with invalid ciphers" do
|
79
|
-
let(:config) { super.merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
|
79
|
+
let(:config) { super().merge("ssl" => true, "cipher_suites" => "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38") }
|
80
80
|
|
81
81
|
it "should raise a configuration error" do
|
82
82
|
plugin = LogStash::Inputs::Beats.new(config)
|
@@ -90,7 +90,7 @@ describe LogStash::Inputs::Beats do
|
|
90
90
|
|
91
91
|
context "verify_mode" do
|
92
92
|
context "verify_mode configured to PEER" do
|
93
|
-
let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "peer") }
|
93
|
+
let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "peer") }
|
94
94
|
|
95
95
|
it "raise a ConfigurationError when certificate_authorities is not set" do
|
96
96
|
plugin = LogStash::Inputs::Beats.new(config)
|
@@ -105,7 +105,7 @@ describe LogStash::Inputs::Beats do
|
|
105
105
|
end
|
106
106
|
|
107
107
|
context "verify_mode configured to FORCE_PEER" do
|
108
|
-
let(:config) { super.merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
|
108
|
+
let(:config) { super().merge("ssl" => true, "ssl_verify_mode" => "force_peer") }
|
109
109
|
|
110
110
|
it "raise a ConfigurationError when certificate_authorities is not set" do
|
111
111
|
plugin = LogStash::Inputs::Beats.new(config)
|
@@ -154,7 +154,7 @@ describe LogStash::Inputs::Beats do
|
|
154
154
|
let(:codec) { LogStash::Codecs::Multiline.new("pattern" => '^2015',
|
155
155
|
"what" => "previous",
|
156
156
|
"negate" => true) }
|
157
|
-
let(:config) { super.merge({ "codec" => codec }) }
|
157
|
+
let(:config) { super().merge({ "codec" => codec }) }
|
158
158
|
|
159
159
|
it "raise a ConfigurationError when multiline codec is set" do
|
160
160
|
plugin = LogStash::Inputs::Beats.new(config)
|
@@ -86,7 +86,7 @@ describe "Filebeat", :integration => true do
|
|
86
86
|
end
|
87
87
|
|
88
88
|
context "without pipelining" do
|
89
|
-
let(:filebeat_config) { config = super; config["output"]["logstash"]["pipelining"] = 0; config }
|
89
|
+
let(:filebeat_config) { config = super(); config["output"]["logstash"]["pipelining"] = 0; config }
|
90
90
|
include_examples "send events"
|
91
91
|
|
92
92
|
context "with large batches" do
|
@@ -99,7 +99,7 @@ describe "Filebeat", :integration => true do
|
|
99
99
|
context "TLS" do
|
100
100
|
context "Server verification" do
|
101
101
|
let(:filebeat_config) do
|
102
|
-
super.merge({
|
102
|
+
super().merge({
|
103
103
|
"output" => {
|
104
104
|
"logstash" => {
|
105
105
|
"hosts" => ["#{host}:#{port}"],
|
@@ -111,7 +111,7 @@ describe "Filebeat", :integration => true do
|
|
111
111
|
end
|
112
112
|
|
113
113
|
let(:input_config) do
|
114
|
-
super.merge({
|
114
|
+
super().merge({
|
115
115
|
"ssl" => true,
|
116
116
|
"ssl_certificate" => certificate_file,
|
117
117
|
"ssl_key" => certificate_key_file
|
@@ -129,7 +129,7 @@ describe "Filebeat", :integration => true do
|
|
129
129
|
|
130
130
|
context "when specifying a cipher" do
|
131
131
|
let(:filebeat_config) do
|
132
|
-
super.merge({
|
132
|
+
super().merge({
|
133
133
|
"output" => {
|
134
134
|
"logstash" => {
|
135
135
|
"hosts" => ["#{host}:#{port}"],
|
@@ -145,7 +145,7 @@ describe "Filebeat", :integration => true do
|
|
145
145
|
end
|
146
146
|
|
147
147
|
let(:input_config) {
|
148
|
-
super.merge({
|
148
|
+
super().merge({
|
149
149
|
"cipher_suites" => [logstash_cipher],
|
150
150
|
"tls_min_version" => "1.2"
|
151
151
|
})
|
@@ -194,7 +194,7 @@ describe "Filebeat", :integration => true do
|
|
194
194
|
LogStash::Inputs::Beats.new(input_config)
|
195
195
|
}
|
196
196
|
let(:input_config) {
|
197
|
-
super.merge({
|
197
|
+
super().merge({
|
198
198
|
"ssl_key_passphrase" => passphrase,
|
199
199
|
"ssl_key" => certificate_key_file_pkcs8
|
200
200
|
})}
|
@@ -229,7 +229,7 @@ describe "Filebeat", :integration => true do
|
|
229
229
|
|
230
230
|
context "Client verification / Mutual validation" do
|
231
231
|
let(:filebeat_config) do
|
232
|
-
super.merge({
|
232
|
+
super().merge({
|
233
233
|
"output" => {
|
234
234
|
"logstash" => {
|
235
235
|
"hosts" => ["#{host}:#{port}"],
|
@@ -245,7 +245,7 @@ describe "Filebeat", :integration => true do
|
|
245
245
|
end
|
246
246
|
|
247
247
|
let(:input_config) do
|
248
|
-
super.merge({
|
248
|
+
super().merge({
|
249
249
|
"ssl" => true,
|
250
250
|
"ssl_certificate_authorities" => certificate_authorities,
|
251
251
|
"ssl_certificate" => server_certificate_file,
|
@@ -327,7 +327,7 @@ describe "Filebeat", :integration => true do
|
|
327
327
|
|
328
328
|
context "client from secondary CA" do
|
329
329
|
let(:filebeat_config) do
|
330
|
-
super.merge({
|
330
|
+
super().merge({
|
331
331
|
"output" => {
|
332
332
|
"logstash" => {
|
333
333
|
"hosts" => ["#{host}:#{port}"],
|
@@ -74,7 +74,7 @@ describe "Logstash-Forwarder", :integration => true do
|
|
74
74
|
context "TLS" do
|
75
75
|
context "Server Verification" do
|
76
76
|
let(:input_config) do
|
77
|
-
super.merge({
|
77
|
+
super().merge({
|
78
78
|
"ssl" => true,
|
79
79
|
"ssl_certificate" => certificate_file,
|
80
80
|
"ssl_key" => certificate_key_file,
|
@@ -32,12 +32,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
32
32
|
end
|
33
33
|
|
34
34
|
context 'when add_hostname is true' do
|
35
|
-
let(:config) { super.merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
|
35
|
+
let(:config) { super().merge({'add_hostname' => true, 'ecs_compatibility' => ecs_compatibility})}
|
36
36
|
|
37
37
|
context 'when a host is provided in beat.host.name' do
|
38
38
|
let(:already_exist) { "already_exist" }
|
39
39
|
let(:producer_host) { "newhost01" }
|
40
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
40
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
41
41
|
|
42
42
|
context "when no `host` key already exists on the event" do
|
43
43
|
it "does not set the host value" do
|
@@ -47,7 +47,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
47
47
|
|
48
48
|
context "when `host` key exists on the event" do
|
49
49
|
let(:already_exist) { "already_exist" }
|
50
|
-
let(:event_map) { super.merge({ "host" => already_exist }) }
|
50
|
+
let(:event_map) { super().merge({ "host" => already_exist }) }
|
51
51
|
|
52
52
|
it "doesn't override it" do
|
53
53
|
expect(subject.get("host")).to eq(already_exist)
|
@@ -57,7 +57,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
57
57
|
|
58
58
|
context "when a host is set in `beat.hostname`" do
|
59
59
|
let(:producer_host) { "newhost01" }
|
60
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
60
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
61
61
|
|
62
62
|
context "when no `#{host_field_name}` key already exists on the event" do
|
63
63
|
it "copies the value in `beat.hostname` to `#{host_field_name}`" do
|
@@ -67,7 +67,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
67
67
|
|
68
68
|
context "when `#{host_field_name}` key exists on the event" do
|
69
69
|
let(:already_exist) { "already_exist" }
|
70
|
-
let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
|
70
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
71
71
|
|
72
72
|
it "doesn't override it" do
|
73
73
|
expect(subject.get(host_field_name)).to eq(already_exist)
|
@@ -84,7 +84,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
84
84
|
|
85
85
|
context "when `#{host_field_name}` key already exists on the event" do
|
86
86
|
let(:already_exist) { "already_exist" }
|
87
|
-
let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
|
87
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
88
88
|
|
89
89
|
it "doesn't override it" do
|
90
90
|
expect(subject.get(host_field_name)).to eq(already_exist)
|
@@ -94,12 +94,12 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
94
94
|
end
|
95
95
|
|
96
96
|
context 'when add hostname is false' do
|
97
|
-
let(:config) { super.merge({'add_hostname' => false})}
|
97
|
+
let(:config) { super().merge({'add_hostname' => false})}
|
98
98
|
|
99
99
|
context 'when a host is provided in beat.host.name' do
|
100
100
|
let(:already_exist) { "already_exist" }
|
101
101
|
let(:producer_host) { "newhost01" }
|
102
|
-
let(:event_map) { super.merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
102
|
+
let(:event_map) { super().merge({ "beat" => { "host" => {"name" => producer_host }}}) }
|
103
103
|
|
104
104
|
context "when no `#{host_field_name}` key already exists on the event" do
|
105
105
|
it "does not set the host" do
|
@@ -109,7 +109,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
109
109
|
|
110
110
|
context "when `#{host_field_name}` key already exists on the event" do
|
111
111
|
let(:already_exist) { "already_exist" }
|
112
|
-
let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
|
112
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
113
113
|
|
114
114
|
it "doesn't override it" do
|
115
115
|
expect(subject.get(host_field_name)).to eq(already_exist)
|
@@ -119,7 +119,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
119
119
|
|
120
120
|
context "when a host is provided in `beat.hostname`" do
|
121
121
|
let(:producer_host) { "newhost01" }
|
122
|
-
let(:event_map) { super.merge({ "beat" => { "hostname" => producer_host }}) }
|
122
|
+
let(:event_map) { super().merge({ "beat" => { "hostname" => producer_host }}) }
|
123
123
|
|
124
124
|
context "when no `#{host_field_name}` key already exists on the event" do
|
125
125
|
it "does not set the host" do
|
@@ -129,7 +129,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
129
129
|
|
130
130
|
context "when `host` key already exists on the event" do
|
131
131
|
let(:already_exist) { "already_exist" }
|
132
|
-
let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
|
132
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
133
133
|
|
134
134
|
it "doesn't override it" do
|
135
135
|
expect(subject.get(host_field_name)).to eq(already_exist)
|
@@ -146,7 +146,7 @@ shared_examples "Common Event Transformation" do |ecs_compatibility, host_field_
|
|
146
146
|
|
147
147
|
context "when `#{host_field_name}` key already exists on the event" do
|
148
148
|
let(:already_exist) { "already_exist" }
|
149
|
-
let(:event_map) { super.merge(key_as_nested_maps(host_field_name, already_exist)) }
|
149
|
+
let(:event_map) { super().merge(key_as_nested_maps(host_field_name, already_exist)) }
|
150
150
|
|
151
151
|
it "doesn't override it" do
|
152
152
|
expect(subject.get(host_field_name)).to eq(already_exist)
|
Binary file
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.
|
4
|
+
version: 6.1.5
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-06-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -280,12 +280,12 @@ files:
|
|
280
280
|
- spec/support/shared_examples.rb
|
281
281
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.10/jackson-annotations-2.9.10.jar
|
282
282
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.10/jackson-core-2.9.10.jar
|
283
|
-
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.
|
283
|
+
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
|
284
284
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
|
285
|
-
- vendor/jar-dependencies/io/netty/netty-all/4.1.
|
285
|
+
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
286
286
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
|
287
287
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
288
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.
|
288
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.5/logstash-input-beats-6.1.5.jar
|
289
289
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
290
290
|
licenses:
|
291
291
|
- Apache License (2.0)
|