logstash-input-beats 6.1.2-java → 6.1.6-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +14 -1
- data/VERSION +1 -1
- data/docs/index.asciidoc +59 -10
- data/lib/logstash-input-beats_jars.rb +3 -3
- data/vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/{2.9.10.4/jackson-databind-2.9.10.4.jar → 2.9.10.8/jackson-databind-2.9.10.8.jar} +0 -0
- data/vendor/jar-dependencies/io/netty/netty-all/{4.1.49.Final/netty-all-4.1.49.Final.jar → 4.1.65.Final/netty-all-4.1.65.Final.jar} +0 -0
- data/vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/{6.1.2/logstash-input-beats-6.1.2.jar → 6.1.6/logstash-input-beats-6.1.6.jar} +0 -0
- metadata +21 -23
- data/docs/agent.asciidoc +0 -320
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: bdfb961f6671cbce9a01f9df53f0e2fa83ec6ac2f14521b51f2dfe32508b181b
|
4
|
+
data.tar.gz: ebf3b53c4b9efd6dd9be89b76e3d46ee2cae71f9c01d481fabddb4104e0ea546
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a060db6f3d84a1aaa41d7da73728c16d959484af1d85efce09ac811597288faf7d89a66bff10a7254f394ee51eb70b9723df8488b1c61916b9b48ea2bba6bc70
|
7
|
+
data.tar.gz: 467e8d01b6a2c94dcf0afffcea88aa967fb3518b6be42722691b85f4497864e8645d468b3adbdba07dd8900be23a9b858b50be3c005f777f4da49b021b40fd63
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,16 @@
|
|
1
|
+
## 6.1.6
|
2
|
+
- [DOC] Applied more attributes to manage plugin name in doc content, and implemented conditional text processing. [#423](https://github.com/logstash-plugins/logstash-input-http/pull/423)
|
3
|
+
|
4
|
+
## 6.1.5
|
5
|
+
- Changed jar dependencies to reflect newer versions [#425](https://github.com/logstash-plugins/logstash-input-beats/pull/425)
|
6
|
+
|
7
|
+
## 6.1.4
|
8
|
+
- Fix: reduce error logging on connection resets [#424](https://github.com/logstash-plugins/logstash-input-beats/pull/424)
|
9
|
+
|
10
|
+
## 6.1.3
|
11
|
+
- Fix: safe-guard byte buf allocation [#420](https://github.com/logstash-plugins/logstash-input-beats/pull/420)
|
12
|
+
- Updated Jackson dependencies
|
13
|
+
|
1
14
|
## 6.1.2
|
2
15
|
- [DOC] Added naming attribute to control plugin name that appears in docs, and set up framework to make attributes viable in code sample
|
3
16
|
|
@@ -10,7 +23,7 @@
|
|
10
23
|
`host` and `@metadata.ip_address` event fields. [#404](https://github.com/logstash-plugins/logstash-input-beats/pull/404)
|
11
24
|
|
12
25
|
## 6.0.14
|
13
|
-
- Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)
|
26
|
+
- Feat: log + unwrap generic SSL context exceptions [#405](https://github.com/logstash-plugins/logstash-input-beats/pull/405)
|
14
27
|
|
15
28
|
## 6.0.13
|
16
29
|
- [DOC] Update links to use shared attributes
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
6.1.
|
1
|
+
6.1.6
|
data/docs/index.asciidoc
CHANGED
@@ -2,6 +2,7 @@
|
|
2
2
|
:type: input
|
3
3
|
:default_codec: plain
|
4
4
|
:plugin-uc: Beats
|
5
|
+
:plugin-singular: Beat
|
5
6
|
|
6
7
|
///////////////////////////////////////////
|
7
8
|
START - GENERATED VARIABLES, DO NOT EDIT!
|
@@ -18,21 +19,27 @@ END - GENERATED VARIABLES, DO NOT EDIT!
|
|
18
19
|
|
19
20
|
=== {plugin-uc} input plugin
|
20
21
|
|
22
|
+
NOTE: The `input-elastic_agent` plugin is the next generation of the
|
23
|
+
`input-beats` plugin.
|
24
|
+
They currently share code and a https://github.com/logstash-plugins/logstash-input-beats[common codebase].
|
25
|
+
|
21
26
|
include::{include_path}/plugin_header.asciidoc[]
|
22
27
|
|
23
28
|
==== Description
|
24
29
|
|
25
30
|
This input plugin enables Logstash to receive events from the
|
26
|
-
|
31
|
+
{plugin-uc} framework.
|
27
32
|
|
28
33
|
The following example shows how to configure Logstash to listen on port
|
29
34
|
5044 for incoming {plugin-uc} connections and to index into Elasticsearch.
|
30
35
|
|
36
|
+
//Example for Beats
|
37
|
+
ifeval::["{plugin}"=="beats"]
|
31
38
|
["source","sh",subs="attributes"]
|
32
39
|
-----
|
33
40
|
|
34
41
|
input {
|
35
|
-
|
42
|
+
{plugin} {
|
36
43
|
port => 5044
|
37
44
|
}
|
38
45
|
}
|
@@ -45,9 +52,8 @@ output {
|
|
45
52
|
}
|
46
53
|
-----
|
47
54
|
<1> `%{[@metadata][beat]}` sets the first part of the index name to the value
|
48
|
-
of the
|
49
|
-
the {plugin-
|
50
|
-
metricbeat-7.4.0.
|
55
|
+
of the metadata field and `%{[@metadata][version]}` sets the second part to
|
56
|
+
the {plugin-singular} version. For example: metricbeat-6.1.6.
|
51
57
|
|
52
58
|
Events indexed into Elasticsearch with the Logstash configuration shown here
|
53
59
|
will be similar to events directly indexed by {plugin-uc} into Elasticsearch.
|
@@ -56,14 +62,56 @@ NOTE: If ILM is not being used, set `index` to
|
|
56
62
|
`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
|
57
63
|
Logstash creates an index per day, based on the `@timestamp` value of the events
|
58
64
|
coming from {plugin-uc}.
|
65
|
+
endif::[]
|
66
|
+
|
67
|
+
//Example for Elastic Agent
|
68
|
+
ifeval::["{plugin}"!="beats"]
|
69
|
+
["source","sh",subs="attributes"]
|
70
|
+
-----
|
71
|
+
|
72
|
+
input {
|
73
|
+
{plugin} {
|
74
|
+
port => 5044
|
75
|
+
}
|
76
|
+
}
|
59
77
|
|
60
|
-
|
78
|
+
output {
|
79
|
+
elasticsearch {
|
80
|
+
hosts => ["http://localhost:9200"]
|
81
|
+
data_stream => "true"
|
82
|
+
}
|
83
|
+
}
|
84
|
+
-----
|
85
|
+
|
86
|
+
Events indexed into Elasticsearch with the Logstash configuration shown here
|
87
|
+
will be similar to events directly indexed by {plugin-uc} into Elasticsearch.
|
88
|
+
endif::[]
|
89
|
+
|
90
|
+
|
91
|
+
//Content for Beats
|
92
|
+
ifeval::["{plugin}"=="beats"]
|
93
|
+
[id="plugins-{type}s-{plugin}-multiline"]
|
94
|
+
===== Multi-line events
|
95
|
+
|
96
|
+
If you are shipping events that span multiple lines, you need to use
|
61
97
|
the {filebeat-ref}/multiline-examples.html[configuration options available in
|
62
98
|
Filebeat] to handle multiline events before sending the event data to Logstash.
|
63
99
|
You cannot use the {logstash-ref}/plugins-codecs-multiline.html[Multiline codec
|
64
100
|
plugin] to handle multiline events. Doing so will result in the failure to start
|
65
101
|
Logstash.
|
102
|
+
endif::[]
|
103
|
+
|
104
|
+
//Content for Elastic Agent
|
105
|
+
ifeval::["{plugin}"!="beats"]
|
106
|
+
[id="plugins-{type}s-{plugin}-limitations"]
|
107
|
+
===== Elastic Agent and Fleet limitations
|
108
|
+
|
109
|
+
Early releases of Elastic Agent and Fleet have some limitations, including support for advanced Beats settings like multiline, processors, and so forth.
|
110
|
+
For more information, see {fleet-guide}/fleet-limitations.html[Limitations of this release].
|
111
|
+
endif::[]
|
66
112
|
|
113
|
+
//Content for Beats
|
114
|
+
ifeval::["{plugin}"=="beats"]
|
67
115
|
[id="plugins-{type}s-{plugin}-versioned-indexes"]
|
68
116
|
==== Versioned indices
|
69
117
|
|
@@ -86,6 +134,7 @@ Logstash `@timestamp` field.
|
|
86
134
|
|
87
135
|
This configuration results in daily index names like
|
88
136
|
+filebeat-{logstash_version}-{localdate}+.
|
137
|
+
endif::[]
|
89
138
|
|
90
139
|
|
91
140
|
[id="plugins-{type}s-{plugin}-ecs_metadata"]
|
@@ -103,8 +152,8 @@ output.
|
|
103
152
|
|=======================================================================
|
104
153
|
|ECS disabled |ECS v1 |Availability |Description
|
105
154
|
|
106
|
-
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the
|
107
|
-
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the
|
155
|
+
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the {plugin-singular} host
|
156
|
+
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the {plugin-uc} client
|
108
157
|
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
|
109
158
|
|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
|
110
159
|
|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
|
@@ -112,7 +161,7 @@ output.
|
|
112
161
|
|=======================================================================
|
113
162
|
|
114
163
|
[id="plugins-{type}s-{plugin}-options"]
|
115
|
-
==== {plugin-uc}
|
164
|
+
==== {plugin-uc} input configuration options
|
116
165
|
|
117
166
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
118
167
|
|
@@ -151,7 +200,7 @@ input plugins.
|
|
151
200
|
* Value type is <<boolean,boolean>>
|
152
201
|
* Default value is `false`
|
153
202
|
|
154
|
-
Flag to determine whether to add `host` field to event using the value supplied by the
|
203
|
+
Flag to determine whether to add `host` field to event using the value supplied by the {plugin-singular} in the `hostname` field.
|
155
204
|
|
156
205
|
|
157
206
|
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
@@ -1,11 +1,11 @@
|
|
1
1
|
# AUTOGENERATED BY THE GRADLE SCRIPT. DO NOT EDIT.
|
2
2
|
|
3
3
|
require 'jar_dependencies'
|
4
|
-
require_jar('io.netty', 'netty-all', '4.1.
|
4
|
+
require_jar('io.netty', 'netty-all', '4.1.65.Final')
|
5
5
|
require_jar('org.javassist', 'javassist', '3.24.0-GA')
|
6
6
|
require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
|
7
7
|
require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
|
8
|
-
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.
|
8
|
+
require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
|
9
9
|
require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
|
10
10
|
require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
|
11
|
-
require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.
|
11
|
+
require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.6')
|
Binary file
|
Binary file
|
Binary file
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-beats
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 6.1.
|
4
|
+
version: 6.1.6
|
5
5
|
platform: java
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-07-15 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
@@ -20,8 +20,8 @@ dependencies:
|
|
20
20
|
- !ruby/object:Gem::Version
|
21
21
|
version: '2.99'
|
22
22
|
name: logstash-core-plugin-api
|
23
|
-
prerelease: false
|
24
23
|
type: :runtime
|
24
|
+
prerelease: false
|
25
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
@@ -37,8 +37,8 @@ dependencies:
|
|
37
37
|
- !ruby/object:Gem::Version
|
38
38
|
version: '0'
|
39
39
|
name: logstash-codec-plain
|
40
|
-
prerelease: false
|
41
40
|
type: :runtime
|
41
|
+
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - ">="
|
@@ -51,8 +51,8 @@ dependencies:
|
|
51
51
|
- !ruby/object:Gem::Version
|
52
52
|
version: '1.0'
|
53
53
|
name: concurrent-ruby
|
54
|
-
prerelease: false
|
55
54
|
type: :runtime
|
55
|
+
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
@@ -65,8 +65,8 @@ dependencies:
|
|
65
65
|
- !ruby/object:Gem::Version
|
66
66
|
version: 0.3.5
|
67
67
|
name: thread_safe
|
68
|
-
prerelease: false
|
69
68
|
type: :runtime
|
69
|
+
prerelease: false
|
70
70
|
version_requirements: !ruby/object:Gem::Requirement
|
71
71
|
requirements:
|
72
72
|
- - "~>"
|
@@ -79,8 +79,8 @@ dependencies:
|
|
79
79
|
- !ruby/object:Gem::Version
|
80
80
|
version: 2.0.5
|
81
81
|
name: logstash-codec-multiline
|
82
|
-
prerelease: false
|
83
82
|
type: :runtime
|
83
|
+
prerelease: false
|
84
84
|
version_requirements: !ruby/object:Gem::Requirement
|
85
85
|
requirements:
|
86
86
|
- - ">="
|
@@ -96,8 +96,8 @@ dependencies:
|
|
96
96
|
- !ruby/object:Gem::Version
|
97
97
|
version: 0.3.4
|
98
98
|
name: jar-dependencies
|
99
|
-
prerelease: false
|
100
99
|
type: :runtime
|
100
|
+
prerelease: false
|
101
101
|
version_requirements: !ruby/object:Gem::Requirement
|
102
102
|
requirements:
|
103
103
|
- - "~>"
|
@@ -113,8 +113,8 @@ dependencies:
|
|
113
113
|
- !ruby/object:Gem::Version
|
114
114
|
version: '1.1'
|
115
115
|
name: logstash-mixin-ecs_compatibility_support
|
116
|
-
prerelease: false
|
117
116
|
type: :runtime
|
117
|
+
prerelease: false
|
118
118
|
version_requirements: !ruby/object:Gem::Requirement
|
119
119
|
requirements:
|
120
120
|
- - "~>"
|
@@ -127,8 +127,8 @@ dependencies:
|
|
127
127
|
- !ruby/object:Gem::Version
|
128
128
|
version: 0.0.6
|
129
129
|
name: flores
|
130
|
-
prerelease: false
|
131
130
|
type: :development
|
131
|
+
prerelease: false
|
132
132
|
version_requirements: !ruby/object:Gem::Requirement
|
133
133
|
requirements:
|
134
134
|
- - "~>"
|
@@ -141,8 +141,8 @@ dependencies:
|
|
141
141
|
- !ruby/object:Gem::Version
|
142
142
|
version: '0'
|
143
143
|
name: rspec
|
144
|
-
prerelease: false
|
145
144
|
type: :development
|
145
|
+
prerelease: false
|
146
146
|
version_requirements: !ruby/object:Gem::Requirement
|
147
147
|
requirements:
|
148
148
|
- - ">="
|
@@ -155,8 +155,8 @@ dependencies:
|
|
155
155
|
- !ruby/object:Gem::Version
|
156
156
|
version: '0'
|
157
157
|
name: stud
|
158
|
-
prerelease: false
|
159
158
|
type: :development
|
159
|
+
prerelease: false
|
160
160
|
version_requirements: !ruby/object:Gem::Requirement
|
161
161
|
requirements:
|
162
162
|
- - ">="
|
@@ -169,8 +169,8 @@ dependencies:
|
|
169
169
|
- !ruby/object:Gem::Version
|
170
170
|
version: '0'
|
171
171
|
name: pry
|
172
|
-
prerelease: false
|
173
172
|
type: :development
|
173
|
+
prerelease: false
|
174
174
|
version_requirements: !ruby/object:Gem::Requirement
|
175
175
|
requirements:
|
176
176
|
- - ">="
|
@@ -183,8 +183,8 @@ dependencies:
|
|
183
183
|
- !ruby/object:Gem::Version
|
184
184
|
version: '0'
|
185
185
|
name: rspec-wait
|
186
|
-
prerelease: false
|
187
186
|
type: :development
|
187
|
+
prerelease: false
|
188
188
|
version_requirements: !ruby/object:Gem::Requirement
|
189
189
|
requirements:
|
190
190
|
- - ">="
|
@@ -197,8 +197,8 @@ dependencies:
|
|
197
197
|
- !ruby/object:Gem::Version
|
198
198
|
version: '0'
|
199
199
|
name: logstash-devutils
|
200
|
-
prerelease: false
|
201
200
|
type: :development
|
201
|
+
prerelease: false
|
202
202
|
version_requirements: !ruby/object:Gem::Requirement
|
203
203
|
requirements:
|
204
204
|
- - ">="
|
@@ -211,8 +211,8 @@ dependencies:
|
|
211
211
|
- !ruby/object:Gem::Version
|
212
212
|
version: '0'
|
213
213
|
name: logstash-codec-json
|
214
|
-
prerelease: false
|
215
214
|
type: :development
|
215
|
+
prerelease: false
|
216
216
|
version_requirements: !ruby/object:Gem::Requirement
|
217
217
|
requirements:
|
218
218
|
- - ">="
|
@@ -225,8 +225,8 @@ dependencies:
|
|
225
225
|
- !ruby/object:Gem::Version
|
226
226
|
version: '0'
|
227
227
|
name: childprocess
|
228
|
-
prerelease: false
|
229
228
|
type: :development
|
229
|
+
prerelease: false
|
230
230
|
version_requirements: !ruby/object:Gem::Requirement
|
231
231
|
requirements:
|
232
232
|
- - ">="
|
@@ -248,7 +248,6 @@ files:
|
|
248
248
|
- PROTOCOL.md
|
249
249
|
- README.md
|
250
250
|
- VERSION
|
251
|
-
- docs/agent.asciidoc
|
252
251
|
- docs/index.asciidoc
|
253
252
|
- lib/logstash-input-beats_jars.rb
|
254
253
|
- lib/logstash/inputs/beats.rb
|
@@ -281,12 +280,12 @@ files:
|
|
281
280
|
- spec/support/shared_examples.rb
|
282
281
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-annotations/2.9.10/jackson-annotations-2.9.10.jar
|
283
282
|
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-core/2.9.10/jackson-core-2.9.10.jar
|
284
|
-
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.
|
283
|
+
- vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
|
285
284
|
- vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
|
286
|
-
- vendor/jar-dependencies/io/netty/netty-all/4.1.
|
285
|
+
- vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
|
287
286
|
- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
|
288
287
|
- vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
|
289
|
-
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.
|
288
|
+
- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.6/logstash-input-beats-6.1.6.jar
|
290
289
|
homepage: http://www.elastic.co/guide/en/logstash/current/index.html
|
291
290
|
licenses:
|
292
291
|
- Apache License (2.0)
|
@@ -309,8 +308,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
309
308
|
- !ruby/object:Gem::Version
|
310
309
|
version: '0'
|
311
310
|
requirements: []
|
312
|
-
|
313
|
-
rubygems_version: 2.6.13
|
311
|
+
rubygems_version: 3.0.6
|
314
312
|
signing_key:
|
315
313
|
specification_version: 4
|
316
314
|
summary: Receives events from the Elastic Beats framework
|
data/docs/agent.asciidoc
DELETED
@@ -1,320 +0,0 @@
|
|
1
|
-
:plugin: agent
|
2
|
-
:type: input
|
3
|
-
:default_codec: plain
|
4
|
-
|
5
|
-
///////////////////////////////////////////
|
6
|
-
START - GENERATED VARIABLES, DO NOT EDIT!
|
7
|
-
///////////////////////////////////////////
|
8
|
-
|
9
|
-
// Copied from Beats generated plugin output.
|
10
|
-
// Not actively generated at this time!
|
11
|
-
|
12
|
-
////
|
13
|
-
:version: %VERSION%
|
14
|
-
:release_date: %RELEASE_DATE%
|
15
|
-
:changelog_url: %CHANGELOG_URL%
|
16
|
-
:include_path: ../../../../logstash/docs/include
|
17
|
-
////
|
18
|
-
|
19
|
-
///////////////////////////////////////////
|
20
|
-
END - GENERATED VARIABLES, DO NOT EDIT!
|
21
|
-
///////////////////////////////////////////
|
22
|
-
|
23
|
-
[id="plugins-{type}s-{plugin}"]
|
24
|
-
|
25
|
-
=== Agent input plugin
|
26
|
-
|
27
|
-
include::{include_path}/plugin_header.asciidoc[]
|
28
|
-
|
29
|
-
==== Description
|
30
|
-
|
31
|
-
This input plugin enables Logstash to receive events from the
|
32
|
-
https://www.elastic.co/products/beats[Elastic Beats] framework.
|
33
|
-
|
34
|
-
The following example shows how to configure Logstash to listen on port
|
35
|
-
5044 for incoming Beats connections and to index into Elasticsearch.
|
36
|
-
|
37
|
-
[source,logstash]
|
38
|
-
-----
|
39
|
-
|
40
|
-
input {
|
41
|
-
beats {
|
42
|
-
port => 5044
|
43
|
-
}
|
44
|
-
}
|
45
|
-
|
46
|
-
output {
|
47
|
-
elasticsearch {
|
48
|
-
hosts => ["http://localhost:9200"]
|
49
|
-
index => "%{[@metadata][beat]}-%{[@metadata][version]}" <1>
|
50
|
-
}
|
51
|
-
}
|
52
|
-
-----
|
53
|
-
<1> `%{[@metadata][beat]}` sets the first part of the index name to the value
|
54
|
-
of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to
|
55
|
-
the Beat's version. For example:
|
56
|
-
metricbeat-7.4.0.
|
57
|
-
|
58
|
-
Events indexed into Elasticsearch with the Logstash configuration shown here
|
59
|
-
will be similar to events directly indexed by Beats into Elasticsearch.
|
60
|
-
|
61
|
-
NOTE: If ILM is not being used, set `index` to
|
62
|
-
`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
|
63
|
-
Logstash creates an index per day, based on the `@timestamp` value of the events
|
64
|
-
coming from Beats.
|
65
|
-
|
66
|
-
IMPORTANT: If you are shipping events that span multiple lines, you need to use
|
67
|
-
the {filebeat-ref}/multiline-examples.html[configuration options available in
|
68
|
-
Filebeat] to handle multiline events before sending the event data to Logstash.
|
69
|
-
You cannot use the {logstash-ref}/plugins-codecs-multiline.html[Multiline codec
|
70
|
-
plugin] to handle multiline events. Doing so will result in the failure to start
|
71
|
-
Logstash.
|
72
|
-
|
73
|
-
[id="plugins-{type}s-{plugin}-versioned-indexes"]
|
74
|
-
==== Versioned Beats Indices
|
75
|
-
|
76
|
-
To minimize the impact of future schema changes on your existing indices and
|
77
|
-
mappings in Elasticsearch, configure the Elasticsearch output to write to
|
78
|
-
versioned indices. The pattern that you specify for the `index` setting
|
79
|
-
controls the index name:
|
80
|
-
|
81
|
-
[source,yaml]
|
82
|
-
----
|
83
|
-
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
|
84
|
-
----
|
85
|
-
|
86
|
-
`%{[@metadata][beat]}`:: Sets the first part of the index name to the value of
|
87
|
-
the `beat` metadata field, for example, `filebeat`.
|
88
|
-
`%{[@metadata][version]}`:: Sets the second part of the name to the Beat
|
89
|
-
version, for example, +{logstash_version}+.
|
90
|
-
`%{+YYYY.MM.dd}`:: Sets the third part of the name to a date based on the
|
91
|
-
Logstash `@timestamp` field.
|
92
|
-
|
93
|
-
This configuration results in daily index names like
|
94
|
-
+filebeat-{logstash_version}-{localdate}+.
|
95
|
-
|
96
|
-
|
97
|
-
[id="plugins-{type}s-{plugin}-ecs_metadata"]
|
98
|
-
==== Event Metadata and the Elastic Common Schema (ECS)
|
99
|
-
When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
|
100
|
-
which contains the `hostname` provided by beats and the `ip_address` containing the remote address
|
101
|
-
of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
|
102
|
-
enabled these are now moved in ECS compatible namespace.
|
103
|
-
|
104
|
-
[id="plugins-{type}s-{plugin}-options"]
|
105
|
-
==== Agent Input Configuration Options
|
106
|
-
|
107
|
-
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
108
|
-
|
109
|
-
[cols="<,<,<",options="header",]
|
110
|
-
|=======================================================================
|
111
|
-
|Setting |Input type|Required
|
112
|
-
| <<plugins-{type}s-{plugin}-add_hostname>> |<<boolean,boolean>>|No
|
113
|
-
| <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
|
114
|
-
| <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
|
115
|
-
| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
|
116
|
-
| <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
|
117
|
-
| <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
|
118
|
-
| <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
|
119
|
-
| <<plugins-{type}s-{plugin}-ssl>> |<<boolean,boolean>>|No
|
120
|
-
| <<plugins-{type}s-{plugin}-ssl_certificate>> |a valid filesystem path|No
|
121
|
-
| <<plugins-{type}s-{plugin}-ssl_certificate_authorities>> |<<array,array>>|No
|
122
|
-
| <<plugins-{type}s-{plugin}-ssl_handshake_timeout>> |<<number,number>>|No
|
123
|
-
| <<plugins-{type}s-{plugin}-ssl_key>> |a valid filesystem path|No
|
124
|
-
| <<plugins-{type}s-{plugin}-ssl_key_passphrase>> |<<password,password>>|No
|
125
|
-
| <<plugins-{type}s-{plugin}-ssl_verify_mode>> |<<string,string>>, one of `["none", "peer", "force_peer"]`|No
|
126
|
-
| <<plugins-{type}s-{plugin}-ssl_peer_metadata>> |<<boolean,boolean>>|No
|
127
|
-
| <<plugins-{type}s-{plugin}-tls_max_version>> |<<number,number>>|No
|
128
|
-
| <<plugins-{type}s-{plugin}-tls_min_version>> |<<number,number>>|No
|
129
|
-
|=======================================================================
|
130
|
-
|
131
|
-
Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
|
132
|
-
input plugins.
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
[id="plugins-{type}s-{plugin}-add_hostname"]
|
137
|
-
===== `add_hostname`
|
138
|
-
|
139
|
-
deprecated[6.0.0, The default value has been changed to `false`. In 7.0.0 this setting will be removed]
|
140
|
-
|
141
|
-
* Value type is <<boolean,boolean>>
|
142
|
-
* Default value is `false`
|
143
|
-
|
144
|
-
Flag to determine whether to add `host` field to event using the value supplied by the beat in the `hostname` field.
|
145
|
-
|
146
|
-
|
147
|
-
[id="plugins-{type}s-{plugin}-cipher_suites"]
|
148
|
-
===== `cipher_suites`
|
149
|
-
|
150
|
-
* Value type is <<array,array>>
|
151
|
-
* Default value is `java.lang.String[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256]@459cfcca`
|
152
|
-
|
153
|
-
The list of ciphers suite to use, listed by priorities.
|
154
|
-
|
155
|
-
[id="plugins-{type}s-{plugin}-client_inactivity_timeout"]
|
156
|
-
===== `client_inactivity_timeout`
|
157
|
-
|
158
|
-
* Value type is <<number,number>>
|
159
|
-
* Default value is `60`
|
160
|
-
|
161
|
-
Close Idle clients after X seconds of inactivity.
|
162
|
-
|
163
|
-
[id="plugins-{type}s-{plugin}-ecs_compatibility"]
|
164
|
-
===== `ecs_compatibility`
|
165
|
-
|
166
|
-
* Value type is <<string,string>>
|
167
|
-
* Supported values are:
|
168
|
-
** `disabled`: unstructured connection metadata added at root level
|
169
|
-
** `v1`: structured connection metadata added under ECS compliant namespaces
|
170
|
-
* Default value depends on which version of Logstash is running:
|
171
|
-
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
172
|
-
** Otherwise, the default value is `disabled`.
|
173
|
-
|
174
|
-
Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
|
175
|
-
The value of this setting affects the keys for the Beats connection's metadata on the event:
|
176
|
-
|
177
|
-
.Metadata Location by `ecs_compatibility` value
|
178
|
-
[cols="<l,<l,e,<e"]
|
179
|
-
|=======================================================================
|
180
|
-
|`disabled` |`v1` |Availability |Description
|
181
|
-
|
182
|
-
|[host] |[@metadata][input][beats][host][name] |Always |Name or address of the beat host
|
183
|
-
|[@metadata][ip_address] |[@metadata][input][beats][host][ip] |Always |IP address of the Beats client
|
184
|
-
|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
|
185
|
-
|[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
|
186
|
-
|[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
|
187
|
-
|[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
|
188
|
-
|=======================================================================
|
189
|
-
|
190
|
-
[id="plugins-{type}s-{plugin}-host"]
|
191
|
-
===== `host`
|
192
|
-
|
193
|
-
* Value type is <<string,string>>
|
194
|
-
* Default value is `"0.0.0.0"`
|
195
|
-
|
196
|
-
The IP address to listen on.
|
197
|
-
|
198
|
-
[id="plugins-{type}s-{plugin}-include_codec_tag"]
|
199
|
-
===== `include_codec_tag`
|
200
|
-
|
201
|
-
* Value type is <<boolean,boolean>>
|
202
|
-
* Default value is `true`
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
[id="plugins-{type}s-{plugin}-port"]
|
207
|
-
===== `port`
|
208
|
-
|
209
|
-
* This is a required setting.
|
210
|
-
* Value type is <<number,number>>
|
211
|
-
* There is no default value for this setting.
|
212
|
-
|
213
|
-
The port to listen on.
|
214
|
-
|
215
|
-
[id="plugins-{type}s-{plugin}-ssl"]
|
216
|
-
===== `ssl`
|
217
|
-
|
218
|
-
* Value type is <<boolean,boolean>>
|
219
|
-
* Default value is `false`
|
220
|
-
|
221
|
-
Events are by default sent in plain text. You can
|
222
|
-
enable encryption by setting `ssl` to true and configuring
|
223
|
-
the `ssl_certificate` and `ssl_key` options.
|
224
|
-
|
225
|
-
[id="plugins-{type}s-{plugin}-ssl_certificate"]
|
226
|
-
===== `ssl_certificate`
|
227
|
-
|
228
|
-
* Value type is <<path,path>>
|
229
|
-
* There is no default value for this setting.
|
230
|
-
|
231
|
-
SSL certificate to use.
|
232
|
-
|
233
|
-
[id="plugins-{type}s-{plugin}-ssl_certificate_authorities"]
|
234
|
-
===== `ssl_certificate_authorities`
|
235
|
-
|
236
|
-
* Value type is <<array,array>>
|
237
|
-
* Default value is `[]`
|
238
|
-
|
239
|
-
Validate client certificates against these authorities.
|
240
|
-
You can define multiple files or paths. All the certificates will
|
241
|
-
be read and added to the trust store. You need to configure the `ssl_verify_mode`
|
242
|
-
to `peer` or `force_peer` to enable the verification.
|
243
|
-
|
244
|
-
|
245
|
-
[id="plugins-{type}s-{plugin}-ssl_handshake_timeout"]
|
246
|
-
===== `ssl_handshake_timeout`
|
247
|
-
|
248
|
-
* Value type is <<number,number>>
|
249
|
-
* Default value is `10000`
|
250
|
-
|
251
|
-
Time in milliseconds for an incomplete ssl handshake to timeout
|
252
|
-
|
253
|
-
[id="plugins-{type}s-{plugin}-ssl_key"]
|
254
|
-
===== `ssl_key`
|
255
|
-
|
256
|
-
* Value type is <<path,path>>
|
257
|
-
* There is no default value for this setting.
|
258
|
-
|
259
|
-
SSL key to use.
|
260
|
-
NOTE: This key need to be in the PKCS8 format, you can convert it with https://www.openssl.org/docs/man1.1.0/apps/pkcs8.html[OpenSSL]
|
261
|
-
for more information.
|
262
|
-
|
263
|
-
[id="plugins-{type}s-{plugin}-ssl_key_passphrase"]
|
264
|
-
===== `ssl_key_passphrase`
|
265
|
-
|
266
|
-
* Value type is <<password,password>>
|
267
|
-
* There is no default value for this setting.
|
268
|
-
|
269
|
-
SSL key passphrase to use.
|
270
|
-
|
271
|
-
[id="plugins-{type}s-{plugin}-ssl_verify_mode"]
|
272
|
-
===== `ssl_verify_mode`
|
273
|
-
|
274
|
-
* Value can be any of: `none`, `peer`, `force_peer`
|
275
|
-
* Default value is `"none"`
|
276
|
-
|
277
|
-
By default the server doesn't do any client verification.
|
278
|
-
|
279
|
-
`peer` will make the server ask the client to provide a certificate.
|
280
|
-
If the client provides a certificate, it will be validated.
|
281
|
-
|
282
|
-
`force_peer` will make the server ask the client to provide a certificate.
|
283
|
-
If the client doesn't provide a certificate, the connection will be closed.
|
284
|
-
|
285
|
-
This option needs to be used with `ssl_certificate_authorities` and a defined list of CAs.
|
286
|
-
|
287
|
-
[id="plugins-{type}s-{plugin}-ssl_peer_metadata"]
|
288
|
-
===== `ssl_peer_metadata`
|
289
|
-
|
290
|
-
* Value type is <<boolean,boolean>>
|
291
|
-
* Default value is `false`
|
292
|
-
|
293
|
-
Enables storing client certificate information in event's metadata.
|
294
|
-
|
295
|
-
This option is only valid when `ssl_verify_mode` is set to `peer` or `force_peer`.
|
296
|
-
|
297
|
-
[id="plugins-{type}s-{plugin}-tls_max_version"]
|
298
|
-
===== `tls_max_version`
|
299
|
-
|
300
|
-
* Value type is <<number,number>>
|
301
|
-
* Default value is `1.2`
|
302
|
-
|
303
|
-
The maximum TLS version allowed for the encrypted connections. The value must be the one of the following:
|
304
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
305
|
-
|
306
|
-
[id="plugins-{type}s-{plugin}-tls_min_version"]
|
307
|
-
===== `tls_min_version`
|
308
|
-
|
309
|
-
* Value type is <<number,number>>
|
310
|
-
* Default value is `1`
|
311
|
-
|
312
|
-
The minimum TLS version allowed for the encrypted connections. The value must be one of the following:
|
313
|
-
1.0 for TLS 1.0, 1.1 for TLS 1.1, 1.2 for TLS 1.2
|
314
|
-
|
315
|
-
|
316
|
-
|
317
|
-
[id="plugins-{type}s-{plugin}-common-options"]
|
318
|
-
include::{include_path}/{type}.asciidoc[]
|
319
|
-
|
320
|
-
:default_codec!:
|