logstash-input-beats 6.1.6-java → 6.2.3-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: bdfb961f6671cbce9a01f9df53f0e2fa83ec6ac2f14521b51f2dfe32508b181b
-  data.tar.gz: ebf3b53c4b9efd6dd9be89b76e3d46ee2cae71f9c01d481fabddb4104e0ea546
+  metadata.gz: 446bfe3611386055b8281c6193e7165bcdaf590b852524126d6d71f656003646
+  data.tar.gz: a7a4c6a404451d755f3ee08709af7110a0b3a78afcb0482dd3e74d03cf971cab
 SHA512:
-  metadata.gz: a060db6f3d84a1aaa41d7da73728c16d959484af1d85efce09ac811597288faf7d89a66bff10a7254f394ee51eb70b9723df8488b1c61916b9b48ea2bba6bc70
-  data.tar.gz: 467e8d01b6a2c94dcf0afffcea88aa967fb3518b6be42722691b85f4497864e8645d468b3adbdba07dd8900be23a9b858b50be3c005f777f4da49b021b40fd63
+  metadata.gz: ccb49c86382f59e90759a1b65cc6d51d84e55c58761de3ae36e000b13fded516a6f25ac2fc654bb3e6e1900a7ba1387fff6962dc19523614a3e17d97f9530a8a
+  data.tar.gz: 8b3751ecca1e985b2e2ed1ef5caae6062b6a7310b2f3fc3a7e3a627537e6e9c1a57f490d2f4f7d325200eb59655a5d4b74cf65fec50829c32d0f30fffb3f3e1f

data/CHANGELOG.md

@@ -1,3 +1,20 @@
+## 6.2.3
+ - Updated log4j dependency to 2.15.0
+
+## 6.2.2
+ - Fix: update to Gradle 7 [#432](https://github.com/logstash-plugins/logstash-input-beats/pull/432)
+ - [DOC] Edit documentation for `executor_threads` [#435](https://github.com/logstash-plugins/logstash-input-beats/pull/435)
+
+## 6.2.1
+ - Fix: LS failing with `ssl_peer_metadata => true` [#431](https://github.com/logstash-plugins/logstash-input-beats/pull/431)
+ - [DOC] described `executor_threads` configuration parameter [#421](https://github.com/logstash-plugins/logstash-input-beats/pull/421)
+
+## 6.2.0
+ - ECS compatibility enablement: Adds alias to support upcoming ECS v8 with the existing ECS v1 implementation
+
+## 6.1.7
+ - [DOC] Remove limitations topic and link [#428](https://github.com/logstash-plugins/logstash-input-beats/pull/428)
+
 ## 6.1.6
  - [DOC] Applied more attributes to manage plugin name in doc content, and implemented conditional text processing. [#423](https://github.com/logstash-plugins/logstash-input-http/pull/423)
 

data/VERSION

@@ -1 +1 @@
-6.1.6
+6.2.3

data/docs/index.asciidoc

@@ -101,15 +101,6 @@ plugin] to handle multiline events. Doing so will result in the failure to start
 Logstash.
 endif::[]
 
-//Content for Elastic Agent
-ifeval::["{plugin}"!="beats"]
-[id="plugins-{type}s-{plugin}-limitations"]
-===== Elastic Agent and Fleet limitations
-
-Early releases of Elastic Agent and Fleet have some limitations, including support for advanced Beats settings like multiline, processors, and so forth. 
-For more information, see {fleet-guide}/fleet-limitations.html[Limitations of this release]. 
-endif::[]
-
 //Content for Beats
 ifeval::["{plugin}"=="beats"]
 [id="plugins-{type}s-{plugin}-versioned-indexes"]
@@ -150,11 +141,11 @@ output.
 
 [cols="<l,<l,e,<e"]
 |=======================================================================
-|ECS disabled |ECS v1 |Availability |Description
+|ECS `disabled` |ECS `v1`, `v8` |Availability |Description
 
 |[host]                  |[@metadata][input][beats][host][name]   |Always       |Name or address of the {plugin-singular} host
 |[@metadata][ip_address] |[@metadata][input][beats][host][ip]     |Always       |IP address of the {plugin-uc} client
-|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`
+|[@metadata][tls_peer][status] | [@metadata][tls_peer][status] | When SSL related fields are populated | Contains "verified"/"unverified" labels in `disabled`, `true`/`false` in `v1`/`v8`
 |[@metadata][tls_peer][protocol] | [@metadata][input][beats][tls][version_protocol] | When SSL status is "verified" | Contains the TLS version used (e.g. `TLSv1.2`)
 |[@metadata][tls_peer][subject] | [@metadata][input][beats][tls][client][subject] | When SSL status is "verified" | Contains the identity name of the remote end (e.g. `CN=artifacts-no-kpi.elastic.co`)
 |[@metadata][tls_peer][cipher_suite] | [@metadata][input][beats][tls][cipher] | When SSL status is "verified" | Contains the name of cipher suite used (e.g. `TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256`)
@@ -172,6 +163,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 | <<plugins-{type}s-{plugin}-cipher_suites>> |<<array,array>>|No
 | <<plugins-{type}s-{plugin}-client_inactivity_timeout>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
+| <<plugins-{type}s-{plugin}-executor_threads>> |<<number,number>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-include_codec_tag>> |<<boolean,boolean>>|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
@@ -225,13 +217,32 @@ Close Idle clients after X seconds of inactivity.
 * Value type is <<string,string>>
 * Supported values are:
 ** `disabled`: unstructured connection metadata added at root level
-** `v1`: structured connection metadata added under ECS compliant namespaces
+** `v1`: structured connection metadata added under ECS v1 compliant namespaces
+** `v8`: structured connection metadata added under ECS v8 compliant namespaces
 * Default value depends on which version of Logstash is running:
 ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
 ** Otherwise, the default value is `disabled`.
 
 Refer to <<plugins-{type}s-{plugin}-ecs_metadata,ECS mapping>> for detailed information.
 
+[id="plugins-{type}s-{plugin}-executor_threads"]
+===== `executor_threads`
+
+  * Value type is <<number,number>>
+  * Default value is 1 executor thread per CPU core
+
+The number of threads to be used to process incoming beats requests.
+By default the Beats input creates a number of threads equal to 2*CPU cores.
+These threads handle incoming connections, reading from established sockets, and executing most of the tasks related to network connection management. 
+Parsing the Lumberjack protocol is offloaded to a dedicated thread pool.
+
+Generally you don't need to touch this setting.
+In case you are sending very large events and observing "OutOfDirectMemory" exceptions,
+you may want to reduce this number to half or 1/4 of the CPU cores.
+This change reduces the number of threads decompressing batches of data into direct memory.
+However, this will only be a mitigating tweak, as the proper solution may require resizing your Logstash deployment,
+either by increasing number of Logstash nodes or increasing the JVM's Direct Memory.
+
 [id="plugins-{type}s-{plugin}-host"]
 ===== `host`
 
@@ -363,3 +374,4 @@ The minimum TLS version allowed for the encrypted connections. The value must be
 include::{include_path}/{type}.asciidoc[]
 
 :default_codec!:
+

data/lib/logstash/inputs/beats/message_listener.rb

@@ -15,6 +15,8 @@ module LogStash module Inputs class Beats
 
     attr_reader :logger, :input, :connections_list
 
+    attr_reader :event_factory
+
     def initialize(queue, input)
       @connections_list = ThreadSafe::Hash.new
       @queue = queue
@@ -25,6 +27,7 @@ module LogStash module Inputs class Beats
 
       @nocodec_transformer = RawEventTransform.new(@input)
       @codec_transformer = DecodedEventTransform.new(@input)
+      @event_factory = input.event_factory
     end
 
     def onNewMessage(ctx, message)
@@ -39,7 +42,7 @@ module LogStash module Inputs class Beats
       extract_tls_peer(hash, ctx)
 
       if target_field.nil?
-        event = LogStash::Event.new(hash)
+        event = event_factory.new_event(hash)
         @nocodec_transformer.transform(event)
         @queue << event
       else
@@ -129,7 +132,7 @@ module LogStash module Inputs class Beats
         tls_session = ctx.channel().pipeline().get("ssl-handler").engine().getSession()
         tls_verified = true
 
-        if not @input.client_authentication_required?
+        unless @input.client_authentication_required?
           # throws SSLPeerUnverifiedException if unverified
           begin
             tls_session.getPeerCertificates()
@@ -141,18 +144,16 @@ module LogStash module Inputs class Beats
           end
         end
 
+        meta_data = hash['@metadata'] ||= {}
+
         if tls_verified
-          set_nested(hash, @field_tls_protocol_version, tls_session.getProtocol())
-          set_nested(hash, @field_tls_peer_subject, tls_session.getPeerPrincipal().getName())
-          set_nested(hash, @field_tls_cipher, tls_session.getCipherSuite())
+          meta_data['tls_peer'] = { :status => "verified" }
 
-          hash['@metadata']['tls_peer'] = {
-            :status       => "verified"
-          }
+          set_nested(hash, input.field_tls_protocol_version, tls_session.getProtocol())
+          set_nested(hash, input.field_tls_peer_subject, tls_session.getPeerPrincipal().getName())
+          set_nested(hash, input.field_tls_cipher, tls_session.getCipherSuite())
         else
-          hash['@metadata']['tls_peer'] = {
-            :status     => "unverified"
-          }
+          meta_data['tls_peer'] = { :status => "unverified" }
         end
       end
     end
@@ -163,9 +164,6 @@ module LogStash module Inputs class Beats
       field_ref = Java::OrgLogstash::FieldReference.from(field_name)
       # create @metadata sub-hash if needed
       if field_ref.type == Java::OrgLogstash::FieldReference::META_CHILD
-        unless hash.key?("@metadata")
-          hash["@metadata"] = {}
-        end
         nesting_hash = hash["@metadata"]
       else
         nesting_hash = hash

data/lib/logstash/inputs/beats.rb

@@ -6,6 +6,7 @@ require "logstash/codecs/multiline"
 require "logstash/util"
 require "logstash-input-beats_jars"
 require "logstash/plugin_mixins/ecs_compatibility_support"
+require 'logstash/plugin_mixins/event_support/event_factory_adapter'
 require_relative "beats/patch"
 
 # This input plugin enables Logstash to receive events from the
@@ -51,7 +52,9 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
   require "logstash/inputs/beats/tls"
 
   # adds ecs_compatibility config which could be :disabled or :v1
-  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled,:v1)
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled,:v1, :v8 => :v1)
+
+  include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
 
   config_name "beats"
 
@@ -126,6 +129,7 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
   config :executor_threads, :validate => :number, :default => LogStash::Config::CpuCoreStrategy.maximum
 
   attr_reader :field_hostname, :field_hostip
+  attr_reader :field_tls_protocol_version, :field_tls_peer_subject, :field_tls_cipher
 
   def register
     # For Logstash 2.4 we need to make sure that the logger is correctly set for the
@@ -164,10 +168,10 @@ class LogStash::Inputs::Beats < LogStash::Inputs::Base
 
     # define ecs name mapping
     @field_hostname = ecs_select[disabled: "host", v1: "[@metadata][input][beats][host][name]"]
-    @field_hostip   = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][beats][host][ip]"]
-    @field_tls_protocol_version   = ecs_select[disabled: "[@metadata][tls_peer][protocol]", v1: "[@metadata][input][beats][tls][version_protocol]"]
-    @field_tls_peer_subject   = ecs_select[disabled: "[@metadata][tls_peer][subject]", v1: "[@metadata][input][beats][tls][client][subject]"]
-    @field_tls_cipher   = ecs_select[disabled: "[@metadata][tls_peer][cipher_suite]", v1: "[@metadata][input][beats][tls][cipher]"]
+    @field_hostip = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][beats][host][ip]"]
+    @field_tls_protocol_version = ecs_select[disabled: "[@metadata][tls_peer][protocol]", v1: "[@metadata][input][beats][tls][version_protocol]"]
+    @field_tls_peer_subject = ecs_select[disabled: "[@metadata][tls_peer][subject]", v1: "[@metadata][input][beats][tls][client][subject]"]
+    @field_tls_cipher = ecs_select[disabled: "[@metadata][tls_peer][cipher_suite]", v1: "[@metadata][input][beats][tls][cipher]"]
 
     @logger.info("Starting input listener", :address => "#{@host}:#{@port}")
 

data/lib/logstash-input-beats_jars.rb

@@ -7,5 +7,5 @@ require_jar('com.fasterxml.jackson.core', 'jackson-core', '2.9.10')
 require_jar('com.fasterxml.jackson.core', 'jackson-annotations', '2.9.10')
 require_jar('com.fasterxml.jackson.core', 'jackson-databind', '2.9.10.8')
 require_jar('com.fasterxml.jackson.module', 'jackson-module-afterburner', '2.9.10')
-require_jar('org.apache.logging.log4j', 'log4j-api', '2.11.1')
-require_jar('org.logstash.beats', 'logstash-input-beats', '6.1.6')
+require_jar('org.apache.logging.log4j', 'log4j-api', '2.15.0')
+require_jar('org.logstash.beats', 'logstash-input-beats', '6.2.3')

data/logstash-input-beats.gemspec

@@ -27,7 +27,8 @@ Gem::Specification.new do |s|
   s.add_runtime_dependency "thread_safe", "~> 0.3.5"
   s.add_runtime_dependency "logstash-codec-multiline", ">= 2.0.5"
   s.add_runtime_dependency 'jar-dependencies', '~> 0.3', '>= 0.3.4'
-  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.1'
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.3'
+  s.add_runtime_dependency 'logstash-mixin-event_support', '~>1.0'
 
   s.add_development_dependency "flores", "~>0.0.6"
   s.add_development_dependency "rspec"

data/spec/inputs/beats/decoded_event_transform_spec.rb

@@ -31,6 +31,7 @@ describe LogStash::Inputs::Beats::DecodedEventTransform do
 
   include_examples "Common Event Transformation", :disabled, "host"
   include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
+  include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
 
   it "tags the event" do
     expect(subject.get("tags")).to include("beats_input_codec_plain_applied")

data/spec/inputs/beats/event_transform_common_spec.rb

@@ -9,4 +9,5 @@ describe LogStash::Inputs::Beats::EventTransformCommon do
 
   include_examples "Common Event Transformation", :disabled, "host"
   include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
+  include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
 end

data/spec/inputs/beats/message_listener_spec.rb

@@ -211,6 +211,7 @@ describe LogStash::Inputs::Beats::MessageListener do
 
     it_behaves_like "when the message is from any libbeat", :disabled, "[@metadata][ip_address]"
     it_behaves_like "when the message is from any libbeat", :v1, "[@metadata][input][beats][host][ip]"
+    it_behaves_like "when the message is from any libbeat", :v8, "[@metadata][input][beats][host][ip]"
   end
 
   context "onException" do

data/spec/inputs/beats/raw_event_transform_spec.rb

@@ -20,6 +20,7 @@ describe LogStash::Inputs::Beats::RawEventTransform do
 
   include_examples "Common Event Transformation", :disabled, "host"
   include_examples "Common Event Transformation", :v1, "[@metadata][input][beats][host][name]"
+  include_examples "Common Event Transformation", :v8, "[@metadata][input][beats][host][name]"
 
   it "tags the event" do
     expect(subject.get("tags")).to include("beats_input_raw_event")

data/spec/inputs/beats_spec.rb

@@ -12,26 +12,28 @@ describe LogStash::Inputs::Beats do
   let(:connection) { double("connection") }
   let(:certificate) { BeatsInputTest.certificate }
   let(:port) { BeatsInputTest.random_port }
+  let(:client_inactivity_timeout) { 400 }
+  let(:threads) { 1 + rand(9) }
   let(:queue)  { Queue.new }
   let(:config)   do
     {
-        "port" => 0,
+        "port" => port,
         "ssl_certificate" => certificate.ssl_cert,
         "ssl_key" => certificate.ssl_key,
+        "client_inactivity_timeout" => client_inactivity_timeout,
+        "executor_threads" => threads,
         "type" => "example",
         "tags" => "beats"
     }
   end
 
+  subject(:plugin) { LogStash::Inputs::Beats.new(config) }
+
   context "#register" do
     context "host related configuration" do
-      let(:config) { super().merge("host" => host, "port" => port, "client_inactivity_timeout" => client_inactivity_timeout, "executor_threads" => threads) }
+      let(:config) { super().merge("host" => host, "port" => port) }
       let(:host) { "192.168.1.20" }
-      let(:port) { 9000 }
-      let(:client_inactivity_timeout) { 400 }
-      let(:threads) { 10 }
-
-      subject(:plugin) { LogStash::Inputs::Beats.new(config) }
+      let(:port) { 9001 }
 
       it "sends the required options to the server" do
         expect(org.logstash.beats.Server).to receive(:new).with(host, port, client_inactivity_timeout, threads)
@@ -158,9 +160,80 @@ describe LogStash::Inputs::Beats do
 
       it "raise a ConfigurationError when multiline codec is set" do
         plugin = LogStash::Inputs::Beats.new(config)
-        expect {plugin.register}.to raise_error(LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html")
+        expect { plugin.register }.to raise_error(LogStash::ConfigurationError, "Multiline codec with beats input is not supported. Please refer to the beats documentation for how to best manage multiline data. See https://www.elastic.co/guide/en/beats/filebeat/current/multiline-examples.html")
+      end
+    end
+  end
+
+  context "tls meta-data" do
+    let(:config) { super().merge("host" => host, "ssl_peer_metadata" => true, "ssl_certificate_authorities" => [ certificate.ssl_cert ]) }
+    let(:host) { "192.168.1.20" }
+    let(:port) { 9002 }
+
+    let(:queue) { Queue.new }
+    let(:event) { LogStash::Event.new }
+
+    subject(:plugin) { LogStash::Inputs::Beats.new(config) }
+
+    before do
+      @server = org.logstash.beats.Server.new(host, port, client_inactivity_timeout, threads)
+      expect( org.logstash.beats.Server ).to receive(:new).with(host, port, client_inactivity_timeout, threads).and_return @server
+      expect( @server ).to receive(:listen)
+
+      subject.register
+      subject.run(queue) # listen does nothing
+      @message_listener = @server.getMessageListener
+
+      allow( ssl_engine = double('ssl_engine') ).to receive(:getSession).and_return ssl_session
+      allow( ssl_handler = double('ssl-handler') ).to receive(:engine).and_return ssl_engine
+      allow( pipeline = double('pipeline') ).to receive(:get).and_return ssl_handler
+      allow( @channel = double('channel') ).to receive(:pipeline).and_return pipeline
+    end
+
+    let(:ctx) do
+      Java::io.netty.channel.ChannelHandlerContext.impl do |method, *args|
+        fail("unexpected #{method}( #{args} )") unless method.eql?(:channel)
+        @channel
       end
     end
+
+    let(:ssl_session) do
+      Java::javax.net.ssl.SSLSession.impl do |method, *args|
+        case method
+        when :getPeerCertificates
+          [].to_java(java.security.cert.Certificate)
+        when :getProtocol
+          'TLS-Mock'
+        when :getCipherSuite
+          'SSL_NULL_WITH_TEST_SPEC'
+        when :getPeerPrincipal
+          javax.security.auth.x500.X500Principal.new('CN=TEST, OU=RSpec, O=Logstash, C=NL', {})
+        else
+          fail("unexpected #{method}( #{args} )")
+        end
+      end
+    end
+
+    let(:ssl_session_peer_principal) do
+      javax.security.auth.x500.X500Principal
+    end
+
+    let(:message) do
+      org.logstash.beats.Message.new(0, java.util.HashMap.new('foo' => 'bar'))
+    end
+
+    it 'sets tls fields' do
+      @message_listener.onNewMessage(ctx, message)
+
+      expect( queue.size ).to be 1
+      expect( event = queue.pop ).to be_a LogStash::Event
+
+      expect( event.get('[@metadata][tls_peer][status]') ).to eql 'verified'
+
+      expect( event.get('[@metadata][tls_peer][protocol]') ).to eql 'TLS-Mock'
+      expect( event.get('[@metadata][tls_peer][cipher_suite]') ).to eql 'SSL_NULL_WITH_TEST_SPEC'
+      expect( event.get('[@metadata][tls_peer][subject]') ).to eql 'CN=TEST,OU=RSpec,O=Logstash,C=NL'
+    end
   end
 
   context "when interrupting the plugin" do

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-beats
 version: !ruby/object:Gem::Version
-  version: 6.1.6
+  version: 6.2.3
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-15 00:00:00.000000000 Z
+date: 2021-12-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -20,8 +20,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '2.99'
   name: logstash-core-plugin-api
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -37,8 +37,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-plain
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -51,8 +51,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '1.0'
   name: concurrent-ruby
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -65,8 +65,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.3.5
   name: thread_safe
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -79,8 +79,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 2.0.5
   name: logstash-codec-multiline
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -96,8 +96,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.3.4
   name: jar-dependencies
-  type: :runtime
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -111,15 +111,29 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.3'
   name: logstash-mixin-ecs_compatibility_support
+  prerelease: false
   type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.0'
+  name: logstash-mixin-event_support
   prerelease: false
+  type: :runtime
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.0'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -127,8 +141,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: 0.0.6
   name: flores
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
@@ -141,8 +155,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: rspec
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -155,8 +169,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: stud
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -169,8 +183,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: pry
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -183,8 +197,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: rspec-wait
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -197,8 +211,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-devutils
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -211,8 +225,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: logstash-codec-json
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -225,8 +239,8 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
   name: childprocess
-  type: :development
   prerelease: false
+  type: :development
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -283,9 +297,9 @@ files:
 - vendor/jar-dependencies/com/fasterxml/jackson/core/jackson-databind/2.9.10.8/jackson-databind-2.9.10.8.jar
 - vendor/jar-dependencies/com/fasterxml/jackson/module/jackson-module-afterburner/2.9.10/jackson-module-afterburner-2.9.10.jar
 - vendor/jar-dependencies/io/netty/netty-all/4.1.65.Final/netty-all-4.1.65.Final.jar
-- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.11.1/log4j-api-2.11.1.jar
+- vendor/jar-dependencies/org/apache/logging/log4j/log4j-api/2.15.0/log4j-api-2.15.0.jar
 - vendor/jar-dependencies/org/javassist/javassist/3.24.0-GA/javassist-3.24.0-GA.jar
-- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.1.6/logstash-input-beats-6.1.6.jar
+- vendor/jar-dependencies/org/logstash/beats/logstash-input-beats/6.2.3/logstash-input-beats-6.2.3.jar
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses:
 - Apache License (2.0)
@@ -308,7 +322,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Receives events from the Elastic Beats framework