logstash-input-cloudwatch_logs 0.9.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 09965d9df696c2fbbdde3e398313c24b03c63b66
+  data.tar.gz: 26c86a3ff42e46433b0e1b44f347b2beea61a238
+SHA512:
+  metadata.gz: e01a4858692aaa157e92a58bbfb1e6a0612bdeccf2696f2462f08e6f47a0463cc4d9f7c2742d6959d3ccc24d1846c6d6604536a2dc3aa3b4fc6bb0cdd8ce9b87
+  data.tar.gz: 326d311a2d86292300dd39cae935c370672b630b59cad25702b21c62c9b1dc975e23706dd6e95874c22a11080d4caea9b54ae73058142c898e4d1e517c3d2d99

data/CONTRIBUTORS

@@ -0,0 +1,20 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+* Aaron Mildenstein (untergeek)
+* Adam Tucker (adamjt)
+* John Pariseau (ururk)
+* Jordan Sissel (jordansissel)
+* Mathieu Guillaume (mguillaume)
+* Pier-Hugues Pellerin (ph)
+* Richard Pijnenburg (electrical)
+* Suyog Rao (suyograo)
+* Ted Timmons (tedder)
+* Ryan O'Keeffe (danielredoak)
+* Luke Waite (lukewaite)
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/NOTICE.TXT

@@ -0,0 +1,5 @@
+Elasticsearch
+Copyright 2012-2015 Elasticsearch
+
+This product includes software developed by The Apache Software
+Foundation (http://www.apache.org/).

data/README.md

@@ -0,0 +1,86 @@
+# Logstash Plugin
+
+This is a plugin for [Logstash](https://github.com/elasticsearch/logstash).
+
+It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
+
+## Documentation
+
+Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elasticsearch.org/guide/en/logstash/current/).
+
+- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
+- For more asciidoc formatting tips, see the excellent reference here https://github.com/elasticsearch/docs#asciidoc-guide
+
+## Need Help?
+
+Need help? Try #logstash on freenode IRC or the https://discuss.elastic.co/c/logstash discussion forum.
+
+## Developing
+
+### 1. Plugin Developement and Testing
+
+#### Code
+- To get started, you'll need JRuby with the Bundler gem installed.
+
+- Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
+
+- Install dependencies
+```sh
+bundle install
+```
+
+#### Test
+
+- Update your dependencies
+
+```sh
+bundle install
+```
+
+- Run tests
+
+```sh
+bundle exec rspec
+```
+
+### 2. Running your unpublished Plugin in Logstash
+
+#### 2.1 Run in a local Logstash clone
+
+- Edit Logstash `Gemfile` and add the local plugin path, for example:
+```ruby
+gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
+```
+- Install plugin
+```sh
+bin/plugin install --no-verify
+```
+- Run Logstash with your plugin
+```sh
+bin/logstash -e 'filter {awesome {}}'
+```
+At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
+
+#### 2.2 Run in an installed Logstash
+
+You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
+
+- Build your plugin gem
+```sh
+gem build logstash-filter-awesome.gemspec
+```
+- Install the plugin from the Logstash home
+```sh
+bin/plugin install /your/local/plugin/logstash-filter-awesome.gem
+```
+- Start Logstash and proceed to test the plugin
+
+## Contributing
+
+All contributions are welcome: ideas, patches, documentation, bug reports, complaints, and even something you drew up on a napkin.
+
+Programming is not a required skill. Whatever you've seen about open source and maintainers or community members  saying "send patches or die" - you will not see that here.
+
+It is more important to the community that you are able to contribute.
+
+For more information about contributing, see the [CONTRIBUTING](https://github.com/elasticsearch/logstash/blob/master/CONTRIBUTING.md) file.

data/lib/logstash/inputs/cloudwatch_logs.rb

@@ -0,0 +1,206 @@
+# encoding: utf-8
+require "logstash/inputs/base"
+require "logstash/namespace"
+require "logstash/plugin_mixins/aws_config"
+require "logstash/timestamp"
+require "time"
+require "tmpdir"
+require "stud/interval"
+require "stud/temporary"
+
+# Stream events from ClougWatch Logs streams.
+#
+# Primarily designed to pull logs from Lambda's which are logging to
+# CloudWatch Logs. Specify a log group, and this plugin will scan
+# all log streams in that group, and pull in any new log events.
+#
+class LogStash::Inputs::CloudWatch_Logs < LogStash::Inputs::Base
+  include LogStash::PluginMixins::AwsConfig::V2
+
+  config_name "cloudwatch_logs"
+
+  default :codec, "plain"
+
+  # Log group to pull logs from for this plugin. Will pull in all
+  # streams inside of this log group.
+  config :log_group, :validate => :string, :required => true
+
+  # Where to write the since database (keeps track of the date
+  # the last handled file was added to S3). The default will write
+  # sincedb files to some path matching "$HOME/.sincedb*"
+  # Should be a path with filename not just a directory.
+  config :sincedb_path, :validate => :string, :default => nil
+
+  # Interval to wait between to check the file list again after a run is finished.
+  # Value is in seconds.
+  config :interval, :validate => :number, :default => 60
+
+  # def register
+  public
+  def register
+    require "digest/md5"
+    require "aws-sdk"
+
+    @logger.info("Registering cloudwatch_logs input", :log_group => @log_group)
+
+    Aws::ConfigService::Client.new(aws_options_hash)
+
+    @cloudwatch = Aws::CloudWatchLogs::Client.new(aws_options_hash)
+  end #def register
+
+  # def run
+  public
+  def run(queue)
+    while !stop?
+      process_group(queue)
+      Stud.stoppable_sleep(@interval)
+    end
+  end # def run
+
+  # def list_new_streams
+  public
+  def list_new_streams(token = nil, objects = [])
+    params = {
+        :log_group_name => @log_group,
+        :order_by => "LastEventTime",
+        :descending => false
+    }
+
+    if token != nil
+      params[:next_token] = token
+    end
+
+    streams = @cloudwatch.describe_log_streams(params)
+
+    objects.push(*streams.log_streams)
+    if streams.next_token == nil
+      @logger.debug("CloudWatch Logs hit end of tokens for streams")
+      objects
+    else
+      @logger.debug("CloudWatch Logs calling list_new_streams again on token", :token => streams.next_token)
+      list_new_streams(streams.next_token, objects)
+    end
+
+  end # def list_new_streams
+
+  # def process_log
+  private
+  def process_log(queue, log, stream)
+
+    @codec.decode(log.message.to_str) do |event|
+      event[LogStash::Event::TIMESTAMP] = parse_time(log.timestamp)
+      event["[cloudwatch][ingestion_time]"] = parse_time(log.ingestion_time)
+      event["[cloudwatch][log_group]"] = @log_group
+      event["[cloudwatch][log_stream]"] = stream.log_stream_name
+      decorate(event)
+
+      queue << event
+    end
+  end
+  # def process_log
+
+  # def parse_time
+  private
+  def parse_time(data)
+    LogStash::Timestamp.at(data.to_i / 1000, (data.to_i % 1000) * 1000)
+  end # def parse_time
+
+  # def process_group
+  public
+  def process_group(queue)
+    objects = list_new_streams
+
+    last_read = sincedb.read
+    current_window = DateTime.now.strftime('%Q')
+
+    if last_read < 0
+      last_read = 1
+    end
+
+    objects.each do |stream|
+      if stream.last_ingestion_time && stream.last_ingestion_time > last_read
+        process_log_stream(queue, stream, last_read, current_window)
+      end
+    end
+
+    sincedb.write(current_window)
+  end # def process_group
+
+  # def process_log_stream
+  private
+  def process_log_stream(queue, stream, last_read, current_window, token = nil)
+    @logger.debug("CloudWatch Logs processing stream",
+                  :log_stream => stream.log_stream_name,
+                  :log_group => @log_group,
+                  :lastRead => last_read,
+                  :currentWindow => current_window,
+                  :token => token
+    )
+
+    params = {
+        :log_group_name => @log_group,
+        :log_stream_name => stream.log_stream_name,
+        :start_from_head => true
+    }
+
+    if token != nil
+      params[:next_token] = token
+    end
+
+    logs = @cloudwatch.get_log_events(params)
+
+    logs.events.each do |log|
+      if log.ingestion_time > last_read
+        process_log(queue, log, stream)
+      end
+    end
+
+    # if there are more pages, continue
+    if logs.events.count != 0 && logs.next_forward_token != nil
+      process_log_stream(queue, stream, last_read, current_window, logs.next_forward_token)
+    end
+  end # def process_log_stream
+
+  private
+  def sincedb
+    @sincedb ||= if @sincedb_path.nil?
+                   @logger.info("Using default generated file for the sincedb", :filename => sincedb_file)
+                   SinceDB::File.new(sincedb_file)
+                 else
+                   @logger.info("Using the provided sincedb_path",
+                                :sincedb_path => @sincedb_path)
+                   SinceDB::File.new(@sincedb_path)
+                 end
+  end
+
+  private
+  def sincedb_file
+    File.join(ENV["HOME"], ".sincedb_" + Digest::MD5.hexdigest("#{@log_group}"))
+  end
+
+  module SinceDB
+    class File
+      def initialize(file)
+        @sincedb_path = file
+      end
+
+      def newer?(date)
+        date > read
+      end
+
+      def read
+        if ::File.exists?(@sincedb_path)
+          since = ::File.read(@sincedb_path).chomp.strip.to_i
+        else
+          since = 1
+        end
+        return since
+      end
+
+      def write(since = nil)
+        since = DateTime.now.strftime('%Q') if since.nil?
+        ::File.open(@sincedb_path, 'w') { |file| file.write(since.to_s) }
+      end
+    end
+  end
+end # class LogStash::Inputs::CloudWatch_Logs

data/logstash-input-cloudwatch_logs.gemspec

@@ -0,0 +1,33 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-input-cloudwatch_logs'
+  s.version         = '0.9.2'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = 'Stream events from CloudWatch Logs.'
+  s.description     = 'This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program'
+  s.authors         = ['Luke Waite']
+  s.email           = 'lwaite@gmail.com'
+  s.homepage        = ''
+  s.require_paths = ['lib']
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT']
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'input' }
+
+  # Gem dependencies
+  s.add_runtime_dependency 'logstash-core', '>= 1.4.0', '< 3.0.0'
+  s.add_runtime_dependency 'logstash-mixin-aws'
+  s.add_runtime_dependency 'stud', '~> 0.0.22'
+  s.add_runtime_dependency 'aws-sdk', '~> 2.0'
+
+  s.add_development_dependency 'logstash-devutils', '>= 0.0.16'
+  s.add_development_dependency 'simplecov'
+  s.add_development_dependency 'coveralls'
+  s.add_development_dependency 'logstash-codec-json'
+end
+

data/spec/inputs/cloudwatch_logs_spec.rb

@@ -0,0 +1,2 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"

metadata

@@ -0,0 +1,173 @@
+--- !ruby/object:Gem::Specification
+name: logstash-input-cloudwatch_logs
+version: !ruby/object:Gem::Version
+  version: 0.9.2
+platform: ruby
+authors:
+- Luke Waite
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-07-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: logstash-core
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 1.4.0
+    - - <
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: logstash-mixin-aws
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: stud
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.22
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.0.22
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  prerelease: false
+  type: :runtime
+- !ruby/object:Gem::Dependency
+  name: logstash-devutils
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.16
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.16
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: coveralls
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  type: :development
+- !ruby/object:Gem::Dependency
+  name: logstash-codec-json
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  prerelease: false
+  type: :development
+description: This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program
+email: lwaite@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/logstash/inputs/cloudwatch_logs.rb
+- spec/inputs/cloudwatch_logs_spec.rb
+- logstash-input-cloudwatch_logs.gemspec
+- CHANGELOG.md
+- README.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- NOTICE.TXT
+homepage: ''
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: input
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.1.9
+signing_key:
+specification_version: 4
+summary: Stream events from CloudWatch Logs.
+test_files:
+- spec/inputs/cloudwatch_logs_spec.rb