logstash-input-elasticsearch 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +2 -0
- data/README.md +4 -4
- data/lib/logstash/inputs/elasticsearch.rb +37 -29
- data/logstash-input-elasticsearch.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f8380a3a71bd40498ef5838731f767fdcd095b75
|
4
|
+
data.tar.gz: e41dc06f80647729e588a1c36549269ca8aad48c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6e8802b10b181d74e845ca63ac6479c7d8d56bc012d0c163f7b84d10733b9acbd494b2de94c8960aa64d9eb6739b2d11babec180b0d64fa6c3a8d26528c08198
|
7
|
+
data.tar.gz: dd2988ee5fd12baf2b1753330cb4716797f62e97b9f34f9961615f60790fadaa19c7f09090b6aafa9b3d10f61446ff30f3f60e0f00176fec20d7a8bea8c0d574
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
# Logstash Plugin
|
2
2
|
|
3
|
-
This is a plugin for [Logstash](https://github.com/
|
3
|
+
This is a plugin for [Logstash](https://github.com/elastic/logstash).
|
4
4
|
|
5
5
|
It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
|
6
6
|
|
7
7
|
## Documentation
|
8
8
|
|
9
|
-
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.
|
9
|
+
Logstash provides infrastructure to automatically generate documentation for this plugin. We use the asciidoc format to write documentation so any comments in the source code will be first converted into asciidoc and then into html. All plugin documentation are placed under one [central location](http://www.elastic.co/guide/en/logstash/current/).
|
10
10
|
|
11
11
|
- For formatting code or config example, you can use the asciidoc `[source,ruby]` directive
|
12
|
-
- For more asciidoc formatting tips, see the excellent reference here https://github.com/
|
12
|
+
- For more asciidoc formatting tips, see the excellent reference here https://github.com/elastic/docs#asciidoc-guide
|
13
13
|
|
14
14
|
## Need Help?
|
15
15
|
|
@@ -83,4 +83,4 @@ Programming is not a required skill. Whatever you've seen about open source and
|
|
83
83
|
|
84
84
|
It is more important to the community that you are able to contribute.
|
85
85
|
|
86
|
-
For more information about contributing, see the [CONTRIBUTING](https://github.com/
|
86
|
+
For more information about contributing, see the [CONTRIBUTING](https://github.com/elastic/logstash/blob/master/CONTRIBUTING.md) file.
|
@@ -11,7 +11,7 @@ require "base64"
|
|
11
11
|
# input {
|
12
12
|
# # Read all documents from Elasticsearch matching the given query
|
13
13
|
# elasticsearch {
|
14
|
-
#
|
14
|
+
# hosts => "localhost"
|
15
15
|
# query => '{ "query": { "match": { "statuscode": 200 } } }'
|
16
16
|
# }
|
17
17
|
# }
|
@@ -32,11 +32,10 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
32
32
|
default :codec, "json"
|
33
33
|
|
34
34
|
# List of elasticsearch hosts to use for querying.
|
35
|
+
# each host can be either IP, HOST, IP:port or HOST:port
|
36
|
+
# port defaults to 9200
|
35
37
|
config :hosts, :validate => :array
|
36
38
|
|
37
|
-
# The HTTP port of your Elasticsearch server's REST interface.
|
38
|
-
config :port, :validate => :number, :default => 9200
|
39
|
-
|
40
39
|
# The index or alias to search.
|
41
40
|
config :index, :validate => :string, :default => "logstash-*"
|
42
41
|
|
@@ -68,7 +67,7 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
68
67
|
# [source, ruby]
|
69
68
|
# input {
|
70
69
|
# elasticsearch {
|
71
|
-
#
|
70
|
+
# hosts => "es.production.mysite.org"
|
72
71
|
# index => "mydata-2018.09.*"
|
73
72
|
# query => "*"
|
74
73
|
# size => 500
|
@@ -127,7 +126,10 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
127
126
|
end
|
128
127
|
|
129
128
|
hosts = if @ssl then
|
130
|
-
@hosts.map
|
129
|
+
@hosts.map do |h|
|
130
|
+
host, port = h.split(":")
|
131
|
+
{ :host => host, :scheme => 'https', :port => port }
|
132
|
+
end
|
131
133
|
else
|
132
134
|
@hosts
|
133
135
|
end
|
@@ -138,6 +140,32 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
138
140
|
|
139
141
|
@client = Elasticsearch::Client.new(:hosts => hosts, :transport_options => transport_options)
|
140
142
|
end
|
143
|
+
|
144
|
+
private
|
145
|
+
def run_next(output_queue, scroll_id)
|
146
|
+
r = scroll_request(scroll_id)
|
147
|
+
r['hits']['hits'].each do |hit|
|
148
|
+
event = LogStash::Event.new(hit['_source'])
|
149
|
+
decorate(event)
|
150
|
+
|
151
|
+
if @docinfo
|
152
|
+
event[@docinfo_target] ||= {}
|
153
|
+
|
154
|
+
unless event[@docinfo_target].is_a?(Hash)
|
155
|
+
@logger.error("Elasticsearch Input: Incompatible Event, incompatible type for the `@metadata` field in the `_source` document, expected a hash got:", :metadata_type => event[@docinfo_target].class)
|
156
|
+
|
157
|
+
raise Exception.new("Elasticsearch input: incompatible event")
|
158
|
+
end
|
159
|
+
|
160
|
+
@docinfo_fields.each do |field|
|
161
|
+
event[@docinfo_target][field] = hit[field]
|
162
|
+
end
|
163
|
+
end
|
164
|
+
output_queue << event
|
165
|
+
end
|
166
|
+
|
167
|
+
{:has_hits => r['hits']['hits'].any?, :scroll_id => r['_scroll_id']}
|
168
|
+
end
|
141
169
|
|
142
170
|
public
|
143
171
|
def run(output_queue)
|
@@ -147,31 +175,11 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
147
175
|
|
148
176
|
# since 'scan' doesn't return data on the search call, do an extra scroll
|
149
177
|
if @scan
|
150
|
-
|
178
|
+
resp = run_next(output_queue, r['_scroll_id'])
|
151
179
|
end
|
152
180
|
|
153
|
-
while
|
154
|
-
|
155
|
-
event = LogStash::Event.new(hit['_source'])
|
156
|
-
decorate(event)
|
157
|
-
|
158
|
-
if @docinfo
|
159
|
-
event[@docinfo_target] ||= {}
|
160
|
-
|
161
|
-
unless event[@docinfo_target].is_a?(Hash)
|
162
|
-
@logger.error("Elasticsearch Input: Incompatible Event, incompatible type for the `@metadata` field in the `_source` document, expected a hash got:", :metadata_type => event[@docinfo_target].class)
|
163
|
-
|
164
|
-
raise Exception.new("Elasticsearch input: incompatible event")
|
165
|
-
end
|
166
|
-
|
167
|
-
@docinfo_fields.each do |field|
|
168
|
-
event[@docinfo_target][field] = hit[field]
|
169
|
-
end
|
170
|
-
end
|
171
|
-
|
172
|
-
output_queue << event
|
173
|
-
end
|
174
|
-
r = scroll_request(r['_scroll_id'])
|
181
|
+
while resp[:has_hits] do
|
182
|
+
resp = run_next(output_queue, resp[:scroll_id])
|
175
183
|
end
|
176
184
|
end # def run
|
177
185
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-input-elasticsearch'
|
4
|
-
s.version = '1.0.
|
4
|
+
s.version = '1.0.1'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Read from an Elasticsearch cluster, based on search query results"
|
7
7
|
s.description = "This gem is a logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logstash-input-elasticsearch
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elastic
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-08-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: logstash-core
|