logstash-input-elasticsearch 4.21.0 → 4.21.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +7 -0
  3. data/docs/index.asciidoc +10 -0
  4. data/lib/logstash/inputs/elasticsearch.rb +30 -10
  5. data/logstash-input-elasticsearch.gemspec +3 -3
  6. data/spec/fixtures/test_certs/GENERATED_AT +1 -0
  7. data/spec/fixtures/test_certs/ca.crt +17 -18
  8. data/spec/fixtures/test_certs/ca.der.sha256 +1 -1
  9. data/spec/fixtures/test_certs/es.chain.crt +38 -0
  10. data/spec/fixtures/test_certs/es.crt +17 -18
  11. data/spec/fixtures/test_certs/renew.sh +15 -0
  12. data/spec/inputs/elasticsearch_spec.rb +121 -8
  13. data/spec/inputs/integration/elasticsearch_spec.rb +1 -1
  14. metadata +15 -3
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: bf89e42e7146cb59e938fed4a2a2d352bc72bf5c73c59d2a674be724c686a543
4
- data.tar.gz: 9b0b0b80d4a3754dac6e5d4f2c179dbd1be2ee6d6ce6c2b1fc619c2369a808aa
3
+ metadata.gz: 70af2192f555f8afff4ef2f96072f2b215a2039207dfa12a9449f507f7b13f7b
4
+ data.tar.gz: 73621246eccfd1fbb385be5e9ca5ef9a071cdb64008cb539a1e80a08c7a0ed34
5
5
  SHA512:
6
- metadata.gz: 87223b2b656aee8d27c9f0ea92151370f3eb46b1851040054f0fa74e99ab4882278b28c85d4f8290d211ef793ab3eab9141b9c3ab343bd80cc5b9b9e7f0ceb11
7
- data.tar.gz: 10db333c4a67f69fb695bede43feb8f89692609afd74c40de3babf9b56580c18ea1d839865c66e9ec5ade759825309aecd84a2d269805583e8053b48bb563af9
6
+ metadata.gz: bbc5c842d77204339e0bb64174f98ffb8bb1728957a1f64d1f83e1f5bad27ad76fc24f44b23a64d23247b26a806cfee7cbd52a16ea34e5490f1355bcdbb98303
7
+ data.tar.gz: 7b258f80ca64e5dd16593a65d7326a5f3695f840cbf32fdeac9363a6a19d4747de9135065a7b940602cd77f43a02910b74d667761184ccb846a864e128334a20
data/CHANGELOG.md CHANGED
@@ -1,3 +1,10 @@
1
+ ## 4.21.2
2
+ - Add elastic-transport client support used in elasticsearch-ruby 8.x [#225](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/225)
3
+
4
+ ## 4.21.1
5
+ - Fix: prevent plugin crash when hits contain illegal structure [#183](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/183)
6
+ - When a hit cannot be converted to an event, the input now emits an event tagged with `_elasticsearch_input_failure` with an `[event][original]` containing a JSON-encoded string representation of the entire hit.
7
+
1
8
  ## 4.21.0
2
9
  - Add support for custom headers [#217](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/217)
3
10
 
data/docs/index.asciidoc CHANGED
@@ -93,6 +93,16 @@ The plugin logs a warning when ECS is enabled and `target` isn't set.
93
93
 
94
94
  TIP: Set the `target` option to avoid potential schema conflicts.
95
95
 
96
+ [id="plugins-{type}s-{plugin}-failure-handling"]
97
+ ==== Failure handling
98
+
99
+ When this input plugin cannot create a structured `Event` from a hit result, it will instead create an `Event` that is tagged with `_elasticsearch_input_failure` whose `[event][original]` is a JSON-encoded string representation of the entire hit.
100
+
101
+ Common causes are:
102
+
103
+ - When the hit result contains top-level fields that are {logstash-ref}/processing.html#reserved-fields[reserved in Logstash] but do not have the expected shape. Use the <<plugins-{type}s-{plugin}-target>> directive to avoid conflicts with the top-level namespace.
104
+ - When <<plugins-{type}s-{plugin}-docinfo>> is enabled and the docinfo fields cannot be merged into the hit result. Combine <<plugins-{type}s-{plugin}-target>> and <<plugins-{type}s-{plugin}-docinfo_target>> to avoid conflict.
105
+
96
106
  [id="plugins-{type}s-{plugin}-options"]
97
107
  ==== Elasticsearch Input configuration options
98
108
 
data/lib/logstash/inputs/elasticsearch.rb CHANGED
@@ -13,9 +13,7 @@ require "logstash/plugin_mixins/normalize_config_support"
13
13
  require "base64"
14
14
 
15
15
  require "elasticsearch"
16
- require "elasticsearch/transport/transport/http/manticore"
17
- require_relative "elasticsearch/patches/_elasticsearch_transport_http_manticore"
18
- require_relative "elasticsearch/patches/_elasticsearch_transport_connections_selector"
16
+ require "manticore"
19
17
 
20
18
  # .Compatibility Note
21
19
  # [NOTE]
@@ -323,7 +321,7 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
323
321
  @client_options = {
324
322
  :hosts => hosts,
325
323
  :transport_options => transport_options,
326
- :transport_class => ::Elasticsearch::Transport::Transport::HTTP::Manticore,
324
+ :transport_class => get_transport_client_class,
327
325
  :ssl => ssl_options
328
326
  }
329
327
 
@@ -353,21 +351,29 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
353
351
  # This can be called externally from the query_executor
354
352
  public
355
353
  def push_hit(hit, output_queue, root_field = '_source')
356
- event = targeted_event_factory.new_event hit[root_field]
357
- set_docinfo_fields(hit, event) if @docinfo
354
+ event = event_from_hit(hit, root_field)
358
355
  decorate(event)
359
356
  output_queue << event
360
357
  end
361
358
 
359
+ def event_from_hit(hit, root_field)
360
+ event = targeted_event_factory.new_event hit[root_field]
361
+ set_docinfo_fields(hit, event) if @docinfo
362
+
363
+ event
364
+ rescue => e
365
+ serialized_hit = hit.to_json
366
+ logger.warn("Event creation error, original data now in [event][original] field", message: e.message, exception: e.class, data: serialized_hit)
367
+ return event_factory.new_event('event' => { 'original' => serialized_hit }, 'tags' => ['_elasticsearch_input_failure'])
368
+ end
369
+
362
370
  def set_docinfo_fields(hit, event)
363
371
  # do not assume event[@docinfo_target] to be in-place updatable. first get it, update it, then at the end set it in the event.
364
372
  docinfo_target = event.get(@docinfo_target) || {}
365
373
 
366
374
  unless docinfo_target.is_a?(Hash)
367
- @logger.error("Incompatible Event, incompatible type for the docinfo_target=#{@docinfo_target} field in the `_source` document, expected a hash got:", :docinfo_target_type => docinfo_target.class, :event => event.to_hash_with_metadata)
368
-
369
- # TODO: (colin) I am not sure raising is a good strategy here?
370
- raise Exception.new("Elasticsearch input: incompatible event")
375
+ # expect error to be handled by `#event_from_hit`
376
+ fail RuntimeError, "Incompatible event; unable to merge docinfo fields into docinfo_target=`#{@docinfo_target}`"
371
377
  end
372
378
 
373
379
  @docinfo_fields.each do |field|
@@ -670,6 +676,20 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
670
676
  end
671
677
  end
672
678
 
679
+ def get_transport_client_class
680
+ # LS-core includes `elasticsearch` gem. The gem is composed of two separate gems: `elasticsearch-api` and `elasticsearch-transport`
681
+ # And now `elasticsearch-transport` is old, instead we have `elastic-transport`.
682
+ # LS-core updated `elasticsearch` > 8: https://github.com/elastic/logstash/pull/17161
683
+ # Following source bits are for the compatibility to support both `elasticsearch-transport` and `elastic-transport` gems
684
+ require "elasticsearch/transport/transport/http/manticore"
685
+ require_relative "elasticsearch/patches/_elasticsearch_transport_http_manticore"
686
+ require_relative "elasticsearch/patches/_elasticsearch_transport_connections_selector"
687
+ ::Elasticsearch::Transport::Transport::HTTP::Manticore
688
+ rescue ::LoadError
689
+ require "elastic/transport/transport/http/manticore"
690
+ ::Elastic::Transport::Transport::HTTP::Manticore
691
+ end
692
+
673
693
  module URIOrEmptyValidator
674
694
  ##
675
695
  # @override to provide :uri_or_empty validator
data/logstash-input-elasticsearch.gemspec CHANGED
@@ -1,13 +1,13 @@
1
1
  Gem::Specification.new do |s|
2
2
 
3
3
  s.name = 'logstash-input-elasticsearch'
4
- s.version = '4.21.0'
4
+ s.version = '4.21.2'
5
5
  s.licenses = ['Apache License (2.0)']
6
6
  s.summary = "Reads query results from an Elasticsearch cluster"
7
7
  s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
8
8
  s.authors = ["Elastic"]
9
9
  s.email = 'info@elastic.co'
10
- s.homepage = "http://www.elastic.co/guide/en/logstash/current/index.html"
10
+ s.homepage = "https://elastic.co/logstash"
11
11
  s.require_paths = ["lib"]
12
12
 
13
13
  # Files
@@ -26,7 +26,7 @@ Gem::Specification.new do |s|
26
26
  s.add_runtime_dependency "logstash-mixin-validator_support", '~> 1.0'
27
27
  s.add_runtime_dependency "logstash-mixin-scheduler", '~> 1.0'
28
28
 
29
- s.add_runtime_dependency 'elasticsearch', '>= 7.17.9'
29
+ s.add_runtime_dependency 'elasticsearch', '>= 7.17.9', '< 9'
30
30
  s.add_runtime_dependency 'logstash-mixin-ca_trusted_fingerprint_support', '~> 1.0'
31
31
  s.add_runtime_dependency 'logstash-mixin-normalize_config_support', '~>1.0'
32
32
 
data/spec/fixtures/test_certs/GENERATED_AT ADDED
@@ -0,0 +1 @@
1
+ 2024-12-26T22:27:15+00:00
data/spec/fixtures/test_certs/ca.crt CHANGED
@@ -1,20 +1,19 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIDSTCCAjGgAwIBAgIUUcAg9c8B8jiliCkOEJyqoAHrmccwDQYJKoZIhvcNAQEL
3
- BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
4
- cmF0ZWQgQ0EwHhcNMjEwODEyMDUxNDU1WhcNMjQwODExMDUxNDU1WjA0MTIwMAYD
5
- VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
6
- ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HuusRuGNsztd4EQvqwcMr
7
- 8XvnNNaalerpMOorCGySEFrNf0HxDIVMGMCrOv1F8SvlcGq3XANs2MJ4F2xhhLZr
8
- PpqVHx+QnSZ66lu5R89QVSuMh/dCMxhNBlOA/dDlvy+EJBl9H791UGy/ChhSgaBd
9
- OKVyGkhjErRTeMIq7rR7UG6GL/fV+JGy41UiLrm1KQP7/XVD9UzZfGq/hylFkTPe
10
- oox5BUxdxUdDZ2creOID+agtIYuJVIkelKPQ+ljBY3kWBRexqJQsvyNUs1gZpjpz
11
- YUCzuVcXDRuJXYQXGqWXhsBPfJv+ZcSyMIBUfWT/G13cWU1iwufPy0NjajowPZsC
12
- AwEAAaNTMFEwHQYDVR0OBBYEFMgkye5+2l+TE0I6RsXRHjGBwpBGMB8GA1UdIwQY
13
- MBaAFMgkye5+2l+TE0I6RsXRHjGBwpBGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
14
- hvcNAQELBQADggEBAIgtJW8sy5lBpzPRHkmWSS/SCZIPsABW+cHqQ3e0udrI3CLB
15
- G9n7yqAPWOBTbdqC2GM8dvAS/Twx4Bub/lWr84dFCu+t0mQq4l5kpJMVRS0KKXPL
16
- DwJbUN3oPNYy4uPn5Xi+XY3BYFce5vwJUsqIxeAbIOxVTNx++k5DFnB0ESAM23QL
17
- sgUZl7xl3/DkdO4oHj30gmTRW9bjCJ6umnHIiO3JoJatrprurUIt80vHC4Ndft36
18
- NBQ9mZpequ4RYjpSZNLcVsxyFAYwEY4g8MvH0MoMo2RRLfehmMCzXnI/Wh2qEyYz
19
- emHprBii/5y1HieKXlX9CZRb5qEPHckDVXW3znw=
2
+ MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylFbGFz
3
+ dGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTAeFw0yNDEyMjYy
4
+ MjI3MTVaFw0yNTEyMjYyMjI3MTVaMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlm
5
+ aWNhdGUgVG9vbCBBdXRvZ2VuZXJhdGVkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
6
+ AQ8AMIIBCgKCAQEArUe66xG4Y2zO13gRC+rBwyvxe+c01pqV6ukw6isIbJIQWs1/
7
+ QfEMhUwYwKs6/UXxK+VwardcA2zYwngXbGGEtms+mpUfH5CdJnrqW7lHz1BVK4yH
8
+ 90IzGE0GU4D90OW/L4QkGX0fv3VQbL8KGFKBoF04pXIaSGMStFN4wirutHtQboYv
9
+ 99X4kbLjVSIuubUpA/v9dUP1TNl8ar+HKUWRM96ijHkFTF3FR0NnZyt44gP5qC0h
10
+ i4lUiR6Uo9D6WMFjeRYFF7GolCy/I1SzWBmmOnNhQLO5VxcNG4ldhBcapZeGwE98
11
+ m/5lxLIwgFR9ZP8bXdxZTWLC58/LQ2NqOjA9mwIDAQABozIwMDAPBgNVHRMBAf8E
12
+ BTADAQH/MB0GA1UdDgQWBBTIJMnuftpfkxNCOkbF0R4xgcKQRjANBgkqhkiG9w0B
13
+ AQsFAAOCAQEAhfg/cmXc4Uh90yiXU8jOW8saQjTsq4ZMDQiLfJsNmNNYmHFN0vhv
14
+ lJRI1STdy7+GpjS5QbrMjQIxWSS8X8xysE4Rt81IrWmLuao35TRFyoiE1seBQ5sz
15
+ p/BxZUe57JvWi9dyzv2df4UfWFdGBhzdr80odZmz4i5VIv6qCKJKsGikcuLpepmp
16
+ E/UKnKHeR/dFWsxzA9P2OzHTUNBMOOA2PyAUL49pwoChwJeOWN/zAgwMWLbuHFG0
17
+ IN0u8swAmeH98QdvzbhiOatGNpqfTNvQEDc19yVjfXKpBVZQ79WtronYSqrbrUa1
18
+ T2zD8bIVP7CdddD/UmpT1SSKh4PJxudy5Q==
20
19
  -----END CERTIFICATE-----
data/spec/fixtures/test_certs/ca.der.sha256 CHANGED
@@ -1 +1 @@
1
- 195a7e7b1bc29f3d7913a918a44721704d27fa56facea0cd72a8093c7107c283
1
+ b1e955819b0d14f64f863adb103c248ddacf2e17bea48d04ee4b57c64814ccc4
data/spec/fixtures/test_certs/es.chain.crt ADDED
@@ -0,0 +1,38 @@
1
+ -----BEGIN CERTIFICATE-----
2
+ MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylFbGFz
3
+ dGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTAeFw0yNDEyMjYy
4
+ MjI3MTVaFw0yNTEyMjYyMjI3MTVaMA0xCzAJBgNVBAMTAmVzMIIBIjANBgkqhkiG
5
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZLZvLSWDK7Ul+AaBnjU81dsfaow8zOjCC5V
6
+ V21nXpYzQJoQbuWcvGYxwL7ZDs2ca4Wc8BVCj1NDduHuP7U+QIlUdQpl8kh5a0Zz
7
+ 36pcFw7UyF51/AzWixJrht/Azzkb5cpZtE22ZK0KhS4oCsjJmTN0EABAsGhDI9/c
8
+ MjNrUC7iP0dvfOuzAPp7ufY83h98jKKXUYV24snbbvmqoWI6GQQNSG/sEo1+1UGH
9
+ /z07/mVKoBAa5DVoNGvxN0fCE7vW7hkhT8+frJcsYFatAbnf6ql0KzEa8lN9u0gR
10
+ hQNM3zcKKsjEMomBzVBc4SV3KXO0d/jGdDtlqsm2oXqlTMdtGwIDAQABo2cwZTAY
11
+ BgNVHREEETAPgg1lbGFzdGljc2VhcmNoMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFQU
12
+ K+6Cg2kExRj1xSDzEi4kkgKXMB8GA1UdIwQYMBaAFMgkye5+2l+TE0I6RsXRHjGB
13
+ wpBGMA0GCSqGSIb3DQEBCwUAA4IBAQB6cZ7IrDzcAoOZgAt9RlOe2yzQeH+alttp
14
+ CSQVINjJotS1WvmtqjBB6ArqLpXIGU89TZsktNe/NQJzgYSaMnlIuHVLFdxJYmwU
15
+ T1cP6VC/brmqP/dd5y7VWE7Lp+Wd5CxKl/WY+9chmgc+a1fW/lnPEJJ6pca1Bo8b
16
+ byIL0yY2IUv4R2eh1IyQl9oGH1GOPLgO7cY04eajxYcOVA2eDSItoyDtrJfkFP/P
17
+ UXtC1JAkvWKuujFEiBj0AannhroWlp3gvChhBwCuCAU0KXD6g8BE8tn6oT1+FW7J
18
+ avSfHxAe+VHtYhF8sJ8jrdm0d7E4GKS9UR/pkLAL1JuRdJ1VkPx3
19
+ -----END CERTIFICATE-----
20
+ -----BEGIN CERTIFICATE-----
21
+ MIIDFTCCAf2gAwIBAgIBATANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylFbGFz
22
+ dGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTAeFw0yNDEyMjYy
23
+ MjI3MTVaFw0yNTEyMjYyMjI3MTVaMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlm
24
+ aWNhdGUgVG9vbCBBdXRvZ2VuZXJhdGVkIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
25
+ AQ8AMIIBCgKCAQEArUe66xG4Y2zO13gRC+rBwyvxe+c01pqV6ukw6isIbJIQWs1/
26
+ QfEMhUwYwKs6/UXxK+VwardcA2zYwngXbGGEtms+mpUfH5CdJnrqW7lHz1BVK4yH
27
+ 90IzGE0GU4D90OW/L4QkGX0fv3VQbL8KGFKBoF04pXIaSGMStFN4wirutHtQboYv
28
+ 99X4kbLjVSIuubUpA/v9dUP1TNl8ar+HKUWRM96ijHkFTF3FR0NnZyt44gP5qC0h
29
+ i4lUiR6Uo9D6WMFjeRYFF7GolCy/I1SzWBmmOnNhQLO5VxcNG4ldhBcapZeGwE98
30
+ m/5lxLIwgFR9ZP8bXdxZTWLC58/LQ2NqOjA9mwIDAQABozIwMDAPBgNVHRMBAf8E
31
+ BTADAQH/MB0GA1UdDgQWBBTIJMnuftpfkxNCOkbF0R4xgcKQRjANBgkqhkiG9w0B
32
+ AQsFAAOCAQEAhfg/cmXc4Uh90yiXU8jOW8saQjTsq4ZMDQiLfJsNmNNYmHFN0vhv
33
+ lJRI1STdy7+GpjS5QbrMjQIxWSS8X8xysE4Rt81IrWmLuao35TRFyoiE1seBQ5sz
34
+ p/BxZUe57JvWi9dyzv2df4UfWFdGBhzdr80odZmz4i5VIv6qCKJKsGikcuLpepmp
35
+ E/UKnKHeR/dFWsxzA9P2OzHTUNBMOOA2PyAUL49pwoChwJeOWN/zAgwMWLbuHFG0
36
+ IN0u8swAmeH98QdvzbhiOatGNpqfTNvQEDc19yVjfXKpBVZQ79WtronYSqrbrUa1
37
+ T2zD8bIVP7CdddD/UmpT1SSKh4PJxudy5Q==
38
+ -----END CERTIFICATE-----
data/spec/fixtures/test_certs/es.crt CHANGED
@@ -1,20 +1,19 @@
1
1
  -----BEGIN CERTIFICATE-----
2
- MIIDNjCCAh6gAwIBAgIUF9wE+oqGSbm4UVn1y9gEjzyaJFswDQYJKoZIhvcNAQEL
3
- BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
4
- cmF0ZWQgQ0EwHhcNMjEwODEyMDUxNTI3WhcNMjQwODExMDUxNTI3WjANMQswCQYD
5
- VQQDEwJlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2S2by0lgyu
6
- 1JfgGgZ41PNXbH2qMPMzowguVVdtZ16WM0CaEG7lnLxmMcC+2Q7NnGuFnPAVQo9T
7
- Q3bh7j+1PkCJVHUKZfJIeWtGc9+qXBcO1MhedfwM1osSa4bfwM85G+XKWbRNtmSt
8
- CoUuKArIyZkzdBAAQLBoQyPf3DIza1Au4j9Hb3zrswD6e7n2PN4ffIyil1GFduLJ
9
- 2275qqFiOhkEDUhv7BKNftVBh/89O/5lSqAQGuQ1aDRr8TdHwhO71u4ZIU/Pn6yX
10
- LGBWrQG53+qpdCsxGvJTfbtIEYUDTN83CirIxDKJgc1QXOEldylztHf4xnQ7ZarJ
11
- tqF6pUzHbRsCAwEAAaNnMGUwHQYDVR0OBBYEFFQUK+6Cg2kExRj1xSDzEi4kkgKX
12
- MB8GA1UdIwQYMBaAFMgkye5+2l+TE0I6RsXRHjGBwpBGMBgGA1UdEQQRMA+CDWVs
13
- YXN0aWNzZWFyY2gwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAinaknZIc
14
- 7xtQNwUwa+kdET+I4lMz+TJw9vTjGKPJqe082n81ycKU5b+a/OndG90z+dTwhShW
15
- f0oZdIe/1rDCdiRU4ceCZA4ybKrFDIbW8gOKZOx9rsgEx9XNELj4ocZTBqxjQmNE
16
- Ho91fli5aEm0EL2vJgejh4hcfDeElQ6go9gtvAHQ57XEADQSenvt69jOICOupnS+
17
- LSjDVhv/VLi3CAip0B+lD5fX/DVQdrJ62eRGuQYxoouE3saCO58qUUrKB39yD9KA
18
- qRA/sVxyLogxaU+5dLfc0NJdOqSzStxQ2vdMvAWo9tZZ2UBGFrk5SdwCQe7Yv5mX
19
- qi02i4q6meHGcw==
2
+ MIIDIzCCAgugAwIBAgIBATANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylFbGFz
3
+ dGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTAeFw0yNDEyMjYy
4
+ MjI3MTVaFw0yNTEyMjYyMjI3MTVaMA0xCzAJBgNVBAMTAmVzMIIBIjANBgkqhkiG
5
+ 9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZLZvLSWDK7Ul+AaBnjU81dsfaow8zOjCC5V
6
+ V21nXpYzQJoQbuWcvGYxwL7ZDs2ca4Wc8BVCj1NDduHuP7U+QIlUdQpl8kh5a0Zz
7
+ 36pcFw7UyF51/AzWixJrht/Azzkb5cpZtE22ZK0KhS4oCsjJmTN0EABAsGhDI9/c
8
+ MjNrUC7iP0dvfOuzAPp7ufY83h98jKKXUYV24snbbvmqoWI6GQQNSG/sEo1+1UGH
9
+ /z07/mVKoBAa5DVoNGvxN0fCE7vW7hkhT8+frJcsYFatAbnf6ql0KzEa8lN9u0gR
10
+ hQNM3zcKKsjEMomBzVBc4SV3KXO0d/jGdDtlqsm2oXqlTMdtGwIDAQABo2cwZTAY
11
+ BgNVHREEETAPgg1lbGFzdGljc2VhcmNoMAkGA1UdEwQCMAAwHQYDVR0OBBYEFFQU
12
+ K+6Cg2kExRj1xSDzEi4kkgKXMB8GA1UdIwQYMBaAFMgkye5+2l+TE0I6RsXRHjGB
13
+ wpBGMA0GCSqGSIb3DQEBCwUAA4IBAQB6cZ7IrDzcAoOZgAt9RlOe2yzQeH+alttp
14
+ CSQVINjJotS1WvmtqjBB6ArqLpXIGU89TZsktNe/NQJzgYSaMnlIuHVLFdxJYmwU
15
+ T1cP6VC/brmqP/dd5y7VWE7Lp+Wd5CxKl/WY+9chmgc+a1fW/lnPEJJ6pca1Bo8b
16
+ byIL0yY2IUv4R2eh1IyQl9oGH1GOPLgO7cY04eajxYcOVA2eDSItoyDtrJfkFP/P
17
+ UXtC1JAkvWKuujFEiBj0AannhroWlp3gvChhBwCuCAU0KXD6g8BE8tn6oT1+FW7J
18
+ avSfHxAe+VHtYhF8sJ8jrdm0d7E4GKS9UR/pkLAL1JuRdJ1VkPx3
20
19
  -----END CERTIFICATE-----
data/spec/fixtures/test_certs/renew.sh ADDED
@@ -0,0 +1,15 @@
1
+ #!/usr/bin/env bash
2
+
3
+ set -e
4
+ cd "$(dirname "$0")"
5
+
6
+ openssl x509 -x509toreq -in ca.crt -copy_extensions copyall -signkey ca.key -out ca.csr
7
+ openssl x509 -req -copy_extensions copyall -days 365 -in ca.csr -set_serial 0x01 -signkey ca.key -out ca.crt && rm ca.csr
8
+ openssl x509 -in ca.crt -outform der | sha256sum | awk '{print $1}' > ca.der.sha256
9
+
10
+ openssl x509 -x509toreq -in es.crt -copy_extensions copyall -signkey es.key -out es.csr
11
+ openssl x509 -req -copy_extensions copyall -days 365 -in es.csr -set_serial 0x01 -CA ca.crt -CAkey ca.key -out es.crt && rm es.csr
12
+ cat es.crt ca.crt > es.chain.crt
13
+
14
+ # output ISO8601 timestamp to file
15
+ date -Iseconds > GENERATED_AT
data/spec/inputs/elasticsearch_spec.rb CHANGED
@@ -21,6 +21,13 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
21
21
  let(:es_version) { "7.5.0" }
22
22
  let(:cluster_info) { {"version" => {"number" => es_version, "build_flavor" => build_flavor}, "tagline" => "You Know, for Search"} }
23
23
 
24
+ def elastic_ruby_v8_client_available?
25
+ Elasticsearch::Transport
26
+ false
27
+ rescue NameError # NameError: uninitialized constant Elasticsearch::Transport if Elastic Ruby client is not available
28
+ true
29
+ end
30
+
24
31
  before(:each) do
25
32
  Elasticsearch::Client.send(:define_method, :ping) { } # define no-action ping method
26
33
  allow_any_instance_of(Elasticsearch::Client).to receive(:info).and_return(cluster_info)
@@ -79,9 +86,11 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
79
86
 
80
87
  before do
81
88
  allow(Elasticsearch::Client).to receive(:new).and_return(es_client)
82
- allow(es_client).to receive(:info).and_raise(
83
- Elasticsearch::Transport::Transport::Errors::BadRequest.new
84
- )
89
+ if elastic_ruby_v8_client_available?
90
+ allow(es_client).to receive(:info).and_raise(Elastic::Transport::Transport::Errors::BadRequest.new)
91
+ else
92
+ allow(es_client).to receive(:info).and_raise(Elasticsearch::Transport::Transport::Errors::BadRequest.new)
93
+ end
85
94
  end
86
95
 
87
96
  it "raises an exception" do
@@ -653,11 +662,28 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
653
662
  context 'if the `docinfo_target` exist but is not of type hash' do
654
663
  let(:config) { base_config.merge 'docinfo' => true, "docinfo_target" => 'metadata_with_string' }
655
664
  let(:do_register) { false }
665
+ let(:mock_queue) { double('Queue', :<< => nil) }
666
+ let(:hit) { response.dig('hits', 'hits').first }
667
+
668
+ it 'emits a tagged event with JSON-serialized event in [event][original]' do
669
+ allow(plugin).to receive(:logger).and_return(double('Logger').as_null_object)
656
670
 
657
- it 'raises an exception if the `docinfo_target` exist but is not of type hash' do
658
- expect(client).not_to receive(:clear_scroll)
659
671
  plugin.register
660
- expect { plugin.run([]) }.to raise_error(Exception, /incompatible event/)
672
+ plugin.run(mock_queue)
673
+
674
+ expect(mock_queue).to have_received(:<<) do |event|
675
+ expect(event).to be_a_kind_of LogStash::Event
676
+
677
+ expect(event.get('tags')).to include("_elasticsearch_input_failure")
678
+ expect(event.get('[event][original]')).to be_a_kind_of String
679
+ expect(JSON.load(event.get('[event][original]'))).to eq hit
680
+ end
681
+
682
+ expect(plugin.logger)
683
+ .to have_received(:warn).with(
684
+ a_string_including("Event creation error, original data now in [event][original] field"),
685
+ a_hash_including(:message => a_string_including('unable to merge docinfo fields into docinfo_target=`metadata_with_string`'),
686
+ :data => a_string_including('"_id":"C5b2xLQwTZa76jBmHIbwHQ"')))
661
687
  end
662
688
 
663
689
  end
@@ -714,8 +740,13 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
714
740
  it "should set host(s)" do
715
741
  plugin.register
716
742
  client = plugin.send(:client)
717
-
718
- expect( client.transport.instance_variable_get(:@seeds) ).to eql [{
743
+ target_field = :@seeds
744
+ begin
745
+ Elasticsearch::Transport::Client
746
+ rescue
747
+ target_field = :@hosts
748
+ end
749
+ expect( client.transport.instance_variable_get(target_field) ).to eql [{
719
750
  :scheme => "https",
720
751
  :host => "ac31ebb90241773157043c34fd26fd46.us-central1.gcp.cloud.es.io",
721
752
  :port => 9243,
@@ -1235,6 +1266,88 @@ describe LogStash::Inputs::Elasticsearch, :ecs_compatibility_support do
1235
1266
  end
1236
1267
  end
1237
1268
 
1269
+ context '#push_hit' do
1270
+ let(:config) do
1271
+ {
1272
+ 'docinfo' => true, # include ids
1273
+ 'docinfo_target' => '[@metadata][docinfo]'
1274
+ }
1275
+ end
1276
+
1277
+ let(:hit) do
1278
+ JSON.load(<<~EOJSON)
1279
+ {
1280
+ "_index" : "test_bulk_index_2",
1281
+ "_type" : "_doc",
1282
+ "_id" : "sHe6A3wBesqF7ydicQvG",
1283
+ "_score" : 1.0,
1284
+ "_source" : {
1285
+ "@timestamp" : "2021-09-20T15:02:02.557Z",
1286
+ "message" : "ping",
1287
+ "@version" : "17",
1288
+ "sequence" : 7,
1289
+ "host" : {
1290
+ "name" : "maybe.local",
1291
+ "ip" : "127.0.0.1"
1292
+ }
1293
+ }
1294
+ }
1295
+ EOJSON
1296
+ end
1297
+
1298
+ let(:mock_queue) { double('queue', :<< => nil) }
1299
+
1300
+ it 'pushes a generated event to the queue' do
1301
+ plugin.send(:push_hit, hit, mock_queue)
1302
+ expect(mock_queue).to have_received(:<<) do |event|
1303
+ expect(event).to be_a_kind_of LogStash::Event
1304
+
1305
+ # fields overriding defaults
1306
+ expect(event.timestamp.to_s).to eq("2021-09-20T15:02:02.557Z")
1307
+ expect(event.get('@version')).to eq("17")
1308
+
1309
+ # structure from hit's _source
1310
+ expect(event.get('message')).to eq("ping")
1311
+ expect(event.get('sequence')).to eq(7)
1312
+ expect(event.get('[host][name]')).to eq("maybe.local")
1313
+ expect(event.get('[host][ip]')).to eq("127.0.0.1")
1314
+
1315
+ # docinfo fields
1316
+ expect(event.get('[@metadata][docinfo][_index]')).to eq("test_bulk_index_2")
1317
+ expect(event.get('[@metadata][docinfo][_type]')).to eq("_doc")
1318
+ expect(event.get('[@metadata][docinfo][_id]')).to eq("sHe6A3wBesqF7ydicQvG")
1319
+ end
1320
+ end
1321
+
1322
+ context 'when event creation fails' do
1323
+ before(:each) do
1324
+ allow(plugin).to receive(:logger).and_return(double('Logger').as_null_object)
1325
+
1326
+ allow(plugin.event_factory).to receive(:new_event).and_call_original
1327
+ allow(plugin.event_factory).to receive(:new_event).with(a_hash_including hit['_source']).and_raise(RuntimeError, 'intentional')
1328
+ end
1329
+
1330
+ it 'pushes a tagged event containing a JSON-encoded hit in [event][original]' do
1331
+ plugin.send(:push_hit, hit, mock_queue)
1332
+
1333
+ expect(mock_queue).to have_received(:<<) do |event|
1334
+ expect(event).to be_a_kind_of LogStash::Event
1335
+
1336
+ expect(event.get('tags')).to include("_elasticsearch_input_failure")
1337
+ expect(event.get('[event][original]')).to be_a_kind_of String
1338
+ expect(JSON.load(event.get('[event][original]'))).to eq hit
1339
+ end
1340
+
1341
+ expect(plugin.logger)
1342
+ .to have_received(:warn).with(
1343
+ a_string_including("Event creation error, original data now in [event][original] field"),
1344
+ a_hash_including(:message => a_string_including('intentional'),
1345
+ :data => a_string_including('"_id":"sHe6A3wBesqF7ydicQvG"')))
1346
+
1347
+ end
1348
+ end
1349
+ end
1350
+
1238
1351
  # @note can be removed once we depends on elasticsearch gem >= 6.x
1239
1352
  def extract_transport(client) # on 7.x client.transport is a ES::Transport::Client
1240
1353
  client.transport.respond_to?(:transport) ? client.transport.transport : client.transport
data/spec/inputs/integration/elasticsearch_spec.rb CHANGED
@@ -4,7 +4,7 @@ require "logstash/plugin"
4
4
  require "logstash/inputs/elasticsearch"
5
5
  require_relative "../../../spec/es_helper"
6
6
 
7
- describe LogStash::Inputs::Elasticsearch, :integration => true do
7
+ describe LogStash::Inputs::Elasticsearch do
8
8
 
9
9
  SECURE_INTEGRATION = ENV['SECURE_INTEGRATION'].eql? 'true'
10
10
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-input-elasticsearch
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.21.0
4
+ version: 4.21.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elastic
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-12-18 00:00:00.000000000 Z
11
+ date: 2025-03-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  requirement: !ruby/object:Gem::Requirement
@@ -92,6 +92,9 @@ dependencies:
92
92
  - - ">="
93
93
  - !ruby/object:Gem::Version
94
94
  version: 7.17.9
95
+ - - "<"
96
+ - !ruby/object:Gem::Version
97
+ version: '9'
95
98
  name: elasticsearch
96
99
  type: :runtime
97
100
  prerelease: false
@@ -100,6 +103,9 @@ dependencies:
100
103
  - - ">="
101
104
  - !ruby/object:Gem::Version
102
105
  version: 7.17.9
106
+ - - "<"
107
+ - !ruby/object:Gem::Version
108
+ version: '9'
103
109
  - !ruby/object:Gem::Dependency
104
110
  requirement: !ruby/object:Gem::Requirement
105
111
  requirements:
@@ -277,16 +283,19 @@ files:
277
283
  - lib/logstash/inputs/elasticsearch/patches/_elasticsearch_transport_http_manticore.rb
278
284
  - logstash-input-elasticsearch.gemspec
279
285
  - spec/es_helper.rb
286
+ - spec/fixtures/test_certs/GENERATED_AT
280
287
  - spec/fixtures/test_certs/ca.crt
281
288
  - spec/fixtures/test_certs/ca.der.sha256
282
289
  - spec/fixtures/test_certs/ca.key
290
+ - spec/fixtures/test_certs/es.chain.crt
283
291
  - spec/fixtures/test_certs/es.crt
284
292
  - spec/fixtures/test_certs/es.key
293
+ - spec/fixtures/test_certs/renew.sh
285
294
  - spec/inputs/elasticsearch_spec.rb
286
295
  - spec/inputs/elasticsearch_ssl_spec.rb
287
296
  - spec/inputs/integration/elasticsearch_spec.rb
288
297
  - spec/inputs/paginated_search_spec.rb
289
- homepage: http://www.elastic.co/guide/en/logstash/current/index.html
298
+ homepage: https://elastic.co/logstash
290
299
  licenses:
291
300
  - Apache License (2.0)
292
301
  metadata:
@@ -313,11 +322,14 @@ specification_version: 4
313
322
  summary: Reads query results from an Elasticsearch cluster
314
323
  test_files:
315
324
  - spec/es_helper.rb
325
+ - spec/fixtures/test_certs/GENERATED_AT
316
326
  - spec/fixtures/test_certs/ca.crt
317
327
  - spec/fixtures/test_certs/ca.der.sha256
318
328
  - spec/fixtures/test_certs/ca.key
329
+ - spec/fixtures/test_certs/es.chain.crt
319
330
  - spec/fixtures/test_certs/es.crt
320
331
  - spec/fixtures/test_certs/es.key
332
+ - spec/fixtures/test_certs/renew.sh
321
333
  - spec/inputs/elasticsearch_spec.rb
322
334
  - spec/inputs/elasticsearch_ssl_spec.rb
323
335
  - spec/inputs/integration/elasticsearch_spec.rb