logstash-input-elasticsearch 4.9.1 → 4.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/docs/index.asciidoc +37 -10
- data/lib/logstash/inputs/{patch.rb → elasticsearch/patches/_elasticsearch_transport_connections_selector.rb} +9 -6
- data/lib/logstash/inputs/elasticsearch/patches/_elasticsearch_transport_http_manticore.rb +43 -0
- data/lib/logstash/inputs/elasticsearch.rb +60 -35
- data/logstash-input-elasticsearch.gemspec +10 -8
- data/spec/es_helper.rb +17 -16
- data/spec/fixtures/test_certs/ca.crt +20 -0
- data/spec/fixtures/test_certs/ca.key +27 -0
- data/spec/fixtures/test_certs/es.crt +20 -0
- data/spec/fixtures/test_certs/es.key +27 -0
- data/spec/inputs/elasticsearch_spec.rb +306 -132
- data/spec/inputs/integration/elasticsearch_spec.rb +24 -12
- metadata +78 -50
- data/spec/fixtures/test_certs/ca/ca.crt +0 -32
- data/spec/fixtures/test_certs/ca/ca.key +0 -51
- data/spec/fixtures/test_certs/test.crt +0 -36
- data/spec/fixtures/test_certs/test.key +0 -51
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5e0b94cdf348e1d25d3007f0d98637e11fea82606ac8116962f999d8743cd0f3
|
4
|
+
data.tar.gz: 82f489d3d852073644e488e0ced799d676f33e2c496d2353cbad911e87311b21
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9be021ff84622606a6e3959055e4180cad9976dece9a690d732c289186243de051c5493d2c513e665c4dbdc5cdfbd68a42dcea80b4bb2f182d44b9b807fd5a7d
|
7
|
+
data.tar.gz: 5344d73f5b88542f03d045f45a630eb36d031f09fa2a79cfd50db4b2703350f91191c500e4c86adc26cb04d5c4ec4594c13eb2e7581edbe41d8e94866e077026
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,18 @@
|
|
1
|
+
## 4.11.0
|
2
|
+
- Feat: add user-agent header passed to the Elasticsearch HTTP connection [#158](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/158)
|
3
|
+
|
4
|
+
## 4.10.0
|
5
|
+
- Feat: added ecs_compatibility + event_factory support [#149](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/149)
|
6
|
+
|
7
|
+
## 4.9.3
|
8
|
+
- Fixed SSL handshake hang indefinitely with proxy setup [#156](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/156)
|
9
|
+
|
10
|
+
## 4.9.2
|
11
|
+
- Fix: a regression (in LS 7.14.0) where due the elasticsearch client update (from 5.0.5 to 7.5.0) the `Authorization`
|
12
|
+
header isn't passed, this leads to the plugin not being able to leverage `user`/`password` credentials set by the user.
|
13
|
+
[#153](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/153)
|
14
|
+
|
15
|
+
|
1
16
|
## 4.9.1
|
2
17
|
- [DOC] Replaced hard-coded links with shared attributes [#143](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/143)
|
3
18
|
- [DOC] Added missing quote to docinfo_fields example [#145](https://github.com/logstash-plugins/logstash-input-elasticsearch/pull/145)
|
data/docs/index.asciidoc
CHANGED
@@ -83,8 +83,18 @@ Authentication to a secure Elasticsearch cluster is possible using _one_ of the
|
|
83
83
|
Authorization to a secure Elasticsearch cluster requires `read` permission at index level and `monitoring` permissions at cluster level.
|
84
84
|
The `monitoring` permission at cluster level is necessary to perform periodic connectivity checks.
|
85
85
|
|
86
|
+
[id="plugins-{type}s-{plugin}-ecs"]
|
87
|
+
==== Compatibility with the Elastic Common Schema (ECS)
|
88
|
+
|
89
|
+
When ECS compatibility is disabled, `docinfo_target` uses the `"@metadata"` field as a default, with ECS enabled the plugin
|
90
|
+
uses a naming convention `"[@metadata][input][elasticsearch]"` as a default target for placing document information.
|
91
|
+
|
92
|
+
The plugin logs a warning when ECS is enabled and `target` isn't set.
|
93
|
+
|
94
|
+
TIP: Set the `target` option to avoid potential schema conflicts.
|
95
|
+
|
86
96
|
[id="plugins-{type}s-{plugin}-options"]
|
87
|
-
==== Elasticsearch Input
|
97
|
+
==== Elasticsearch Input configuration options
|
88
98
|
|
89
99
|
This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
|
90
100
|
|
@@ -99,6 +109,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
|
|
99
109
|
| <<plugins-{type}s-{plugin}-docinfo>> |<<boolean,boolean>>|No
|
100
110
|
| <<plugins-{type}s-{plugin}-docinfo_fields>> |<<array,array>>|No
|
101
111
|
| <<plugins-{type}s-{plugin}-docinfo_target>> |<<string,string>>|No
|
112
|
+
| <<plugins-{type}s-{plugin}-ecs_compatibility>> |<<string,string>>|No
|
102
113
|
| <<plugins-{type}s-{plugin}-hosts>> |<<array,array>>|No
|
103
114
|
| <<plugins-{type}s-{plugin}-index>> |<<string,string>>|No
|
104
115
|
| <<plugins-{type}s-{plugin}-password>> |<<password,password>>|No
|
@@ -197,13 +208,14 @@ Example
|
|
197
208
|
size => 500
|
198
209
|
scroll => "5m"
|
199
210
|
docinfo => true
|
211
|
+
docinfo_target => "[@metadata][doc]"
|
200
212
|
}
|
201
213
|
}
|
202
214
|
output {
|
203
215
|
elasticsearch {
|
204
|
-
index => "copy-of-production.%{[@metadata][_index]}"
|
205
|
-
document_type => "%{[@metadata][_type]}"
|
206
|
-
document_id => "%{[@metadata][_id]}"
|
216
|
+
index => "copy-of-production.%{[@metadata][doc][_index]}"
|
217
|
+
document_type => "%{[@metadata][doc][_type]}"
|
218
|
+
document_id => "%{[@metadata][doc][_id]}"
|
207
219
|
}
|
208
220
|
}
|
209
221
|
|
@@ -214,8 +226,9 @@ Example
|
|
214
226
|
input {
|
215
227
|
elasticsearch {
|
216
228
|
docinfo => true
|
229
|
+
docinfo_target => "[@metadata][doc]"
|
217
230
|
add_field => {
|
218
|
-
identifier => "%{[@metadata][_index]}:%{[@metadata][_type]}:%{[@metadata][_id]}"
|
231
|
+
identifier => "%{[@metadata][doc][_index]}:%{[@metadata][doc][_type]}:%{[@metadata][doc][_id]}"
|
219
232
|
}
|
220
233
|
}
|
221
234
|
}
|
@@ -236,11 +249,25 @@ more information.
|
|
236
249
|
===== `docinfo_target`
|
237
250
|
|
238
251
|
* Value type is <<string,string>>
|
239
|
-
* Default value is
|
252
|
+
* Default value depends on whether <<plugins-{type}s-{plugin}-ecs_compatibility>> is enabled:
|
253
|
+
** ECS Compatibility disabled: `"@metadata"`
|
254
|
+
** ECS Compatibility enabled: `"[@metadata][input][elasticsearch]"`
|
255
|
+
|
256
|
+
If document metadata storage is requested by enabling the `docinfo` option,
|
257
|
+
this option names the field under which to store the metadata fields as subfields.
|
258
|
+
|
259
|
+
[id="plugins-{type}s-{plugin}-ecs_compatibility"]
|
260
|
+
===== `ecs_compatibility`
|
261
|
+
|
262
|
+
* Value type is <<string,string>>
|
263
|
+
* Supported values are:
|
264
|
+
** `disabled`: CSV data added at root level
|
265
|
+
** `v1`,`v8`: Elastic Common Schema compliant behavior
|
266
|
+
* Default value depends on which version of Logstash is running:
|
267
|
+
** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
|
268
|
+
** Otherwise, the default value is `disabled`
|
240
269
|
|
241
|
-
|
242
|
-
option, this option names the field under which to store the metadata
|
243
|
-
fields as subfields.
|
270
|
+
Controls this plugin's compatibility with the {ecs-ref}[Elastic Common Schema (ECS)].
|
244
271
|
|
245
272
|
[id="plugins-{type}s-{plugin}-hosts"]
|
246
273
|
===== `hosts`
|
@@ -402,4 +429,4 @@ empty string authentication will be disabled.
|
|
402
429
|
[id="plugins-{type}s-{plugin}-common-options"]
|
403
430
|
include::{include_path}/{type}.asciidoc[]
|
404
431
|
|
405
|
-
:
|
432
|
+
:no_codec!:
|
@@ -1,10 +1,13 @@
|
|
1
|
-
|
1
|
+
require 'elasticsearch'
|
2
|
+
require 'elasticsearch/transport/transport/connections/selector'
|
3
|
+
|
4
|
+
if Gem.loaded_specs['elasticsearch-transport'].version < Gem::Version.new("7.2.0")
|
2
5
|
# elasticsearch-transport versions prior to 7.2.0 suffered of a race condition on accessing
|
3
|
-
# the connection pool. This issue was fixed
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
6
|
+
# the connection pool. This issue was fixed (in 7.2.0) with
|
7
|
+
# https://github.com/elastic/elasticsearch-ruby/commit/15f9d78591a6e8823948494d94b15b0ca38819d1
|
8
|
+
#
|
9
|
+
# This plugin, at the moment, is using elasticsearch >= 5.0.5
|
10
|
+
# When this requirement ceases, this patch could be removed.
|
8
11
|
module Elasticsearch
|
9
12
|
module Transport
|
10
13
|
module Transport
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# encoding: utf-8
|
2
|
+
require "elasticsearch"
|
3
|
+
require "elasticsearch/transport/transport/http/manticore"
|
4
|
+
|
5
|
+
es_client_version = Gem.loaded_specs['elasticsearch-transport'].version
|
6
|
+
if es_client_version >= Gem::Version.new('7.2') && es_client_version < Gem::Version.new('7.16')
|
7
|
+
# elasticsearch-transport 7.2.0 - 7.14.0 had a bug where setting http headers
|
8
|
+
# ES::Client.new ..., transport_options: { headers: { 'Authorization' => ... } }
|
9
|
+
# would be lost https://github.com/elastic/elasticsearch-ruby/issues/1428
|
10
|
+
#
|
11
|
+
# NOTE: needs to be idempotent as filter ES plugin might apply the same patch!
|
12
|
+
#
|
13
|
+
# @private
|
14
|
+
module Elasticsearch
|
15
|
+
module Transport
|
16
|
+
module Transport
|
17
|
+
module HTTP
|
18
|
+
class Manticore
|
19
|
+
|
20
|
+
def apply_headers(request_options, options)
|
21
|
+
headers = (options && options[:headers]) || {}
|
22
|
+
headers[CONTENT_TYPE_STR] = find_value(headers, CONTENT_TYPE_REGEX) || DEFAULT_CONTENT_TYPE
|
23
|
+
|
24
|
+
# this code is necessary to grab the correct user-agent header
|
25
|
+
# when this method is invoked with apply_headers(@request_options, options)
|
26
|
+
# from https://github.com/elastic/elasticsearch-ruby/blob/v7.14.0/elasticsearch-transport/lib/elasticsearch/transport/transport/http/manticore.rb#L113-L114
|
27
|
+
transport_user_agent = nil
|
28
|
+
if (options && options[:transport_options] && options[:transport_options][:headers])
|
29
|
+
transport_headers = options[:transport_options][:headers]
|
30
|
+
transport_user_agent = find_value(transport_headers, USER_AGENT_REGEX)
|
31
|
+
end
|
32
|
+
|
33
|
+
headers[USER_AGENT_STR] = transport_user_agent || find_value(headers, USER_AGENT_REGEX) || user_agent_header
|
34
|
+
headers[ACCEPT_ENCODING] = GZIP if use_compression?
|
35
|
+
(request_options[:headers] ||= {}).merge!(headers) # this line was changed
|
36
|
+
end
|
37
|
+
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -4,9 +4,15 @@ require "logstash/namespace"
|
|
4
4
|
require "logstash/json"
|
5
5
|
require "logstash/util/safe_uri"
|
6
6
|
require 'logstash/plugin_mixins/validator_support/field_reference_validation_adapter'
|
7
|
+
require 'logstash/plugin_mixins/event_support/event_factory_adapter'
|
8
|
+
require 'logstash/plugin_mixins/ecs_compatibility_support'
|
9
|
+
require 'logstash/plugin_mixins/ecs_compatibility_support/target_check'
|
7
10
|
require "base64"
|
8
|
-
require_relative "patch"
|
9
11
|
|
12
|
+
require "elasticsearch"
|
13
|
+
require "elasticsearch/transport/transport/http/manticore"
|
14
|
+
require_relative "elasticsearch/patches/_elasticsearch_transport_http_manticore"
|
15
|
+
require_relative "elasticsearch/patches/_elasticsearch_transport_connections_selector"
|
10
16
|
|
11
17
|
# .Compatibility Note
|
12
18
|
# [NOTE]
|
@@ -63,12 +69,16 @@ require_relative "patch"
|
|
63
69
|
#
|
64
70
|
#
|
65
71
|
class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
72
|
+
|
73
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
|
74
|
+
include LogStash::PluginMixins::ECSCompatibilitySupport::TargetCheck
|
75
|
+
|
76
|
+
include LogStash::PluginMixins::EventSupport::EventFactoryAdapter
|
77
|
+
|
66
78
|
extend LogStash::PluginMixins::ValidatorSupport::FieldReferenceValidationAdapter
|
67
79
|
|
68
80
|
config_name "elasticsearch"
|
69
81
|
|
70
|
-
default :codec, "json"
|
71
|
-
|
72
82
|
# List of elasticsearch hosts to use for querying.
|
73
83
|
# Each host can be either IP, HOST, IP:port or HOST:port.
|
74
84
|
# Port defaults to 9200
|
@@ -125,8 +135,9 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
125
135
|
#
|
126
136
|
config :docinfo, :validate => :boolean, :default => false
|
127
137
|
|
128
|
-
# Where to move the Elasticsearch document information.
|
129
|
-
|
138
|
+
# Where to move the Elasticsearch document information.
|
139
|
+
# default: [@metadata][input][elasticsearch] in ECS mode, @metadata field otherwise
|
140
|
+
config :docinfo_target, :validate=> :field_reference
|
130
141
|
|
131
142
|
# List of document metadata to move to the `docinfo_target` field.
|
132
143
|
# To learn more about Elasticsearch metadata fields read
|
@@ -181,10 +192,16 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
181
192
|
# If set, the _source of each hit will be added nested under the target instead of at the top-level
|
182
193
|
config :target, :validate => :field_reference
|
183
194
|
|
195
|
+
def initialize(params={})
|
196
|
+
super(params)
|
197
|
+
|
198
|
+
if docinfo_target.nil?
|
199
|
+
@docinfo_target = ecs_select[disabled: '@metadata', v1: '[@metadata][input][elasticsearch]']
|
200
|
+
end
|
201
|
+
end
|
202
|
+
|
184
203
|
def register
|
185
|
-
require "elasticsearch"
|
186
204
|
require "rufus/scheduler"
|
187
|
-
require "elasticsearch/transport/transport/http/manticore"
|
188
205
|
|
189
206
|
@options = {
|
190
207
|
:index => @index,
|
@@ -205,6 +222,7 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
205
222
|
transport_options = {:headers => {}}
|
206
223
|
transport_options[:headers].merge!(setup_basic_auth(user, password))
|
207
224
|
transport_options[:headers].merge!(setup_api_key(api_key))
|
225
|
+
transport_options[:headers].merge!({'user-agent' => prepare_user_agent()})
|
208
226
|
transport_options[:request_timeout] = @request_timeout_seconds unless @request_timeout_seconds.nil?
|
209
227
|
transport_options[:connect_timeout] = @connect_timeout_seconds unless @connect_timeout_seconds.nil?
|
210
228
|
transport_options[:socket_timeout] = @socket_timeout_seconds unless @socket_timeout_seconds.nil?
|
@@ -225,7 +243,6 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
225
243
|
end
|
226
244
|
|
227
245
|
|
228
|
-
|
229
246
|
def run(output_queue)
|
230
247
|
if @schedule
|
231
248
|
@scheduler = Rufus::Scheduler.new(:max_work_threads => 1)
|
@@ -267,7 +284,6 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
267
284
|
|
268
285
|
logger.info("Slice starting", slice_id: slice_id, slices: @slices) unless slice_id.nil?
|
269
286
|
|
270
|
-
scroll_id = nil
|
271
287
|
begin
|
272
288
|
r = search_request(slice_options)
|
273
289
|
|
@@ -298,47 +314,41 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
298
314
|
[r['hits']['hits'].any?, r['_scroll_id']]
|
299
315
|
rescue => e
|
300
316
|
# this will typically be triggered by a scroll timeout
|
301
|
-
logger.error("Scroll request error, aborting scroll",
|
317
|
+
logger.error("Scroll request error, aborting scroll", message: e.message, exception: e.class)
|
302
318
|
# return no hits and original scroll_id so we can try to clear it
|
303
319
|
[false, scroll_id]
|
304
320
|
end
|
305
321
|
|
306
322
|
def push_hit(hit, output_queue)
|
307
|
-
|
308
|
-
|
309
|
-
|
310
|
-
|
311
|
-
|
312
|
-
end
|
313
|
-
|
314
|
-
if @docinfo
|
315
|
-
# do not assume event[@docinfo_target] to be in-place updatable. first get it, update it, then at the end set it in the event.
|
316
|
-
docinfo_target = event.get(@docinfo_target) || {}
|
317
|
-
|
318
|
-
unless docinfo_target.is_a?(Hash)
|
319
|
-
@logger.error("Elasticsearch Input: Incompatible Event, incompatible type for the docinfo_target=#{@docinfo_target} field in the `_source` document, expected a hash got:", :docinfo_target_type => docinfo_target.class, :event => event)
|
323
|
+
event = targeted_event_factory.new_event hit['_source']
|
324
|
+
set_docinfo_fields(hit, event) if @docinfo
|
325
|
+
decorate(event)
|
326
|
+
output_queue << event
|
327
|
+
end
|
320
328
|
|
321
|
-
|
322
|
-
|
323
|
-
|
329
|
+
def set_docinfo_fields(hit, event)
|
330
|
+
# do not assume event[@docinfo_target] to be in-place updatable. first get it, update it, then at the end set it in the event.
|
331
|
+
docinfo_target = event.get(@docinfo_target) || {}
|
324
332
|
|
325
|
-
|
326
|
-
|
327
|
-
end
|
333
|
+
unless docinfo_target.is_a?(Hash)
|
334
|
+
@logger.error("Incompatible Event, incompatible type for the docinfo_target=#{@docinfo_target} field in the `_source` document, expected a hash got:", :docinfo_target_type => docinfo_target.class, :event => event.to_hash_with_metadata)
|
328
335
|
|
329
|
-
|
336
|
+
# TODO: (colin) I am not sure raising is a good strategy here?
|
337
|
+
raise Exception.new("Elasticsearch input: incompatible event")
|
330
338
|
end
|
331
339
|
|
332
|
-
|
340
|
+
@docinfo_fields.each do |field|
|
341
|
+
docinfo_target[field] = hit[field]
|
342
|
+
end
|
333
343
|
|
334
|
-
|
344
|
+
event.set(@docinfo_target, docinfo_target)
|
335
345
|
end
|
336
346
|
|
337
347
|
def clear_scroll(scroll_id)
|
338
348
|
@client.clear_scroll(scroll_id: scroll_id) if scroll_id
|
339
349
|
rescue => e
|
340
350
|
# ignore & log any clear_scroll errors
|
341
|
-
logger.warn("Ignoring clear_scroll exception", message: e.message)
|
351
|
+
logger.warn("Ignoring clear_scroll exception", message: e.message, exception: e.class)
|
342
352
|
end
|
343
353
|
|
344
354
|
def scroll_request scroll_id
|
@@ -388,14 +398,26 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
388
398
|
return {} unless user && password && password.value
|
389
399
|
|
390
400
|
token = ::Base64.strict_encode64("#{user}:#{password.value}")
|
391
|
-
{ Authorization
|
401
|
+
{ 'Authorization' => "Basic #{token}" }
|
392
402
|
end
|
393
403
|
|
394
404
|
def setup_api_key(api_key)
|
395
405
|
return {} unless (api_key && api_key.value)
|
396
406
|
|
397
407
|
token = ::Base64.strict_encode64(api_key.value)
|
398
|
-
{ Authorization
|
408
|
+
{ 'Authorization' => "ApiKey #{token}" }
|
409
|
+
end
|
410
|
+
|
411
|
+
def prepare_user_agent
|
412
|
+
os_name = java.lang.System.getProperty('os.name')
|
413
|
+
os_version = java.lang.System.getProperty('os.version')
|
414
|
+
os_arch = java.lang.System.getProperty('os.arch')
|
415
|
+
jvm_vendor = java.lang.System.getProperty('java.vendor')
|
416
|
+
jvm_version = java.lang.System.getProperty('java.version')
|
417
|
+
|
418
|
+
plugin_version = Gem.loaded_specs["logstash-input-elasticsearch"].version
|
419
|
+
# example: logstash/7.14.1 (OS=Linux-5.4.0-84-generic-amd64; JVM=AdoptOpenJDK-11.0.11) logstash-input-elasticsearch/4.10.0
|
420
|
+
"logstash/#{LOGSTASH_VERSION} (OS=#{os_name}-#{os_version}-#{os_arch}; JVM=#{jvm_vendor}-#{jvm_version}) logstash-#{@plugin_type}-#{config_name}/#{plugin_version}"
|
399
421
|
end
|
400
422
|
|
401
423
|
def fill_user_password_from_cloud_auth
|
@@ -448,6 +470,9 @@ class LogStash::Inputs::Elasticsearch < LogStash::Inputs::Base
|
|
448
470
|
[ cloud_auth.username, cloud_auth.password ]
|
449
471
|
end
|
450
472
|
|
473
|
+
# @private used by unit specs
|
474
|
+
attr_reader :client
|
475
|
+
|
451
476
|
module URIOrEmptyValidator
|
452
477
|
##
|
453
478
|
# @override to provide :uri_or_empty validator
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
|
3
3
|
s.name = 'logstash-input-elasticsearch'
|
4
|
-
s.version = '4.
|
4
|
+
s.version = '4.11.0'
|
5
5
|
s.licenses = ['Apache License (2.0)']
|
6
6
|
s.summary = "Reads query results from an Elasticsearch cluster"
|
7
7
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
@@ -20,20 +20,22 @@ Gem::Specification.new do |s|
|
|
20
20
|
s.metadata = { "logstash_plugin" => "true", "logstash_group" => "input" }
|
21
21
|
|
22
22
|
# Gem dependencies
|
23
|
-
s.add_runtime_dependency "logstash-mixin-validator_support", '~> 1.0'
|
24
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
24
|
+
s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.3'
|
25
|
+
s.add_runtime_dependency 'logstash-mixin-event_support', '~> 1.0'
|
26
|
+
s.add_runtime_dependency "logstash-mixin-validator_support", '~> 1.0'
|
25
27
|
|
26
|
-
s.add_runtime_dependency 'elasticsearch', '>= 5.0.
|
28
|
+
s.add_runtime_dependency 'elasticsearch', '>= 5.0.5' # LS >= 6.7 and < 7.14 all used version 5.0.5
|
27
29
|
|
28
|
-
s.add_runtime_dependency 'logstash-codec-json'
|
29
|
-
s.add_runtime_dependency 'logstash-codec-plain'
|
30
|
-
s.add_runtime_dependency 'sequel'
|
31
30
|
s.add_runtime_dependency 'tzinfo'
|
32
31
|
s.add_runtime_dependency 'tzinfo-data'
|
33
32
|
s.add_runtime_dependency 'rufus-scheduler'
|
34
|
-
s.add_runtime_dependency 'manticore', "
|
35
|
-
s.add_runtime_dependency 'faraday', "~> 0.15.4"
|
33
|
+
s.add_runtime_dependency 'manticore', ">= 0.7.1"
|
36
34
|
|
35
|
+
s.add_development_dependency 'logstash-codec-plain'
|
36
|
+
s.add_development_dependency 'faraday', "~> 0.15.4"
|
37
37
|
s.add_development_dependency 'logstash-devutils'
|
38
38
|
s.add_development_dependency 'timecop'
|
39
|
+
s.add_development_dependency 'cabin', ['~> 0.6']
|
40
|
+
s.add_development_dependency 'webrick'
|
39
41
|
end
|
data/spec/es_helper.rb
CHANGED
@@ -1,30 +1,31 @@
|
|
1
1
|
module ESHelper
|
2
2
|
def self.get_host_port
|
3
|
-
|
4
|
-
|
3
|
+
if ENV["INTEGRATION"] == "true" || ENV["SECURE_INTEGRATION"] == "true"
|
4
|
+
"elasticsearch:9200"
|
5
|
+
else
|
6
|
+
"localhost:9200" # for local running integration specs outside docker
|
7
|
+
end
|
5
8
|
end
|
6
9
|
|
7
|
-
def self.get_client(options
|
8
|
-
|
9
|
-
|
10
|
+
def self.get_client(options)
|
11
|
+
require 'elasticsearch/transport/transport/http/faraday' # supports user/password options
|
12
|
+
host, port = get_host_port.split(':')
|
13
|
+
host_opts = { host: host, port: port, scheme: 'http' }
|
14
|
+
ssl_opts = {}
|
10
15
|
|
11
16
|
if options[:ca_file]
|
12
|
-
|
13
|
-
|
14
|
-
host, port = h.split(":")
|
15
|
-
{ :host => host, :scheme => 'https', :port => port }
|
16
|
-
end
|
17
|
+
ssl_opts = { ca_file: options[:ca_file], version: 'TLSv1.2', verify: false }
|
18
|
+
host_opts[:scheme] = 'https'
|
17
19
|
end
|
18
20
|
|
19
|
-
transport_options = {}
|
20
|
-
|
21
21
|
if options[:user] && options[:password]
|
22
|
-
|
23
|
-
|
22
|
+
host_opts[:user] = options[:user]
|
23
|
+
host_opts[:password] = options[:password]
|
24
24
|
end
|
25
25
|
|
26
|
-
|
27
|
-
|
26
|
+
Elasticsearch::Client.new(hosts: [host_opts],
|
27
|
+
transport_options: { ssl: ssl_opts },
|
28
|
+
transport_class: Elasticsearch::Transport::Transport::HTTP::Faraday)
|
28
29
|
end
|
29
30
|
|
30
31
|
def self.doc_type
|
@@ -0,0 +1,20 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDSTCCAjGgAwIBAgIUUcAg9c8B8jiliCkOEJyqoAHrmccwDQYJKoZIhvcNAQEL
|
3
|
+
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
4
|
+
cmF0ZWQgQ0EwHhcNMjEwODEyMDUxNDU1WhcNMjQwODExMDUxNDU1WjA0MTIwMAYD
|
5
|
+
VQQDEylFbGFzdGljIENlcnRpZmljYXRlIFRvb2wgQXV0b2dlbmVyYXRlZCBDQTCC
|
6
|
+
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK1HuusRuGNsztd4EQvqwcMr
|
7
|
+
8XvnNNaalerpMOorCGySEFrNf0HxDIVMGMCrOv1F8SvlcGq3XANs2MJ4F2xhhLZr
|
8
|
+
PpqVHx+QnSZ66lu5R89QVSuMh/dCMxhNBlOA/dDlvy+EJBl9H791UGy/ChhSgaBd
|
9
|
+
OKVyGkhjErRTeMIq7rR7UG6GL/fV+JGy41UiLrm1KQP7/XVD9UzZfGq/hylFkTPe
|
10
|
+
oox5BUxdxUdDZ2creOID+agtIYuJVIkelKPQ+ljBY3kWBRexqJQsvyNUs1gZpjpz
|
11
|
+
YUCzuVcXDRuJXYQXGqWXhsBPfJv+ZcSyMIBUfWT/G13cWU1iwufPy0NjajowPZsC
|
12
|
+
AwEAAaNTMFEwHQYDVR0OBBYEFMgkye5+2l+TE0I6RsXRHjGBwpBGMB8GA1UdIwQY
|
13
|
+
MBaAFMgkye5+2l+TE0I6RsXRHjGBwpBGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
|
14
|
+
hvcNAQELBQADggEBAIgtJW8sy5lBpzPRHkmWSS/SCZIPsABW+cHqQ3e0udrI3CLB
|
15
|
+
G9n7yqAPWOBTbdqC2GM8dvAS/Twx4Bub/lWr84dFCu+t0mQq4l5kpJMVRS0KKXPL
|
16
|
+
DwJbUN3oPNYy4uPn5Xi+XY3BYFce5vwJUsqIxeAbIOxVTNx++k5DFnB0ESAM23QL
|
17
|
+
sgUZl7xl3/DkdO4oHj30gmTRW9bjCJ6umnHIiO3JoJatrprurUIt80vHC4Ndft36
|
18
|
+
NBQ9mZpequ4RYjpSZNLcVsxyFAYwEY4g8MvH0MoMo2RRLfehmMCzXnI/Wh2qEyYz
|
19
|
+
emHprBii/5y1HieKXlX9CZRb5qEPHckDVXW3znw=
|
20
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,27 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIEowIBAAKCAQEArUe66xG4Y2zO13gRC+rBwyvxe+c01pqV6ukw6isIbJIQWs1/
|
3
|
+
QfEMhUwYwKs6/UXxK+VwardcA2zYwngXbGGEtms+mpUfH5CdJnrqW7lHz1BVK4yH
|
4
|
+
90IzGE0GU4D90OW/L4QkGX0fv3VQbL8KGFKBoF04pXIaSGMStFN4wirutHtQboYv
|
5
|
+
99X4kbLjVSIuubUpA/v9dUP1TNl8ar+HKUWRM96ijHkFTF3FR0NnZyt44gP5qC0h
|
6
|
+
i4lUiR6Uo9D6WMFjeRYFF7GolCy/I1SzWBmmOnNhQLO5VxcNG4ldhBcapZeGwE98
|
7
|
+
m/5lxLIwgFR9ZP8bXdxZTWLC58/LQ2NqOjA9mwIDAQABAoIBABmBC0P6Ebegljkk
|
8
|
+
lO26GdbOKvbfqulDS3mN5QMyXkUMopea03YzMnKUJriE+2O33a1mUcuDPWnLpYPK
|
9
|
+
BTiQieYHlulNtY0Bzf+R69igRq9+1WpZftGnzrlu7NVxkOokRqWJv3546ilV7QZ0
|
10
|
+
f9ngmu+tiN7hEnlBC8m613VMuGGb3czwbCizEVZxlZX0Dk2GExbH7Yf3NNs/aOP/
|
11
|
+
8x6CqgL+rhrtOQ80xwRrOlEF8oSSjXCzypa3nFv21YO3J2lVo4BoIwnHgOzyz46A
|
12
|
+
b37gekqXXajIYQ0HAB+NDgVoCRFFJ7Xe16mgB3DpyUpUJzwiMedJkeQ0TprIownQ
|
13
|
+
+1mPe9ECgYEA/K4jc0trr3sk8KtcZjOYdpvwrhEqSSGEPeGfFujZaKOb8PZ8PX6j
|
14
|
+
MbCTV12nEgm8FEhZQ3azxLnO17gbJ2A+Ksm/IIwnTWlqvvMZD5qTQ7L3qZuCtbWQ
|
15
|
+
+EGC/H1SDjhiwvjHcXP61/tYL/peApBSoj0L4kC+U/VaNyvicudKk08CgYEAr46J
|
16
|
+
4VJBJfZ4ZaUBRy53+fy+mknOfaj2wo8MnD3u+/x4YWTapqvDOPN2nJVtKlIsxbS4
|
17
|
+
qCO+fzUV17YHlsQmGULNbtFuXWJkP/RcLVbe8VYg/6tmk0dJwNAe90flagX2KJov
|
18
|
+
8eDX129nNpuUqrNNWsfeLmPmH6vUzpKlga+1zfUCgYBrbUHHJ96dmbZn2AMNtIvy
|
19
|
+
iXP3HXcj5msJwB3aKJ8eHMkU1kaWAnwxiQfrkfaQ9bCP0v6YbyQY1IJ7NlvdDs7/
|
20
|
+
dAydMtkW0WW/zyztdGN92d3vrx0QUiRTV87vt/wl7ZUXnZt1wcB5CPRCWaiUYHWx
|
21
|
+
YlDmHW6N1XdIk5DQF0OegwKBgEt7S8k3Zo9+A5IgegYy8p7njsQjy8a3qTFJ9DAR
|
22
|
+
aPmrOc8WX/SdkVihRXRZwxAZOOrgoyyYAcYL+xI+T9EBESh3UoC9R2ibb2MYG7Ha
|
23
|
+
0gyN7a4/8eCNHCbs1QOZRAhr+8TFVqv28pbMbWJLToZ+hVns6Zikl0MyzFLtNoAm
|
24
|
+
HlMpAoGBAIOkqnwwuRKhWprL59sdcJfWY26os9nvuDV4LoKFNEFLJhj2AA2/3UlV
|
25
|
+
v85gqNSxnMNlHLZC9l2HZ3mKv/mfx1aikmFvyhJAnk5u0f9KkexmCPLjQzS5q3ba
|
26
|
+
yFuxK2DXwN4x46RgQPFlLjOTCX0BG6rkEu4JdonF8ETSjoCtGEU8
|
27
|
+
-----END RSA PRIVATE KEY-----
|
@@ -0,0 +1,20 @@
|
|
1
|
+
-----BEGIN CERTIFICATE-----
|
2
|
+
MIIDNjCCAh6gAwIBAgIUF9wE+oqGSbm4UVn1y9gEjzyaJFswDQYJKoZIhvcNAQEL
|
3
|
+
BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
|
4
|
+
cmF0ZWQgQ0EwHhcNMjEwODEyMDUxNTI3WhcNMjQwODExMDUxNTI3WjANMQswCQYD
|
5
|
+
VQQDEwJlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK2S2by0lgyu
|
6
|
+
1JfgGgZ41PNXbH2qMPMzowguVVdtZ16WM0CaEG7lnLxmMcC+2Q7NnGuFnPAVQo9T
|
7
|
+
Q3bh7j+1PkCJVHUKZfJIeWtGc9+qXBcO1MhedfwM1osSa4bfwM85G+XKWbRNtmSt
|
8
|
+
CoUuKArIyZkzdBAAQLBoQyPf3DIza1Au4j9Hb3zrswD6e7n2PN4ffIyil1GFduLJ
|
9
|
+
2275qqFiOhkEDUhv7BKNftVBh/89O/5lSqAQGuQ1aDRr8TdHwhO71u4ZIU/Pn6yX
|
10
|
+
LGBWrQG53+qpdCsxGvJTfbtIEYUDTN83CirIxDKJgc1QXOEldylztHf4xnQ7ZarJ
|
11
|
+
tqF6pUzHbRsCAwEAAaNnMGUwHQYDVR0OBBYEFFQUK+6Cg2kExRj1xSDzEi4kkgKX
|
12
|
+
MB8GA1UdIwQYMBaAFMgkye5+2l+TE0I6RsXRHjGBwpBGMBgGA1UdEQQRMA+CDWVs
|
13
|
+
YXN0aWNzZWFyY2gwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAinaknZIc
|
14
|
+
7xtQNwUwa+kdET+I4lMz+TJw9vTjGKPJqe082n81ycKU5b+a/OndG90z+dTwhShW
|
15
|
+
f0oZdIe/1rDCdiRU4ceCZA4ybKrFDIbW8gOKZOx9rsgEx9XNELj4ocZTBqxjQmNE
|
16
|
+
Ho91fli5aEm0EL2vJgejh4hcfDeElQ6go9gtvAHQ57XEADQSenvt69jOICOupnS+
|
17
|
+
LSjDVhv/VLi3CAip0B+lD5fX/DVQdrJ62eRGuQYxoouE3saCO58qUUrKB39yD9KA
|
18
|
+
qRA/sVxyLogxaU+5dLfc0NJdOqSzStxQ2vdMvAWo9tZZ2UBGFrk5SdwCQe7Yv5mX
|
19
|
+
qi02i4q6meHGcw==
|
20
|
+
-----END CERTIFICATE-----
|
@@ -0,0 +1,27 @@
|
|
1
|
+
-----BEGIN RSA PRIVATE KEY-----
|
2
|
+
MIIEowIBAAKCAQEArZLZvLSWDK7Ul+AaBnjU81dsfaow8zOjCC5VV21nXpYzQJoQ
|
3
|
+
buWcvGYxwL7ZDs2ca4Wc8BVCj1NDduHuP7U+QIlUdQpl8kh5a0Zz36pcFw7UyF51
|
4
|
+
/AzWixJrht/Azzkb5cpZtE22ZK0KhS4oCsjJmTN0EABAsGhDI9/cMjNrUC7iP0dv
|
5
|
+
fOuzAPp7ufY83h98jKKXUYV24snbbvmqoWI6GQQNSG/sEo1+1UGH/z07/mVKoBAa
|
6
|
+
5DVoNGvxN0fCE7vW7hkhT8+frJcsYFatAbnf6ql0KzEa8lN9u0gRhQNM3zcKKsjE
|
7
|
+
MomBzVBc4SV3KXO0d/jGdDtlqsm2oXqlTMdtGwIDAQABAoIBAQCm/VBDz41ImG7p
|
8
|
+
yu3e6iMeFi7HW5SKdlRUS5dJbHT1uBWJAm/q8TbwvnUBVdsn9cKWY06QYDPQBjAy
|
9
|
+
0LxRSIKivjyl+aIJDZbbEUXrmk/M0zT9rHtgSc2isM8ITH6IHw5q7lmNMPLYOu6T
|
10
|
+
IMvfTDtADBOOTV/vF+/4NKf5GCUXVt1XTzLBFMK0p/ZoI7Fsw7fhH6FR12vk0xA4
|
11
|
+
BEC4pwRbGfHo7P31ii0by8epkve93tF4IZuFmN92A84bN1z7Kc4TYaSbua2rgguz
|
12
|
+
FzMyWpsTxr363HzCK1xOJb6JyJOiXbq4+j2oqtne3GIvyozJeiyKRgjLIMoe/LV7
|
13
|
+
fPPc5wlhAoGBAOD3z0JH2eyR/1RHILFsWInH2nDbKHHuCjhFIL2XloeXsJkiJZ95
|
14
|
+
BpdjExMZCqD44tPNRW/GgWKwoVwltm6zB0aq0aW/OfOzw6fhKt1W+go47L7Tpwap
|
15
|
+
VQgy6BFXSueUKfQDlZEWV4E2gakf8vOl0/VRQExae/CeKf1suEedQaErAoGBAMWE
|
16
|
+
LOmNDEU2NFqghfNBAFYyFJst3YnBmSmlL7W22+OsfSK/PhxnJbuNHxMgxpg9rieW
|
17
|
+
tVyjuZRo/i7WLVm3uG+dK1RJ9t8Y6kpYkCRKpi9G8DBOj3PSulOybBr+fdRfW9mf
|
18
|
+
8UmqOjOkrhxXPkchc9TY4EM7/1XeKvEidlIp0gvRAoGAAurz4zYvW2QhXaR2hhaT
|
19
|
+
p2XSLXiKM8AUndo3rH3U0/lhrvrEZicZsMj2LF88xg20U27sIaD/eJo13Y4XqaPk
|
20
|
+
ykPY6D9srv574SeIeMpx/8PxPiBcoDd+BNc0L1VkgVBoouORAwq5I9HjKKBjdEmI
|
21
|
+
UDw3i0X5KYvDm6fXVAZ0HXUCgYBWc4To8KiXPqNpq2sVzrSkBaWJSmj2G7u7Q6b/
|
22
|
+
RTs3is72v3gjHG6iiaE5URY7mnu4rjlRhAP9Vnsy6uHMrCJZEBTf/sPEYHZj9iGZ
|
23
|
+
EOduOAF3U1tsmaaebbDtm8hdhSOBvITy9kQlSIZAt1r17Ulytz5pj0AySFzJUIkz
|
24
|
+
a0SZkQKBgCWixtUxiK8PAdWhyS++90WJeJn8eqjuSAz+VMtFQFRRWDUbkiHvGMRu
|
25
|
+
o/Hhk6zS46gSF2Evb1d26uUEenXnJlIp6YWzb0DLPrfy5P53kPA6YEvYq5MSAg3l
|
26
|
+
DZOJUF+ko7cWXSZkeTIBH/jrGOdP4tTALZt6DNt+Gz7xwPO5tGgV
|
27
|
+
-----END RSA PRIVATE KEY-----
|