logstash-input-tcp 6.1.1-java → 6.2.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9b37d806eedc118d3a553f449a68e90d9366e258b0484c5e1aad54e0e6939883
-  data.tar.gz: cae6d73f16e144241b588a3eb9b2c7703ac42ccb0d26a266736ad3d5d5d3f4bb
+  metadata.gz: 29b44274cfe25c623273407b63c29125143a6ec704c274732b73e9a3fc39f085
+  data.tar.gz: 4bced499147e26e9f8257d2c7a489a7dae93ec2a1c06faf2b45b3d9af801d222
 SHA512:
-  metadata.gz: bf8d08b9b60d6268b2e0625b175048c0def7aed442661c89415797cbbcf6409e54d25bad0b4d7cd1d6dc8816fa3b4d9b79ebb78e60a8344fca7f62451637b283
-  data.tar.gz: fe74219396c110829a71fbdfcbb36d07d1c8e4d06a58af00093e43741b62aad3d34638bbb3d19e9888e8d5edb642edd59110865b4a39c2a1ef624797c4f66225
+  metadata.gz: d45ef4273d94e4dc3dbcc94749d0e8d907ea96acb20ee4aeff94251a5390bb26b51105fc2f6104e09b885dc195f9fbe94261047035f905884d8306649e8aec49
+  data.tar.gz: f00ff1165183ce006a12541b7836bb3a09496eb4370bca185104ea81c8fc8e2360aae8ed09eeb170ab93ee9e64e7233af9360e4cbb73fc5d9b49adf27d26534b

data/CHANGELOG.md

@@ -1,3 +1,8 @@
+## 6.2.0
+ - Added ECS Compatibility Mode [#165](https://github.com/logstash-plugins/logstash-input-tcp/pull/165)
+   - When operating in an ECS Compatibility mode, metadata about the connection on which we are receiving data is nested in well-named fields under `[@metadata][input][tcp]` instead of at the root level.
+ - Fix: source address is no longer missing when a proxy is present
+
 ## 6.1.1
  - Changed jar dependencies to reflect newer versions [#179](https://github.com/logstash-plugins/logstash-input-http/pull/179)
 

data/docs/index.asciidoc

@@ -70,6 +70,52 @@ event timestamp
       }
     }
 
+[id="plugins-{type}s-{plugin}-ecs_metadata"]
+==== Event Metadata and the Elastic Common Schema (ECS)
+
+In addition to decoding the events, this input will add metadata about the TCP connection itself to each event.
+This can be helpful when applications are configured to send events directly to this input's TCP listener without including information about themselves.
+
+Historically, this metadata was added to a variety of non-standard top-level fields, which had the potential to create confusion and schema conflicts downstream.
+With ECS compatibility mode, we can ensure a pipeline still has access to this metadata throughout the event's lifecycle without polluting the top-level namespace.
+
+[cols="3,7,5"]
+|=======================================================================
+| Metadata Group                                     | ecs: `v1`, `v8`                       | ecs: `disabled`
+
+.3+|Source Metadata from the TCP connection
+on which events are being received, including
+the sender's name, ip, and outbound port.       l|[@metadata][input][tcp][source][name] l|[host]
+l|[@metadata][input][tcp][source][ip]   l|[@metadata][ip_address]
+l|[@metadata][input][tcp][source][port] l|[port]
+
+.2+|Proxy Metadata from a proxied TCP connection.
+Available when receiving events by proxy and
+`proxy_protocol => true`                        l|[@metadata][input][tcp][proxy][ip]    l|[proxy_host]
+l|[@metadata][input][tcp][proxy][port]  l|[proxy_port]
+
+.1+|SSL Subject Metadata from a secured TCP
+connection. Available when `ssl_enable => true`
+AND `ssl_verify => true`                        l|[@metadata][input][tcp][ssl][subject] l|[sslsubject]
+|=======================================================================
+
+For example, the Elastic Common Schema reserves the https://www.elastic.co/guide/en/ecs/current/ecs-host.html[top-level `host` field] for information about the host on which the event happened.
+If an event is missing this metadata, it can be copied into place from the source TCP connection metadata that has been added to the event:
+
+[source,txt]
+-----
+filter {
+  if [@metadata][input][tcp][source] and not [host] {
+    mutate {
+      copy {
+        "[@metadata][input][tcp][source][name]" => "[host][name]"
+        "[@metadata][input][tcp][source][ip]"   => "[host][ip]"
+      }
+    }
+  }
+}
+-----
+
 [id="plugins-{type}s-{plugin}-options"]
 ==== Tcp Input Configuration Options
 
@@ -79,6 +125,7 @@ This plugin supports the following configuration options plus the <<plugins-{typ
 |=======================================================================
 |Setting |Input type|Required
 | <<plugins-{type}s-{plugin}-dns_reverse_lookup_enabled>> |<<boolean,boolean>>|No
+| <<plugins-{type}s-{plugin}-ecs_compatibility>> | <<string,string>>|No
 | <<plugins-{type}s-{plugin}-host>> |<<string,string>>|No
 | <<plugins-{type}s-{plugin}-mode>> |<<string,string>>, one of `["server", "client"]`|No
 | <<plugins-{type}s-{plugin}-port>> |<<number,number>>|Yes
@@ -108,6 +155,20 @@ It is possible to avoid DNS reverse-lookups by disabling this setting. If disabl
 the address metadata that is added to events will contain the source address as-specified
 at the TCP layer and IPs will not be resolved to hostnames.
 
+[id="plugins-{type}s-{plugin}-ecs_compatibility"]
+===== `ecs_compatibility`
+
+* Value type is <<string,string>>
+* Supported values are:
+** `disabled`: unstructured connection metadata added at root level
+** `v1`,`v8`: structured connection metadata added under `[@metadata][input][tcp]`
+* Default value depends on which version of Logstash is running:
+** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
+** Otherwise, the default value is `disabled`.
+
+Controls this plugin's compatibility with the https://www.elastic.co/guide/en/ecs/current/index.html[Elastic Common Schema (ECS)].
+The value of this setting affects the <<plugins-{type}s-{plugin}-ecs_metadata,placement of a TCP connection's metadata>> on events.
+
 [id="plugins-{type}s-{plugin}-host"]
 ===== `host` 
 

data/lib/logstash/inputs/tcp.rb

@@ -5,7 +5,7 @@ require "java"
 require "logstash/inputs/base"
 require "logstash/util/socket_peer"
 require "logstash-input-tcp_jars"
-require "logstash/inputs/tcp/decoder_impl"
+require 'logstash/plugin_mixins/ecs_compatibility_support'
 
 require "socket"
 require "openssl"
@@ -63,6 +63,11 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   java_import 'org.logstash.tcp.InputLoop'
   java_import 'org.logstash.tcp.SslContextBuilder'
 
+  require_relative "tcp/decoder_impl"
+
+  # ecs_compatibility option, provided by Logstash core or the support adapter.
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
+
   config_name "tcp"
 
   default :codec, "line"
@@ -113,13 +118,6 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   # Option to allow users to avoid DNS Reverse Lookup.
   config :dns_reverse_lookup_enabled, :validate => :boolean, :default => true
 
-  HOST_FIELD = "host".freeze
-  HOST_IP_FIELD = "[@metadata][ip_address]".freeze
-  PORT_FIELD = "port".freeze
-  PROXY_HOST_FIELD = "proxy_host".freeze
-  PROXY_PORT_FIELD = "proxy_port".freeze
-  SSLSUBJECT_FIELD = "sslsubject".freeze
-
   # Monkey patch TCPSocket and SSLSocket to include socket peer
   # @private
   def self.patch_socket_peer!
@@ -134,6 +132,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   def initialize(*args)
     super(*args)
 
+    setup_fields!
+
     self.class.patch_socket_peer!
 
     # threadsafe socket bookkeeping
@@ -186,8 +186,8 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
                     proxy_port, tbuf, socket)
     codec.decode(tbuf) do |event|
       if @proxy_protocol
-        event.set(PROXY_HOST_FIELD, proxy_address) unless event.get(PROXY_HOST_FIELD)
-        event.set(PROXY_PORT_FIELD, proxy_port) unless event.get(PROXY_PORT_FIELD)
+        event.set(@field_proxy_host, proxy_address) unless event.get(@field_proxy_host)
+        event.set(@field_proxy_port, proxy_port) unless event.get(@field_proxy_port)
       end
       enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
     end
@@ -260,14 +260,24 @@ class LogStash::Inputs::Tcp < LogStash::Inputs::Base
   end
 
   def enqueue_decorated(event, client_ip_address, client_address, client_port, socket)
-    event.set(HOST_FIELD, client_address) unless event.get(HOST_FIELD)
-    event.set(HOST_IP_FIELD, client_ip_address) unless event.get(HOST_IP_FIELD)
-    event.set(PORT_FIELD, client_port) unless event.get(PORT_FIELD)
-    event.set(SSLSUBJECT_FIELD, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(SSLSUBJECT_FIELD).nil?
+    event.set(@field_host, client_address) unless event.get(@field_host)
+    event.set(@field_host_ip, client_ip_address) unless event.get(@field_host_ip)
+    event.set(@field_port, client_port) unless event.get(@field_port)
+    event.set(@field_sslsubject, socket.peer_cert.subject.to_s) if socket && @ssl_enable && @ssl_verify && event.get(@field_sslsubject).nil?
     decorate(event)
     @output_queue << event
   end
 
+  # setup the field names, with respect to ECS compatibility.
+  def setup_fields!
+    @field_host       = ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"        ].freeze
+    @field_host_ip    = ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"          ].freeze
+    @field_port       = ecs_select[disabled: "port",                    v1: "[@metadata][input][tcp][source][port]"        ].freeze
+    @field_proxy_host = ecs_select[disabled: "proxy_host",              v1: "[@metadata][input][tcp][proxy][ip]"           ].freeze
+    @field_proxy_port = ecs_select[disabled: "proxy_port",              v1: "[@metadata][input][tcp][proxy][port]"         ].freeze
+    @field_sslsubject = ecs_select[disabled: "sslsubject",              v1: "[@metadata][input][tcp][tls][client][subject]"].freeze
+  end
+
   def server?
     @mode == "server"
   end

data/lib/logstash/inputs/tcp/decoder_impl.rb

@@ -1,7 +1,7 @@
 # encoding: utf-8
 require 'java'
 
-class DecoderImpl
+class LogStash::Inputs::Tcp::DecoderImpl
 
   include org.logstash.tcp.Decoder
 
@@ -24,7 +24,7 @@ class DecoderImpl
   end
 
   def copy
-    DecoderImpl.new(@codec.clone, @tcp)
+    self.class.new(@codec.clone, @tcp)
   end
 
   def flush
@@ -41,16 +41,17 @@ class DecoderImpl
         @tcp.logger.error("Invalid proxy protocol header label", :header => pp_hdr)
         raise IOError.new("Invalid proxy protocol header label #{pp_hdr.inspect}")
       else
-        @proxy_address = pp_info[3]
-        @proxy_port = pp_info[5]
-        @address = pp_info[2]
-        @port = pp_info[4]
+        @proxy_address = pp_info[3] # layer 3 destination address (proxy's receiving address)
+        @proxy_port = pp_info[5] # TCP destination port (proxy's receiving port)
+        @ip_address = pp_info[2] # layer 3 source address (outgoing ip of sender)
+        @address = extract_host_name(@ip_address)
+        @port = pp_info[4] # TCP source port (outgoing port on sender [probably random])
       end
     else
       filtered = received
-      @ip_address = channel_addr.get_address.get_host_address
-      @address = extract_host_name(channel_addr)
-      @port = channel_addr.get_port
+      @ip_address = channel_addr.get_address.get_host_address # ip address of sender
+      @address = extract_host_name(channel_addr) # name _or_ address of sender
+      @port = channel_addr.get_port # outgoing port of sender (probably random)
     end
     @first_read = false
     filtered
@@ -58,6 +59,8 @@ class DecoderImpl
 
   private
   def extract_host_name(channel_addr)
+    channel_addr = java.net.InetSocketAddress.new(channel_addr, 0) if channel_addr.kind_of?(String)
+
     return channel_addr.get_host_string unless @tcp.dns_reverse_lookup_enabled?
 
     channel_addr.get_host_name

data/logstash-input-tcp.gemspec

@@ -21,6 +21,7 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~>1.2'
 
   s.add_runtime_dependency 'logstash-core', '>= 6.7.0'
 

data/spec/inputs/tcp_spec.rb

@@ -15,9 +15,11 @@ java_import "io.netty.handler.ssl.util.SelfSignedCertificate"
 
 require_relative "../spec_helper"
 
+require 'logstash/plugin_mixins/ecs_compatibility_support/spec_helper'
+
 #Cabin::Channel.get(LogStash).subscribe(STDOUT)
 #Cabin::Channel.get(LogStash).level = :debug
-describe LogStash::Inputs::Tcp do
+describe LogStash::Inputs::Tcp, :ecs_compatibility_support do
 
   def get_port
     begin
@@ -52,160 +54,176 @@ describe LogStash::Inputs::Tcp do
     end
   end
 
-  it "should read plain with unicode" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
+  ecs_compatibility_matrix(:disabled,:v1, :v8 => :v1) do |ecs_select|
+    before(:each) do
+      allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
+    end
+
+    it "should read plain with unicode" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+          }
         }
-      }
-    CONFIG
+      CONFIG
+
+      host = 'localhost'
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new(host, port) }
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-    host = 'localhost'
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new(host, port) }
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
-        socket.flush
+        event_count.times.collect {queue.pop}
       end
-      socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      event_count.times do |i|
+        event = events[i]
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      event = events[i]
-      insist { event.get("message") } == "#{i} ☹"
-      insist { ["localhost","ip6-localhost"].includes? event.get("host") }
-      insist { event.get("[@metadata][ip_address]") } == '127.0.0.1'
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host", v1: "[@metadata][input][tcp][source][name]"])).to eq("localhost").or eq("ip6-localhost")
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"])).to eq('127.0.0.1')
+        end
+      end
     end
-  end
 
-  it "should handle PROXY protocol v1 connections" do
-    event_count = 10
-    conf = <<-CONFIG
-      input {
-        tcp {
-          proxy_protocol => true
-          port => '#{port}'
+    it "should handle PROXY protocol v1 connections" do
+      event_count = 10
+      conf = <<-CONFIG
+        input {
+          tcp {
+            proxy_protocol => true
+            port => '#{port}'
+          }
         }
-      }
-    CONFIG
+      CONFIG
 
-    events = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
-      socket.flush
-      event_count.times do |i|
-        # unicode smiley for testing unicode support!
-        socket.puts("#{i} ☹")
+      events = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts("PROXY TCP4 1.2.3.4 5.6.7.8 1234 5678\r");
         socket.flush
-      end
-      socket.close
+        event_count.times do |i|
+          # unicode smiley for testing unicode support!
+          socket.puts("#{i} ☹")
+          socket.flush
+        end
+        socket.close
 
-      event_count.times.collect {queue.pop}
-    end
+        event_count.times.collect {queue.pop}
+      end
 
-    insist { events.length } == event_count
-    events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
-    event_count.times do |i|
-      insist { events[i].get("message") } == "#{i} ☹"
-      insist { events[i].get("host") } == "1.2.3.4"
-      insist { events[i].get("port") } == "1234"
-      insist { events[i].get("proxy_host") } == "5.6.7.8"
-      insist { events[i].get("proxy_port") } == "5678"
+      expect(events.length).to eq(event_count)
+      events = events.sort_by {|e| e.get("message")} # the ordering of events in the queue is highly timing-dependent
+      events.each_with_index do |event, i|
+        aggregate_failures("event #{i}") do
+          expect(event.get("message")).to eq("#{i} ☹")
+          expect(event.get(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])).to eq('1.2.3.4')
+          expect(event.get(ecs_select[disabled: "port",                    v1: "[@metadata][input][tcp][source][port]"])).to eq('1234')
+          expect(event.get(ecs_select[disabled: "proxy_host",              v1: "[@metadata][input][tcp][proxy][ip]"  ])).to eq('5.6.7.8')
+          expect(event.get(ecs_select[disabled: "proxy_port",              v1: "[@metadata][input][tcp][proxy][port]"  ])).to eq('5678')
+        end
+      end
     end
-  end
 
-  it "should read events with plain codec and ISO-8859-1 charset" do
-    charset = "ISO-8859-1"
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => plain { charset => "#{charset}" }
+    it "should read events with json codec" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world",
+        "foo" => [1,2,3],
+        "baz" => { "1" => "2" },
+        "host" => "example host"
       }
-    CONFIG
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
-      text.force_encoding("ISO-8859-1")
-      socket.puts(text)
-      socket.close
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-      queue.pop
-    end
+        queue.pop
+      end
 
-    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
-    insist { event.get("message").size } == 1
-    insist { event.get("message").bytesize } == 2
-    insist { event.get("message") } == "£"
-  end
+      insist { event.get("hello") } == data["hello"]
+      insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
+      insist { event.get("baz") } == data["baz"]
 
-  it "should read events with json codec" do
-    conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+      # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
+      # if present, instead of providing its own
+      insist { event.get("host") } == data["host"]
+    end
+
+    it "should read events with json codec (testing 'host' handling)" do
+      conf = <<-CONFIG
+        input {
+          tcp {
+            port => #{port}
+            codec => json
+          }
         }
+      CONFIG
+
+      data = {
+        "hello" => "world"
       }
-    CONFIG
 
-    data = {
-      "hello" => "world",
-      "foo" => [1,2,3],
-      "baz" => { "1" => "2" },
-      "host" => "example host"
-    }
+      event = input(conf) do |pipeline, queue|
+        socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
+        socket.puts(LogStash::Json.dump(data))
+        socket.close
 
-    event = input(conf) do |pipeline, queue|
-      socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
-      socket.close
+        queue.pop
+      end
 
-      queue.pop
+      aggregate_failures("event") do
+        expect(event.get("hello")).to eq(data["hello"])
+        expect(event).to include(ecs_select[disabled: "host",                    v1: "[@metadata][input][tcp][source][name]"])
+        expect(event).to include(ecs_select[disabled: "[@metadata][ip_address]", v1: "[@metadata][input][tcp][source][ip]"  ])
+      end
     end
-
-    insist { event.get("hello") } == data["hello"]
-    insist { event.get("foo").to_a } == data["foo"] # to_a to cast Java ArrayList produced by JrJackson
-    insist { event.get("baz") } == data["baz"]
-
-    # Make sure the tcp input, w/ json codec, uses the event's 'host' value,
-    # if present, instead of providing its own
-    insist { event.get("host") } == data["host"]
   end
 
-  it "should read events with json codec (testing 'host' handling)" do
+  it "should read events with plain codec and ISO-8859-1 charset" do
+    charset = "ISO-8859-1"
     conf = <<-CONFIG
-      input {
-        tcp {
-          port => #{port}
-          codec => json
+        input {
+          tcp {
+            port => #{port}
+            codec => plain { charset => "#{charset}" }
+          }
         }
-      }
     CONFIG
 
-    data = {
-      "hello" => "world"
-    }
-
     event = input(conf) do |pipeline, queue|
       socket = Stud::try(5.times) { TCPSocket.new("127.0.0.1", port) }
-      socket.puts(LogStash::Json.dump(data))
+      text = "\xA3" # the £ symbol in ISO-8859-1 aka Latin-1
+      text.force_encoding("ISO-8859-1")
+      socket.puts(text)
       socket.close
 
       queue.pop
     end
 
-    insist { event.get("hello") } == data["hello"]
-    insist { event }.include?("host")
+    # Make sure the 0xA3 latin-1 code converts correctly to UTF-8.
+    aggregate_failures("event") do
+      expect(event.get("message")).to have_attributes(size: 1, bytesize: 2, encoding: Encoding.find("UTF-8"))
+      expect(event.get("message")).to eq("£")
+    end
   end
 
   it "should read events with json_lines codec" do

data/version

@@ -1 +1 @@
-6.1.1
+6.2.0

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-input-tcp
 version: !ruby/object:Gem::Version
-  version: 6.1.1
+  version: 6.2.0
 platform: java
 authors:
 - Elastic
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-06-18 00:00:00.000000000 Z
+date: 2021-06-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -30,6 +30,20 @@ dependencies:
     - - "<="
       - !ruby/object:Gem::Version
         version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  name: logstash-mixin-ecs_compatibility_support
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.2'
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -211,7 +225,7 @@ files:
 - logstash-input-tcp.gemspec
 - spec/inputs/tcp_spec.rb
 - spec/spec_helper.rb
-- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.1.1/logstash-input-tcp-6.1.1.jar
+- vendor/jar-dependencies/org/logstash/inputs/logstash-input-tcp/6.2.0/logstash-input-tcp-6.2.0.jar
 - version
 homepage: http://www.elastic.co/guide/en/logstash/current/index.html
 licenses: