logstash-output-azure_loganalytics 0.2.2 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 629eda80466a6cfbdcce7776297948a4e0de40c6
-  data.tar.gz: 042e2dfeb268197f6375f57f6d0a619bf530fa95
+  metadata.gz: f410b4bc1027dc2c2823fdea3b30d0d8228780b0
+  data.tar.gz: 7f903327f440d33f41c9c4fa68357554599f9bb7
 SHA512:
-  metadata.gz: 0bfcfd713c74c97d32b077c3e039cd6a6bdc4ce85148a28dd45f852a65ab50606f5233fbff4e8ccc3698748a0e6957b822df6c88d48a6818f377fa84711b244f
-  data.tar.gz: af429bb4c0a4e646b3b37886e1762cda43861ff33e437a8a59da02fef89d01d4aaeb5b1716a9bc4273a6e39d016d5035738a6cdc3bedcd5f8c4641e0d51a13c9
+  metadata.gz: cf3fa242b5337af37a589f687fc13d16374eefadf0de7d8114d925eba06837d41b2625b4bb0ae21671390bfae1fb0ce6a7df5fc87586a46cb9b0d85736bdf685
+  data.tar.gz: 622d7474dd3f46629674610dafd5170475004462286732c39372d7ca5c31b14a25eed54152ff6dbeacd497f630abbd4afd12cdf5f29448e01eeeb52212b4345b

data/CHANGELOG.md

@@ -1,5 +1,21 @@
+## 0.4.0
+* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.4.0"
+
+## 0.3.2
+* Improvement: removed unnecessary key check 
+
+## 0.3.1
+* Performance optimization for large key_names list scenario - [Issue#10](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/10)
+
+## 0.3.0
+* Support `key_types` param - [Issue#8](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/8)
+* Support custom log analytics API endpoint (for supporting Azure sovereign cloud) - [Issue#9](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/9)
+
+## 0.2.3
+* Added additional debug logging for successful requests - [PR#7](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/7) by [@daniel-chambers](https://github.com/daniel-chambers)
+
 ## 0.2.2
-* Fix logging failure [PR#6](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/6) (Thanks to [@daniel-chambers](https://github.com/daniel-chambers))
+* Fix logging failure - [PR#6](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/6) by [@daniel-chambers](https://github.com/daniel-chambers)
 
 ## 0.2.1
 
@@ -7,7 +23,7 @@
 
 ## 0.2.0
 
-* Support for time-generated-field in output configuration [Issue#4](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/4) (Thanks to [@KiZach](https://github.com/KiZach))
+* Support for time-generated-field in output configuration - [Issue#4](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/4) (Thanks to [@KiZach](https://github.com/KiZach))
 
 ## 0.1.1
 

data/README.md

@@ -19,7 +19,8 @@ output {
         customer_id => "<OMS WORKSPACE ID>"
         shared_key => "<CLIENT AUTH KEY>"
         log_type => "<LOG TYPE NAME>"
-        key_names  => ['key1','key2','key3'..] ## list of Key names (array)
+        key_names  => ['key1','key2','key3'..] ## list of Key names
+        key_types => {'key1'=> 'string' 'key2'=>'double' 'key3'=>'boolean' .. }
         flush_items => <FLUSH_ITEMS_NUM>
         flush_interval_time => <FLUSH INTERVAL TIME(sec)>
     }
@@ -30,10 +31,18 @@ output {
  * **shared\_key (required)** - The primary or the secondary Connected Sources client authentication key.
  * **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. This must be only alpha characters. 
  * **time\_generated\_field (optional)** - Default:''(empty string) The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ). See also [this](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api#create-a-request) for more details
- * **key\_names (optional)** - Default:[] (empty array). list of Key names in in-coming record to deliver.
+ * **key\_names (optional)** - Default:[] (empty array). The list of key names in in-coming record that you want to submit to Log Analytics.
+ * **key\_types (optional)** - Default:{} (empty hash). The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+   * The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+   * Multiple key value entries are separated by `spaces` rather than commas (See also [this](https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash))
+   * If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+   * In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
  * **flush_items (optional)** - Default 50. Max number of items to buffer before flushing (1 - 1000).
  * **flush_interval_time (optional)** - Default 5. Max number of seconds to wait between flushes.
 
+> [NOTE] There is a special param for changing the Log Analytics API endpoint (mainly for supporting Azure sovereign cloud)
+> * **endpoint (optional)** - Default: ods.opinsights.azure.com 
+
 ## Tests
 
 Here is an example configuration where Logstash's event source and destination are configured as Apache2 access log and Azure Log Analytics respectively.
@@ -115,6 +124,37 @@ Here is an expected output for sample input (Apache2 access log):
 }
 ```
 
+## Debugging
+If you need to debug and watch what this plugin is sending to Log Analytics, you can change the logstash log level for this plugin to `DEBUG` to get additional logs in the logstash logs.
+
+One way of changing the log level is to use the logstash API:
+
+```
+> curl -XPUT 'localhost:9600/_node/logging?pretty' -H "Content-Type: application/json" -d '{ "logger.logstash.outputs.azureloganalytcs" : "DEBUG" }'
+{
+  "host" : "yoichitest01",
+  "version" : "6.5.4",
+  "http_address" : "127.0.0.1:9600",
+  "id" : "d8038a9e-02c6-411a-9f6b-597f910edc54",
+  "name" : "yoichitest01",
+  "acknowledged" : true
+}
+```
+
+You should then be able to see logs like this in your logstash logs:
+
+```
+[2019-03-29T01:18:52,652][DEBUG][logstash.outputs.azureloganalytics] Posting log batch (log count: 50) as log type HealthCheckLogs to DataCollector API. First log: {"message":{"Application":"HealthCheck.API","Environments":{},"Name":"SystemMetrics","LogLevel":"Information","Properties":{"CPU":3,"Memory":83}},"beat":{"version":"6.5.4","hostname":"yoichitest01","name":"yoichitest01"},"timestamp":"2019-03-29T01:18:51.901Z"}
+
+[2019-03-29T01:18:52,819][DEBUG][logstash.outputs.azureloganalytics] Successfully posted logs as log type HealthCheckLogs with result code 200 to DataCollector API
+```
+
+Once you're done, you can use the logstash API to undo your log level changes:
+
+```
+> curl -XPUT 'localhost:9600/_node/logging/reset?pretty'
+```
+
 ## Contributing
 
 Bug reports and pull requests are welcome on GitHub at https://github.com/yokawasa/logstash-output-azure_loganalytics.

data/VERSION

@@ -1 +1 @@
-0.2.2
+0.4.0

data/lib/logstash/outputs/azure_loganalytics.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+
 require "logstash/outputs/base"
 require "logstash/namespace"
 require "stud/buffer"
@@ -14,15 +15,31 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   # The primary or the secondary Connected Sources client authentication key
   config :shared_key, :validate => :string, :required => true
 
-  # The name of the event type that is being submitted to Log Analytics. This must be only alpha characters.
+  # The name of the event type that is being submitted to Log Analytics. 
+  # This must be only alpha characters.
   config :log_type, :validate => :string, :required => true
 
-  # The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
+  # The service endpoint (Default: ods.opinsights.azure.com)
+  config :endpoint, :validate => :string, :default => 'ods.opinsights.azure.com'
+
+  # The name of the time generated field.
+  # Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
   config :time_generated_field, :validate => :string, :default => ''
 
-  # list of Key names in in-coming record to deliver.
+  # The list of key names in in-coming record that you want to submit to Log Analytics
   config :key_names, :validate => :array, :default => []
-  
+
+  # The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+  # - The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+  # - Multiple key value entries are separated by `spaces` rather than commas 
+  #   See also https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash
+  # - If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+  # - In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
+  # Example:
+  #   key_names => ['key1','key2','key3','key4',...]
+  #   key_types => {'key1'=>'string' 'key2'=>'string' 'key3'=>'boolean' 'key4'=>'double' ...}
+  config :key_types, :validate => :hash, :default => {}
+
   # Max number of items to buffer before flushing. Default 50.
   config :flush_items, :validate => :number, :default => 50
   
@@ -38,8 +55,15 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
       raise ArgumentError, 'log_type must be only alpha characters' 
     end
 
+    @key_types.each { |k, v|
+      t = v.downcase
+      if ( !t.eql?('string') && !t.eql?('double') && !t.eql?('boolean') ) 
+        raise ArgumentError, "Key type(#{v}) for key(#{k}) must be either string, boolean, or double"
+      end
+    }
+
     ## Start 
-    @client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key)
+    @client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key,@endpoint)
 
     buffer_initialize(
       :max_items => @flush_items,
@@ -64,8 +88,12 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
       document = {}
       event_hash = event.to_hash()
       if @key_names.length > 0
-        @key_names.each do |key|
-          if event_hash.include?(key)
+        # Get the intersection of key_names and keys of event_hash
+        keys_intersection = @key_names & event_hash.keys
+        keys_intersection.each do |key|
+          if @key_types.include?(key)
+            document[key] = convert_value(@key_types[key], event_hash[key])
+          else
             document[key] = event_hash[key]
           end
         end
@@ -80,18 +108,35 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
 
     # Skip in case there are no candidate documents to deliver
     if documents.length < 1
+      @logger.debug("No documents in batch for log type #{@log_type}. Skipping")
       return
     end
 
     begin
+      @logger.debug("Posting log batch (log count: #{documents.length}) as log type #{@log_type} to DataCollector API. First log: " + (documents[0].to_json).to_s)
       res = @client.post_data(@log_type, documents, @time_generated_field)
-      if not Azure::Loganalytics::Datacollectorapi::Client.is_success(res)
+      if Azure::Loganalytics::Datacollectorapi::Client.is_success(res)
+        @logger.debug("Successfully posted logs as log type #{@log_type} with result code #{res.code} to DataCollector API")
+      else
         @logger.error("DataCollector API request failure: error code: #{res.code}, data=>" + (documents.to_json).to_s)
       end
     rescue Exception => ex
       @logger.error("Exception occured in posting to DataCollector API: '#{ex}', data=>" + (documents.to_json).to_s)
     end
-
   end # def flush
 
+  private
+  def convert_value(type, val)
+    t = type.downcase
+    case t
+    when "boolean"
+      v = val.downcase
+      return (v.to_s == 'true' ) ? true : false
+    when "double"
+      return Integer(val) rescue Float(val) rescue val
+    else
+      return val
+    end
+  end
+
 end # class LogStash::Outputs::AzureLogAnalytics

data/logstash-output-azure_loganalytics.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "rest-client", ">= 1.8.0"
-  s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.1.2"
+  s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.4.0"
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency "logstash-codec-plain"
   s.add_development_dependency "logstash-devutils"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-azure_loganalytics
 version: !ruby/object:Gem::Version
-  version: 0.2.2
+  version: 0.4.0
 platform: ruby
 authors:
 - Yoichi Kawasaki
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-20 00:00:00.000000000 Z
+date: 2020-07-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.4.0
   name: azure-loganalytics-datacollector-api
   prerelease: false
   type: :runtime
@@ -37,7 +37,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -123,7 +123,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project:
-rubygems_version: 2.4.8
+rubygems_version: 2.6.8
 signing_key:
 specification_version: 4
 summary: logstash output plugin to store events into Azure Log Analytics