logstash-output-azure_loganalytics 0.2.3 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 979885fba76d51d97736cce9150ddc0df3e08061
-  data.tar.gz: 64e69b5fd9e4290e7ff40dfced1484033c8d764b
+  metadata.gz: b09df7b108a440679410974226e7e7599463d9c2
+  data.tar.gz: 30d5a64ab00f80ff9446eaccb8094e5766ff3606
 SHA512:
-  metadata.gz: f43dcc28048eb42f27b9053f2bd530791eb852d43f6eff796ace77e4526a873da074cb0c839780f927e397cb120b2bebca11a1b05f03289b6c8978f7706f3e96
-  data.tar.gz: cb4f87632dd4af3913f21c01bd0611648c0be7d48beaf4de7b8f295e25f767447da8c9fa80f59a8b543db441d7fac0b720cb1dc4b069bb6da48dfe40ad7c1f28
+  metadata.gz: 1039c5799973e17dbd72ab8f4918d501967455bc398469da1e0ba7aee7478b4259c3894bd4ae857d5004042861360c506d77ab9263e5b8a245c015d7e1123d7c
+  data.tar.gz: 130337fedcefcf9f07ee34961cfbf0786b53d1129715811b0a8b52a38293913d9998733e1666dfbfc21de51a0d3ca6213644c2b450dc0f3e5e21bee0ed91ec15

data/CHANGELOG.md

@@ -1,7 +1,31 @@
+## 0.5.0
+
+* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.5.0"
+* Support sprintf syntax like `%{my_log_type}` for `log_type` config param - [Issue #13](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/13)
+
+## 0.4.0
+
+* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.4.0"
+
+## 0.3.2
+
+* Improvement: removed unnecessary key check 
+
+## 0.3.1
+
+* Performance optimization for large key_names list scenario - [Issue#10](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/10)
+
+## 0.3.0
+
+* Support `key_types` param - [Issue#8](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/8)
+* Support custom log analytics API endpoint (for supporting Azure sovereign cloud) - [Issue#9](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/9)
+
 ## 0.2.3
+
 * Added additional debug logging for successful requests - [PR#7](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/7) by [@daniel-chambers](https://github.com/daniel-chambers)
 
 ## 0.2.2
+
 * Fix logging failure - [PR#6](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/6) by [@daniel-chambers](https://github.com/daniel-chambers)
 
 ## 0.2.1

data/README.md

@@ -19,7 +19,8 @@ output {
         customer_id => "<OMS WORKSPACE ID>"
         shared_key => "<CLIENT AUTH KEY>"
         log_type => "<LOG TYPE NAME>"
-        key_names  => ['key1','key2','key3'..] ## list of Key names (array)
+        key_names  => ['key1','key2','key3'..] ## list of Key names
+        key_types => {'key1'=> 'string' 'key2'=>'double' 'key3'=>'boolean' .. }
         flush_items => <FLUSH_ITEMS_NUM>
         flush_interval_time => <FLUSH INTERVAL TIME(sec)>
     }
@@ -28,12 +29,20 @@ output {
 
  * **customer\_id (required)** - Your Operations Management Suite workspace ID
  * **shared\_key (required)** - The primary or the secondary Connected Sources client authentication key.
- * **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. This must be only alpha characters. 
+ * **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. It must only contain alpha numeric and _, and not exceed 100 chars. sprintf syntax like `%{my_log_type}` is supported.
  * **time\_generated\_field (optional)** - Default:''(empty string) The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ). See also [this](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api#create-a-request) for more details
- * **key\_names (optional)** - Default:[] (empty array). list of Key names in in-coming record to deliver.
+ * **key\_names (optional)** - Default:[] (empty array). The list of key names in in-coming record that you want to submit to Log Analytics.
+ * **key\_types (optional)** - Default:{} (empty hash). The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+   * The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+   * Multiple key value entries are separated by `spaces` rather than commas (See also [this](https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash))
+   * If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+   * In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
  * **flush_items (optional)** - Default 50. Max number of items to buffer before flushing (1 - 1000).
  * **flush_interval_time (optional)** - Default 5. Max number of seconds to wait between flushes.
 
+> [NOTE] There is a special param for changing the Log Analytics API endpoint (mainly for supporting Azure sovereign cloud)
+> * **endpoint (optional)** - Default: ods.opinsights.azure.com 
+
 ## Tests
 
 Here is an example configuration where Logstash's event source and destination are configured as Apache2 access log and Azure Log Analytics respectively.

data/VERSION

@@ -1 +1 @@
-0.2.3
+0.5.0

data/lib/logstash/outputs/azure_loganalytics.rb

@@ -1,4 +1,5 @@
 # encoding: utf-8
+
 require "logstash/outputs/base"
 require "logstash/namespace"
 require "stud/buffer"
@@ -14,15 +15,32 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   # The primary or the secondary Connected Sources client authentication key
   config :shared_key, :validate => :string, :required => true
 
-  # The name of the event type that is being submitted to Log Analytics. This must be only alpha characters.
+  # The name of the event type that is being submitted to Log Analytics. 
+  # This must only contain alpha numeric and _, and not exceed 100 chars. 
+  # sprintf syntax like %{my_log_type} is supported.
   config :log_type, :validate => :string, :required => true
 
-  # The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
+  # The service endpoint (Default: ods.opinsights.azure.com)
+  config :endpoint, :validate => :string, :default => 'ods.opinsights.azure.com'
+
+  # The name of the time generated field.
+  # Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
   config :time_generated_field, :validate => :string, :default => ''
 
-  # list of Key names in in-coming record to deliver.
+  # The list of key names in in-coming record that you want to submit to Log Analytics
   config :key_names, :validate => :array, :default => []
-  
+
+  # The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+  # - The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+  # - Multiple key value entries are separated by `spaces` rather than commas 
+  #   See also https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash
+  # - If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+  # - In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
+  # Example:
+  #   key_names => ['key1','key2','key3','key4',...]
+  #   key_types => {'key1'=>'string' 'key2'=>'string' 'key3'=>'boolean' 'key4'=>'double' ...}
+  config :key_types, :validate => :hash, :default => {}
+
   # Max number of items to buffer before flushing. Default 50.
   config :flush_items, :validate => :number, :default => 50
   
@@ -33,13 +51,19 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   def register
     require 'azure/loganalytics/datacollectorapi/client'
 
-    ## Configure
-    if not @log_type.match(/^[[:alpha:]]+$/)
-      raise ArgumentError, 'log_type must be only alpha characters' 
-    end
+    #if not @log_type.match(/^[[:alpha:]]+$/)
+    #  raise ArgumentError, 'log_type must be only alpha characters' 
+    #end
+
+    @key_types.each { |k, v|
+      t = v.downcase
+      if ( !t.eql?('string') && !t.eql?('double') && !t.eql?('boolean') ) 
+        raise ArgumentError, "Key type(#{v}) for key(#{k}) must be either string, boolean, or double"
+      end
+    }
 
     ## Start 
-    @client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key)
+    @client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key,@endpoint)
 
     buffer_initialize(
       :max_items => @flush_items,
@@ -51,6 +75,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
 
   public
   def receive(event)
+    @log_type = event.sprintf(@log_type)
     # Simply save an event for later delivery
     buffer_receive(event)
   end # def receive
@@ -64,8 +89,12 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
       document = {}
       event_hash = event.to_hash()
       if @key_names.length > 0
-        @key_names.each do |key|
-          if event_hash.include?(key)
+        # Get the intersection of key_names and keys of event_hash
+        keys_intersection = @key_names & event_hash.keys
+        keys_intersection.each do |key|
+          if @key_types.include?(key)
+            document[key] = convert_value(@key_types[key], event_hash[key])
+          else
             document[key] = event_hash[key]
           end
         end
@@ -95,7 +124,20 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
     rescue Exception => ex
       @logger.error("Exception occured in posting to DataCollector API: '#{ex}', data=>" + (documents.to_json).to_s)
     end
-
   end # def flush
 
+  private
+  def convert_value(type, val)
+    t = type.downcase
+    case t
+    when "boolean"
+      v = val.downcase
+      return (v.to_s == 'true' ) ? true : false
+    when "double"
+      return Integer(val) rescue Float(val) rescue val
+    else
+      return val
+    end
+  end
+
 end # class LogStash::Outputs::AzureLogAnalytics

data/logstash-output-azure_loganalytics.gemspec

@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "rest-client", ">= 1.8.0"
-  s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.1.2"
+  s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.4.0"
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
   s.add_runtime_dependency "logstash-codec-plain"
   s.add_development_dependency "logstash-devutils"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-azure_loganalytics
 version: !ruby/object:Gem::Version
-  version: 0.2.3
+  version: 0.5.0
 platform: ruby
 authors:
 - Yoichi Kawasaki
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-03-30 00:00:00.000000000 Z
+date: 2020-07-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -29,7 +29,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.4.0
   name: azure-loganalytics-datacollector-api
   prerelease: false
   type: :runtime
@@ -37,7 +37,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 0.1.2
+        version: 0.4.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements: