logstash-output-azure_loganalytics 0.3.2 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +28 -0
- data/README.md +10 -5
- data/VERSION +1 -1
- data/lib/logstash/outputs/azure_loganalytics.rb +37 -42
- data/logstash-output-azure_loganalytics.gemspec +1 -1
- data/spec/outputs/azure_loganalytics_spec.rb +2 -4
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c8478ec73e02eae91388307f89026500b140364d
|
|
4
|
+
data.tar.gz: 8ca5e7e57bf454b4f33ff614b5f9e25a76b1ea1c
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cf96615306ab45d89fa999a4ded0ed0da8f31e5b6caf01b1d473b57a36f16303d04211eda349944a27badd93fcea4da0fa632795eedb5b385ceb835f7b2448fa
|
|
7
|
+
data.tar.gz: d0762a739e1f30b70a0cf1084cdbfabdd75cea7ce6851eef6847e09d71543bb8bec9237a21e20fc8eea39a2213ea6367d6ca5d678244b5a31734312a111c9e9f
|
data/CHANGELOG.md
CHANGED
|
@@ -1,17 +1,45 @@
|
|
|
1
|
+
## 0.6.0
|
|
2
|
+
|
|
3
|
+
* Multithreading support - [PR #17](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/17) by [@daniel-chambers](https://github.com/daniel-chambers)
|
|
4
|
+
* Big performance improvement
|
|
5
|
+
* New parame `max_batch_items` is added
|
|
6
|
+
* No longer `flush_items` and `flush_interval_time` params are supported in the plugin configuration
|
|
7
|
+
|
|
8
|
+
## 0.5.2
|
|
9
|
+
|
|
10
|
+
* Fixed using sprintf in log_type - [PR #16](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/16) by [@daniel-chambers](https://github.com/daniel-chambers)
|
|
11
|
+
|
|
12
|
+
## 0.5.1
|
|
13
|
+
|
|
14
|
+
* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.5.0"
|
|
15
|
+
|
|
16
|
+
## 0.5.0
|
|
17
|
+
|
|
18
|
+
* Support sprintf syntax like `%{my_log_type}` for `log_type` config param - [Issue #13](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/13)
|
|
19
|
+
|
|
20
|
+
## 0.4.0
|
|
21
|
+
|
|
22
|
+
* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.4.0"
|
|
23
|
+
|
|
1
24
|
## 0.3.2
|
|
25
|
+
|
|
2
26
|
* Improvement: removed unnecessary key check
|
|
3
27
|
|
|
4
28
|
## 0.3.1
|
|
29
|
+
|
|
5
30
|
* Performance optimization for large key_names list scenario - [Issue#10](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/10)
|
|
6
31
|
|
|
7
32
|
## 0.3.0
|
|
33
|
+
|
|
8
34
|
* Support `key_types` param - [Issue#8](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/8)
|
|
9
35
|
* Support custom log analytics API endpoint (for supporting Azure sovereign cloud) - [Issue#9](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/9)
|
|
10
36
|
|
|
11
37
|
## 0.2.3
|
|
38
|
+
|
|
12
39
|
* Added additional debug logging for successful requests - [PR#7](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/7) by [@daniel-chambers](https://github.com/daniel-chambers)
|
|
13
40
|
|
|
14
41
|
## 0.2.2
|
|
42
|
+
|
|
15
43
|
* Fix logging failure - [PR#6](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/6) by [@daniel-chambers](https://github.com/daniel-chambers)
|
|
16
44
|
|
|
17
45
|
## 0.2.1
|
data/README.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# Azure Log Analytics output plugin for Logstash
|
|
2
2
|
logstash-output-azure_loganalytics is a logstash plugin to output to Azure Log Analytics. [Logstash](https://www.elastic.co/products/logstash) is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite [destinations](https://www.elastic.co/products/logstash). [Log Analytics](https://azure.microsoft.com/en-us/services/log-analytics/) is a service in Operations Management Suite (OMS) that helps you collect and analyze data generated by resources in your cloud and on-premises environments. It gives you real-time insights using integrated search and custom dashboards to readily analyze millions of records across all of your workloads and servers regardless of their physical location. The plugin stores in-coming events to Azure Log Analytics by leveraging [Log Analytics HTTP Data Collector API](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api)
|
|
3
3
|
|
|
4
|
+
> [NOTICE]
|
|
5
|
+
> logstash-output-azure_loganalytics >= 0.6.0
|
|
6
|
+
> - Multithreading support
|
|
7
|
+
> - New parame `max_batch_items` is added
|
|
8
|
+
> - No longer `flush_items` and `flush_interval_time` params are supported in the plugin configuration
|
|
9
|
+
|
|
10
|
+
|
|
4
11
|
## Installation
|
|
5
12
|
|
|
6
13
|
You can install this plugin using the Logstash "plugin" or "logstash-plugin" (for newer versions of Logstash) command:
|
|
@@ -21,15 +28,14 @@ output {
|
|
|
21
28
|
log_type => "<LOG TYPE NAME>"
|
|
22
29
|
key_names => ['key1','key2','key3'..] ## list of Key names
|
|
23
30
|
key_types => {'key1'=> 'string' 'key2'=>'double' 'key3'=>'boolean' .. }
|
|
24
|
-
|
|
25
|
-
flush_interval_time => <FLUSH INTERVAL TIME(sec)>
|
|
31
|
+
max_batch_items => <MAX BATCH ITEMS (num)>
|
|
26
32
|
}
|
|
27
33
|
}
|
|
28
34
|
```
|
|
29
35
|
|
|
30
36
|
* **customer\_id (required)** - Your Operations Management Suite workspace ID
|
|
31
37
|
* **shared\_key (required)** - The primary or the secondary Connected Sources client authentication key.
|
|
32
|
-
* **log\_type (required)** - The name of the event type that is being submitted to Log Analytics.
|
|
38
|
+
* **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. It must only contain alpha numeric and _, and not exceed 100 chars. sprintf syntax like `%{my_log_type}` is supported.
|
|
33
39
|
* **time\_generated\_field (optional)** - Default:''(empty string) The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ). See also [this](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api#create-a-request) for more details
|
|
34
40
|
* **key\_names (optional)** - Default:[] (empty array). The list of key names in in-coming record that you want to submit to Log Analytics.
|
|
35
41
|
* **key\_types (optional)** - Default:{} (empty hash). The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
|
|
@@ -37,8 +43,7 @@ output {
|
|
|
37
43
|
* Multiple key value entries are separated by `spaces` rather than commas (See also [this](https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash))
|
|
38
44
|
* If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
|
|
39
45
|
* In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
|
|
40
|
-
* **
|
|
41
|
-
* **flush_interval_time (optional)** - Default 5. Max number of seconds to wait between flushes.
|
|
46
|
+
* **max_batch_items (optional)** - Default 50. Maximum number of log events to put in one request to Log Analytics.
|
|
42
47
|
|
|
43
48
|
> [NOTE] There is a special param for changing the Log Analytics API endpoint (mainly for supporting Azure sovereign cloud)
|
|
44
49
|
> * **endpoint (optional)** - Default: ods.opinsights.azure.com
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.6.0
|
|
@@ -2,11 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
require "logstash/outputs/base"
|
|
4
4
|
require "logstash/namespace"
|
|
5
|
-
require "
|
|
5
|
+
require "securerandom"
|
|
6
6
|
|
|
7
7
|
class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
8
|
-
include Stud::Buffer
|
|
9
|
-
|
|
10
8
|
config_name "azure_loganalytics"
|
|
11
9
|
|
|
12
10
|
# Your Operations Management Suite workspace ID
|
|
@@ -16,7 +14,8 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
|
16
14
|
config :shared_key, :validate => :string, :required => true
|
|
17
15
|
|
|
18
16
|
# The name of the event type that is being submitted to Log Analytics.
|
|
19
|
-
# This must
|
|
17
|
+
# This must only contain alpha numeric and _, and not exceed 100 chars.
|
|
18
|
+
# sprintf syntax like %{my_log_type} is supported.
|
|
20
19
|
config :log_type, :validate => :string, :required => true
|
|
21
20
|
|
|
22
21
|
# The service endpoint (Default: ods.opinsights.azure.com)
|
|
@@ -40,21 +39,15 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
|
40
39
|
# key_types => {'key1'=>'string' 'key2'=>'string' 'key3'=>'boolean' 'key4'=>'double' ...}
|
|
41
40
|
config :key_types, :validate => :hash, :default => {}
|
|
42
41
|
|
|
43
|
-
#
|
|
44
|
-
config :
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
config :flush_interval_time, :validate => :number, :default => 5
|
|
42
|
+
# Maximum number of log events to put in one request to Log Analytics
|
|
43
|
+
config :max_batch_items, :validate => :number, :default => 50
|
|
44
|
+
|
|
45
|
+
concurrency :shared
|
|
48
46
|
|
|
49
47
|
public
|
|
50
48
|
def register
|
|
51
49
|
require 'azure/loganalytics/datacollectorapi/client'
|
|
52
50
|
|
|
53
|
-
## Configure
|
|
54
|
-
if not @log_type.match(/^[[:alpha:]]+$/)
|
|
55
|
-
raise ArgumentError, 'log_type must be only alpha characters'
|
|
56
|
-
end
|
|
57
|
-
|
|
58
51
|
@key_types.each { |k, v|
|
|
59
52
|
t = v.downcase
|
|
60
53
|
if ( !t.eql?('string') && !t.eql?('double') && !t.eql?('boolean') )
|
|
@@ -65,27 +58,20 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
|
65
58
|
## Start
|
|
66
59
|
@client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key,@endpoint)
|
|
67
60
|
|
|
68
|
-
buffer_initialize(
|
|
69
|
-
:max_items => @flush_items,
|
|
70
|
-
:max_interval => @flush_interval_time,
|
|
71
|
-
:logger => @logger
|
|
72
|
-
)
|
|
73
|
-
|
|
74
61
|
end # def register
|
|
75
62
|
|
|
76
63
|
public
|
|
77
|
-
def
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
64
|
+
def multi_receive(events)
|
|
65
|
+
|
|
66
|
+
flush_guid = SecureRandom.uuid
|
|
67
|
+
@logger.debug("Start receive: #{flush_guid}. Received #{events.length} events")
|
|
81
68
|
|
|
82
|
-
#
|
|
83
|
-
public
|
|
84
|
-
def flush (events, close=false)
|
|
85
|
-
|
|
86
|
-
documents = [] #this is the array of hashes to add Azure Log Analytics
|
|
69
|
+
documentsByLogType = {} # This is a map of log_type to list of documents (themselves maps) to send to Log Analytics
|
|
87
70
|
events.each do |event|
|
|
88
71
|
document = {}
|
|
72
|
+
|
|
73
|
+
log_type_for_event = event.sprintf(@log_type)
|
|
74
|
+
|
|
89
75
|
event_hash = event.to_hash()
|
|
90
76
|
if @key_names.length > 0
|
|
91
77
|
# Get the intersection of key_names and keys of event_hash
|
|
@@ -103,27 +89,36 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
|
103
89
|
# Skip if document doesn't contain any items
|
|
104
90
|
next if (document.keys).length < 1
|
|
105
91
|
|
|
106
|
-
|
|
92
|
+
if documentsByLogType[log_type_for_event] == nil then
|
|
93
|
+
documentsByLogType[log_type_for_event] = []
|
|
94
|
+
end
|
|
95
|
+
documentsByLogType[log_type_for_event].push(document)
|
|
107
96
|
end
|
|
108
97
|
|
|
109
98
|
# Skip in case there are no candidate documents to deliver
|
|
110
|
-
if
|
|
111
|
-
@logger.debug("No documents in batch
|
|
99
|
+
if documentsByLogType.length < 1
|
|
100
|
+
@logger.debug("No documents in batch. Skipping")
|
|
112
101
|
return
|
|
113
102
|
end
|
|
114
103
|
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
118
|
-
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
|
|
104
|
+
documentsByLogType.each do |log_type_for_events, events|
|
|
105
|
+
events.each_slice(@max_batch_items) do |event_batch|
|
|
106
|
+
begin
|
|
107
|
+
@logger.debug("Posting log batch (log count: #{event_batch.length}) as log type #{log_type_for_events} to DataCollector API. First log: " + (event_batch[0].to_json).to_s)
|
|
108
|
+
res = @client.post_data(log_type_for_events, event_batch, @time_generated_field)
|
|
109
|
+
if Azure::Loganalytics::Datacollectorapi::Client.is_success(res)
|
|
110
|
+
@logger.debug("Successfully posted logs as log type #{log_type_for_events} with result code #{res.code} to DataCollector API")
|
|
111
|
+
else
|
|
112
|
+
@logger.error("DataCollector API request failure (log type #{log_type_for_events}): error code: #{res.code}, data=>" + (event_batch.to_json).to_s)
|
|
113
|
+
end
|
|
114
|
+
rescue Exception => ex
|
|
115
|
+
@logger.error("Exception occured in posting to DataCollector API as log type #{log_type_for_events}: '#{ex}', data=>" + (event_batch.to_json).to_s)
|
|
116
|
+
end
|
|
122
117
|
end
|
|
123
|
-
rescue Exception => ex
|
|
124
|
-
@logger.error("Exception occured in posting to DataCollector API: '#{ex}', data=>" + (documents.to_json).to_s)
|
|
125
118
|
end
|
|
126
|
-
|
|
119
|
+
@logger.debug("End receive: #{flush_guid}")
|
|
120
|
+
|
|
121
|
+
end # def multi_receive
|
|
127
122
|
|
|
128
123
|
private
|
|
129
124
|
def convert_value(type, val)
|
|
@@ -19,7 +19,7 @@ Gem::Specification.new do |s|
|
|
|
19
19
|
|
|
20
20
|
# Gem dependencies
|
|
21
21
|
s.add_runtime_dependency "rest-client", ">= 1.8.0"
|
|
22
|
-
s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.
|
|
22
|
+
s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.5.0"
|
|
23
23
|
s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
|
|
24
24
|
s.add_runtime_dependency "logstash-codec-plain"
|
|
25
25
|
s.add_development_dependency "logstash-devutils"
|
|
@@ -28,7 +28,7 @@ describe LogStash::Outputs::AzureLogAnalytics do
|
|
|
28
28
|
azure_loganalytics_output.register
|
|
29
29
|
end
|
|
30
30
|
|
|
31
|
-
describe "#
|
|
31
|
+
describe "#multi_receive" do
|
|
32
32
|
it "Should successfully send the event to Azure Log Analytics" do
|
|
33
33
|
events = []
|
|
34
34
|
log1 = {
|
|
@@ -61,11 +61,9 @@ describe LogStash::Outputs::AzureLogAnalytics do
|
|
|
61
61
|
|
|
62
62
|
event1 = LogStash::Event.new(log1)
|
|
63
63
|
event2 = LogStash::Event.new(log2)
|
|
64
|
-
azure_loganalytics_output.receive(event1)
|
|
65
|
-
azure_loganalytics_output.receive(event2)
|
|
66
64
|
events.push(event1)
|
|
67
65
|
events.push(event2)
|
|
68
|
-
expect {azure_loganalytics_output.
|
|
66
|
+
expect {azure_loganalytics_output.multi_receive(events)}.to_not raise_error
|
|
69
67
|
end
|
|
70
68
|
end
|
|
71
69
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-azure_loganalytics
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.6.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yoichi Kawasaki
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-10-01 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -29,7 +29,7 @@ dependencies:
|
|
|
29
29
|
requirements:
|
|
30
30
|
- - ">="
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version: 0.
|
|
32
|
+
version: 0.5.0
|
|
33
33
|
name: azure-loganalytics-datacollector-api
|
|
34
34
|
prerelease: false
|
|
35
35
|
type: :runtime
|
|
@@ -37,7 +37,7 @@ dependencies:
|
|
|
37
37
|
requirements:
|
|
38
38
|
- - ">="
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: 0.
|
|
40
|
+
version: 0.5.0
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
requirement: !ruby/object:Gem::Requirement
|
|
43
43
|
requirements:
|