logstash-output-azure_loganalytics 0.5.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: b09df7b108a440679410974226e7e7599463d9c2
+  data.tar.gz: 30d5a64ab00f80ff9446eaccb8094e5766ff3606
+SHA512:
+  metadata.gz: 1039c5799973e17dbd72ab8f4918d501967455bc398469da1e0ba7aee7478b4259c3894bd4ae857d5004042861360c506d77ab9263e5b8a245c015d7e1123d7c
+  data.tar.gz: 130337fedcefcf9f07ee34961cfbf0786b53d1129715811b0a8b52a38293913d9998733e1666dfbfc21de51a0d3ca6213644c2b450dc0f3e5e21bee0ed91ec15

data/CHANGELOG.md

@@ -0,0 +1,45 @@
+## 0.5.0
+
+* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.5.0"
+* Support sprintf syntax like `%{my_log_type}` for `log_type` config param - [Issue #13](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/13)
+
+## 0.4.0
+
+* Change base [azure-loganalytics-datacollector-api](https://github.com/yokawasa/azure-log-analytics-data-collector) to ">= 0.4.0"
+
+## 0.3.2
+
+* Improvement: removed unnecessary key check 
+
+## 0.3.1
+
+* Performance optimization for large key_names list scenario - [Issue#10](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/10)
+
+## 0.3.0
+
+* Support `key_types` param - [Issue#8](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/8)
+* Support custom log analytics API endpoint (for supporting Azure sovereign cloud) - [Issue#9](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/9)
+
+## 0.2.3
+
+* Added additional debug logging for successful requests - [PR#7](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/7) by [@daniel-chambers](https://github.com/daniel-chambers)
+
+## 0.2.2
+
+* Fix logging failure - [PR#6](https://github.com/yokawasa/logstash-output-azure_loganalytics/pull/6) by [@daniel-chambers](https://github.com/daniel-chambers)
+
+## 0.2.1
+
+* Updated gem dependencies to allow compatibility with Logstash 5 + 6 (Thanks to [@arthurtoper](https://github.com/arthurtoper))
+
+## 0.2.0
+
+* Support for time-generated-field in output configuration - [Issue#4](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/4) (Thanks to [@KiZach](https://github.com/KiZach))
+
+## 0.1.1
+
+* Fixed up [Issue#2](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/2) (Thanks to [@gmousset](https://github.com/gmousset))
+
+## 0.1.0
+
+* Initial Release

data/CONTRIBUTORS

@@ -0,0 +1,13 @@
+The following is a list of people who have contributed ideas, code, bug
+reports, or in general have helped logstash along its way.
+
+Contributors:
+* Yoichi Kawasaki (@yokawasa)
+* Gwendal Mousset (@gmousset)
+* Arthur Toper (@arthurtoper)
+* Daniel Chambers (@daniel-chambers)
+
+Note: If you've sent us patches, bug reports, or otherwise contributed to
+Logstash, and you aren't on the list above and want to be, please let us know
+and we'll make sure you're here. Contributions from folks like you are what make
+open source awesome.

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/LICENSE

@@ -0,0 +1,13 @@
+Copyright (c) 2012–2015 Elasticsearch <http://www.elastic.co>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

data/README.md

@@ -0,0 +1,160 @@
+# Azure Log Analytics output plugin for Logstash 
+logstash-output-azure_loganalytics is a logstash plugin to output to Azure Log Analytics. [Logstash](https://www.elastic.co/products/logstash) is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite [destinations](https://www.elastic.co/products/logstash). [Log Analytics](https://azure.microsoft.com/en-us/services/log-analytics/) is a service in Operations Management Suite (OMS) that helps you collect and analyze data generated by resources in your cloud and on-premises environments. It gives you real-time insights using integrated search and custom dashboards to readily analyze millions of records across all of your workloads and servers regardless of their physical location. The plugin stores in-coming events to Azure Log Analytics by leveraging [Log Analytics HTTP Data Collector API](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api)
+
+## Installation
+
+You can install this plugin using the Logstash "plugin" or "logstash-plugin" (for newer versions of Logstash) command:
+```
+bin/plugin install logstash-output-azure_loganalytics
+# or
+bin/logstash-plugin install logstash-output-azure_loganalytics  (Newer versions of Logstash)
+```
+Please see [Logstash reference](https://www.elastic.co/guide/en/logstash/current/offline-plugins.html) for more information.
+
+## Configuration
+
+```
+output {
+    azure_loganalytics {
+        customer_id => "<OMS WORKSPACE ID>"
+        shared_key => "<CLIENT AUTH KEY>"
+        log_type => "<LOG TYPE NAME>"
+        key_names  => ['key1','key2','key3'..] ## list of Key names
+        key_types => {'key1'=> 'string' 'key2'=>'double' 'key3'=>'boolean' .. }
+        flush_items => <FLUSH_ITEMS_NUM>
+        flush_interval_time => <FLUSH INTERVAL TIME(sec)>
+    }
+}
+```
+
+ * **customer\_id (required)** - Your Operations Management Suite workspace ID
+ * **shared\_key (required)** - The primary or the secondary Connected Sources client authentication key.
+ * **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. It must only contain alpha numeric and _, and not exceed 100 chars. sprintf syntax like `%{my_log_type}` is supported.
+ * **time\_generated\_field (optional)** - Default:''(empty string) The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ). See also [this](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api#create-a-request) for more details
+ * **key\_names (optional)** - Default:[] (empty array). The list of key names in in-coming record that you want to submit to Log Analytics.
+ * **key\_types (optional)** - Default:{} (empty hash). The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+   * The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+   * Multiple key value entries are separated by `spaces` rather than commas (See also [this](https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash))
+   * If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+   * In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
+ * **flush_items (optional)** - Default 50. Max number of items to buffer before flushing (1 - 1000).
+ * **flush_interval_time (optional)** - Default 5. Max number of seconds to wait between flushes.
+
+> [NOTE] There is a special param for changing the Log Analytics API endpoint (mainly for supporting Azure sovereign cloud)
+> * **endpoint (optional)** - Default: ods.opinsights.azure.com 
+
+## Tests
+
+Here is an example configuration where Logstash's event source and destination are configured as Apache2 access log and Azure Log Analytics respectively.
+
+### Example Configuration
+```
+input {
+    file {
+        path => "/var/log/apache2/access.log"
+        start_position => "beginning"
+    }
+}
+
+filter {
+    if [path] =~ "access" {
+        mutate { replace => { "type" => "apache_access" } }
+        grok {
+            match => { "message" => "%{COMBINEDAPACHELOG}" }
+        }
+    }
+    date {
+        match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
+    }
+}
+
+output {
+    azure_loganalytics {
+        customer_id => "818f7bbc-8034-4cc3-b97d-f068dd4cd659"
+        shared_key => "ppC5500KzCcDsOKwM1yWUvZydCuC3m+ds/2xci0byeQr1G3E0Jkygn1N0Rxx/yVBUrDE2ok3vf4ksXxcBmQQHw==(dummy)"
+        log_type => "ApacheAccessLog"
+        key_names  => ['logid','date','processing_time','remote','user','method','status','agent']
+        flush_items => 10
+        flush_interval_time => 5
+    }
+    # for debug
+    stdout { codec => rubydebug }
+}
+```
+
+You can find example configuration files in logstash-output-azure_loganalytics/examples.
+
+### Run the plugin with the example configuration
+
+Now you run logstash with the the example configuration like this:
+```
+# Test your logstash configuration before actually running the logstash
+bin/logstash -f logstash-apache2-to-loganalytics.conf --configtest
+# run
+bin/logstash -f logstash-apache2-to-loganalytics.conf
+```
+
+Here is an expected output for sample input (Apache2 access log):
+
+<u>Apache2 access log</u>
+```
+106.143.121.169 - - [29/Dec/2016:01:38:16 +0000] "GET /test.html HTTP/1.1" 304 179 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
+```
+
+<u>Output (rubydebug)</u>
+```
+{
+        "message" => "106.143.121.169 - - [29/Dec/2016:01:38:16 +0000] \"GET /test.html HTTP/1.1\" 304 179 \"-\" \"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36\"",
+       "@version" => "1",
+     "@timestamp" => "2016-12-29T01:38:16.000Z",
+           "path" => "/var/log/apache2/access.log",
+           "host" => "yoichitest01",
+           "type" => "apache_access",
+       "clientip" => "106.143.121.169",
+          "ident" => "-",
+           "auth" => "-",
+      "timestamp" => "29/Dec/2016:01:38:16 +0000",
+           "verb" => "GET",
+        "request" => "/test.html",
+    "httpversion" => "1.1",
+       "response" => "304",
+          "bytes" => "179",
+       "referrer" => "\"-\"",
+          "agent" => "\"Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36\""
+}
+```
+
+## Debugging
+If you need to debug and watch what this plugin is sending to Log Analytics, you can change the logstash log level for this plugin to `DEBUG` to get additional logs in the logstash logs.
+
+One way of changing the log level is to use the logstash API:
+
+```
+> curl -XPUT 'localhost:9600/_node/logging?pretty' -H "Content-Type: application/json" -d '{ "logger.logstash.outputs.azureloganalytcs" : "DEBUG" }'
+{
+  "host" : "yoichitest01",
+  "version" : "6.5.4",
+  "http_address" : "127.0.0.1:9600",
+  "id" : "d8038a9e-02c6-411a-9f6b-597f910edc54",
+  "name" : "yoichitest01",
+  "acknowledged" : true
+}
+```
+
+You should then be able to see logs like this in your logstash logs:
+
+```
+[2019-03-29T01:18:52,652][DEBUG][logstash.outputs.azureloganalytics] Posting log batch (log count: 50) as log type HealthCheckLogs to DataCollector API. First log: {"message":{"Application":"HealthCheck.API","Environments":{},"Name":"SystemMetrics","LogLevel":"Information","Properties":{"CPU":3,"Memory":83}},"beat":{"version":"6.5.4","hostname":"yoichitest01","name":"yoichitest01"},"timestamp":"2019-03-29T01:18:51.901Z"}
+
+[2019-03-29T01:18:52,819][DEBUG][logstash.outputs.azureloganalytics] Successfully posted logs as log type HealthCheckLogs with result code 200 to DataCollector API
+```
+
+Once you're done, you can use the logstash API to undo your log level changes:
+
+```
+> curl -XPUT 'localhost:9600/_node/logging/reset?pretty'
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/yokawasa/logstash-output-azure_loganalytics.

data/VERSION

@@ -0,0 +1 @@
+0.5.0

data/lib/logstash/outputs/azure_loganalytics.rb

@@ -0,0 +1,143 @@
+# encoding: utf-8
+
+require "logstash/outputs/base"
+require "logstash/namespace"
+require "stud/buffer"
+
+class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
+  include Stud::Buffer
+
+  config_name "azure_loganalytics"
+
+  # Your Operations Management Suite workspace ID
+  config :customer_id, :validate => :string, :required => true
+
+  # The primary or the secondary Connected Sources client authentication key
+  config :shared_key, :validate => :string, :required => true
+
+  # The name of the event type that is being submitted to Log Analytics. 
+  # This must only contain alpha numeric and _, and not exceed 100 chars. 
+  # sprintf syntax like %{my_log_type} is supported.
+  config :log_type, :validate => :string, :required => true
+
+  # The service endpoint (Default: ods.opinsights.azure.com)
+  config :endpoint, :validate => :string, :default => 'ods.opinsights.azure.com'
+
+  # The name of the time generated field.
+  # Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
+  config :time_generated_field, :validate => :string, :default => ''
+
+  # The list of key names in in-coming record that you want to submit to Log Analytics
+  config :key_names, :validate => :array, :default => []
+
+  # The list of data types for each column as which you want to store in Log Analytics (`string`, `boolean`, or `double`)
+  # - The key names in `key_types` param must be included in `key_names` param. The column data whose key isn't included in  `key_names` is treated as `string` data type.
+  # - Multiple key value entries are separated by `spaces` rather than commas 
+  #   See also https://www.elastic.co/guide/en/logstash/current/configuration-file-structure.html#hash
+  # - If you want to store a column as datetime or guid data format, set `string` for the column ( the value of the column should be `YYYY-MM-DDThh:mm:ssZ format` if it's `datetime`, and `GUID format` if it's `guid`).
+  # - In case that `key_types` param are not specified, all columns that you want to submit ( you choose with `key_names` param ) are stored as `string` data type in Log Analytics.
+  # Example:
+  #   key_names => ['key1','key2','key3','key4',...]
+  #   key_types => {'key1'=>'string' 'key2'=>'string' 'key3'=>'boolean' 'key4'=>'double' ...}
+  config :key_types, :validate => :hash, :default => {}
+
+  # Max number of items to buffer before flushing. Default 50.
+  config :flush_items, :validate => :number, :default => 50
+  
+  # Max number of seconds to wait between flushes. Default 5
+  config :flush_interval_time, :validate => :number, :default => 5
+
+  public
+  def register
+    require 'azure/loganalytics/datacollectorapi/client'
+
+    #if not @log_type.match(/^[[:alpha:]]+$/)
+    #  raise ArgumentError, 'log_type must be only alpha characters' 
+    #end
+
+    @key_types.each { |k, v|
+      t = v.downcase
+      if ( !t.eql?('string') && !t.eql?('double') && !t.eql?('boolean') ) 
+        raise ArgumentError, "Key type(#{v}) for key(#{k}) must be either string, boolean, or double"
+      end
+    }
+
+    ## Start 
+    @client=Azure::Loganalytics::Datacollectorapi::Client::new(@customer_id,@shared_key,@endpoint)
+
+    buffer_initialize(
+      :max_items => @flush_items,
+      :max_interval => @flush_interval_time,
+      :logger => @logger
+    )
+
+  end # def register
+
+  public
+  def receive(event)
+    @log_type = event.sprintf(@log_type)
+    # Simply save an event for later delivery
+    buffer_receive(event)
+  end # def receive
+
+  # called from Stud::Buffer#buffer_flush when there are events to flush
+  public
+  def flush (events, close=false)
+  
+    documents = []  #this is the array of hashes to add Azure Log Analytics
+    events.each do |event|
+      document = {}
+      event_hash = event.to_hash()
+      if @key_names.length > 0
+        # Get the intersection of key_names and keys of event_hash
+        keys_intersection = @key_names & event_hash.keys
+        keys_intersection.each do |key|
+          if @key_types.include?(key)
+            document[key] = convert_value(@key_types[key], event_hash[key])
+          else
+            document[key] = event_hash[key]
+          end
+        end
+      else
+        document = event_hash
+      end
+      # Skip if document doesn't contain any items
+      next if (document.keys).length < 1
+
+      documents.push(document)
+    end
+
+    # Skip in case there are no candidate documents to deliver
+    if documents.length < 1
+      @logger.debug("No documents in batch for log type #{@log_type}. Skipping")
+      return
+    end
+
+    begin
+      @logger.debug("Posting log batch (log count: #{documents.length}) as log type #{@log_type} to DataCollector API. First log: " + (documents[0].to_json).to_s)
+      res = @client.post_data(@log_type, documents, @time_generated_field)
+      if Azure::Loganalytics::Datacollectorapi::Client.is_success(res)
+        @logger.debug("Successfully posted logs as log type #{@log_type} with result code #{res.code} to DataCollector API")
+      else
+        @logger.error("DataCollector API request failure: error code: #{res.code}, data=>" + (documents.to_json).to_s)
+      end
+    rescue Exception => ex
+      @logger.error("Exception occured in posting to DataCollector API: '#{ex}', data=>" + (documents.to_json).to_s)
+    end
+  end # def flush
+
+  private
+  def convert_value(type, val)
+    t = type.downcase
+    case t
+    when "boolean"
+      v = val.downcase
+      return (v.to_s == 'true' ) ? true : false
+    when "double"
+      return Integer(val) rescue Float(val) rescue val
+    else
+      return val
+    end
+  end
+
+end # class LogStash::Outputs::AzureLogAnalytics

data/logstash-output-azure_loganalytics.gemspec

@@ -0,0 +1,26 @@
+Gem::Specification.new do |s|
+  s.name = 'logstash-output-azure_loganalytics'
+  s.version    =  File.read("VERSION").strip
+  s.authors = ["Yoichi Kawasaki"]
+  s.email = "yoichi.kawasaki@outlook.com"
+  s.summary = %q{logstash output plugin to store events into Azure Log Analytics}
+  s.description = s.summary
+  s.homepage = "http://github.com/yokawasa/logstash-output-azure_loganalytics"
+  s.licenses = ["Apache License (2.0)"]
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = Dir['lib/**/*','spec/**/*','vendor/**/*','*.gemspec','*.md','CONTRIBUTORS','Gemfile','LICENSE','NOTICE.TXT', 'VERSION']
+   # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" }
+
+  # Gem dependencies
+  s.add_runtime_dependency "rest-client", ">= 1.8.0"
+  s.add_runtime_dependency "azure-loganalytics-datacollector-api", ">= 0.4.0"
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency "logstash-codec-plain"
+  s.add_development_dependency "logstash-devutils"
+end

data/spec/outputs/azure_loganalytics_spec.rb

@@ -0,0 +1,72 @@
+# encoding: utf-8
+require "logstash/devutils/rspec/spec_helper"
+require "logstash/outputs/azure_loganalytics"
+require "logstash/codecs/plain"
+require "logstash/event"
+
+describe LogStash::Outputs::AzureLogAnalytics do
+
+  let(:customer_id) { '<Customer ID aka WorkspaceID String>' }
+  let(:shared_key) { '<Primary Key String>' }
+  let(:log_type) { 'ApacheAccessLog' }
+  let(:key_names) { ['logid','date','processing_time','remote','user','method','status','agent','eventtime'] }
+  let(:time_generated_field) { 'eventtime' }
+
+  let(:azure_loganalytics_config) {
+    { 
+      "customer_id" => customer_id, 
+      "shared_key" => shared_key,
+      "log_type" => log_type,
+      "key_names" => key_names,
+      "time_generated_field" => time_generated_field
+    }
+  }
+
+  let(:azure_loganalytics_output) { LogStash::Outputs::AzureLogAnalytics.new(azure_loganalytics_config) }
+
+  before do
+     azure_loganalytics_output.register
+  end 
+
+  describe "#flush" do
+    it "Should successfully send the event to Azure Log Analytics" do
+      events = []
+      log1 = {
+        :logid => "5cdad72f-c848-4df0-8aaa-ffe033e75d57",
+        :date => "2017-04-22 09:44:32 JST",
+        :processing_time => "372",
+        :remote => "101.202.74.59",
+        :user => "-",
+        :method => "GET / HTTP/1.1",
+        :status => "304",
+        :size => "-",
+        :referer => "-",
+        :agent => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:27.0) Gecko/20100101 Firefox/27.0",
+        :eventtime => "2017-04-22T01:44:32Z"
+      }
+
+      log2 = {
+        :logid => "7260iswx-8034-4cc3-uirtx-f068dd4cd659",
+        :date => "2017-04-22 09:45:14 JST",
+        :processing_time => "105",
+        :remote => "201.78.74.59",
+        :user => "-",
+        :method => "GET /manager/html HTTP/1.1",
+        :status =>"200",
+        :size => "-",
+        :referer => "-",
+        :agent => "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0",
+        :eventtime => "2017-04-22T01:45:14Z"
+      }
+
+      event1 =  LogStash::Event.new(log1) 
+      event2 =  LogStash::Event.new(log2) 
+      azure_loganalytics_output.receive(event1)
+      azure_loganalytics_output.receive(event2)
+      events.push(event1)
+      events.push(event2)
+      expect {azure_loganalytics_output.flush(events)}.to_not raise_error
+    end
+  end
+
+end

metadata

@@ -0,0 +1,131 @@
+--- !ruby/object:Gem::Specification
+name: logstash-output-azure_loganalytics
+version: !ruby/object:Gem::Version
+  version: 0.5.0
+platform: ruby
+authors:
+- Yoichi Kawasaki
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2020-07-21 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  name: rest-client
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+  name: azure-loganalytics-datacollector-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.4.0
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+  name: logstash-core-plugin-api
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.60'
+    - - "<="
+      - !ruby/object:Gem::Version
+        version: '2.99'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-codec-plain
+  prerelease: false
+  type: :runtime
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  name: logstash-devutils
+  prerelease: false
+  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+description: logstash output plugin to store events into Azure Log Analytics
+email: yoichi.kawasaki@outlook.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- CONTRIBUTORS
+- Gemfile
+- LICENSE
+- README.md
+- VERSION
+- lib/logstash/outputs/azure_loganalytics.rb
+- logstash-output-azure_loganalytics.gemspec
+- spec/outputs/azure_loganalytics_spec.rb
+homepage: http://github.com/yokawasa/logstash-output-azure_loganalytics
+licenses:
+- Apache License (2.0)
+metadata:
+  logstash_plugin: 'true'
+  logstash_group: output
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.8
+signing_key:
+specification_version: 4
+summary: logstash output plugin to store events into Azure Log Analytics
+test_files:
+- spec/outputs/azure_loganalytics_spec.rb