logstash-output-azure_loganalytics 0.1.1 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 02e5ae3328633df5fa90c465e1428ebced7259a8
-  data.tar.gz: d8f9e6f639f937f3962d4322a7fb89a524481b9f
+  metadata.gz: 8b81ab703becb224bdf5e6df243ba1153b21fdbb
+  data.tar.gz: ce472b857248a21ce8409448107c431a1fdcdc0a
 SHA512:
-  metadata.gz: f49bb7412032cc947be3aafdc0e8584d1ffb8363bd5a8fd9a373582618634a74406f3975bb2966c9da98a0474d6109ebc31fb7e3b6a99bf31d86ad3c4f33ce9c
-  data.tar.gz: 8067c308bd0b06be49fd5c8e0793eca8fe63c0a71dd21f1ccc7c9614f27c61b01fbc76587449f6998042d103cee768b9baf89a365fc2d9ae6a4f8009215296d9
+  metadata.gz: e4e2e958a0e3773c6e1d6254e4316b8c6192553d5c8d903953a797cfe02e64f4c4838c842e4c85fd49dd63b2c6fcc2c26ad3dca0e904a7a4c0c46c90f753969c
+  data.tar.gz: 0662396162a5a7caffac5f0bcfae949cd2d775158ea77a55450c6a09baa2c02ccc1865781f9f14353ac9dadcf768790a8d1023ba258482f95a0b6097634fb47f

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## 0.2.0
+
+* Support for time-generated-field in output configuration [Issue#4](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/4) (Thanks to [@KiZach](https://github.com/KiZach))
+
 ## 0.1.1
 
 * Fixed up [Issue#2](https://github.com/yokawasa/logstash-output-azure_loganalytics/issues/2) (Thanks to [@gmousset](https://github.com/gmousset))

data/README.md

@@ -29,6 +29,7 @@ output {
  * **customer\_id (required)** - Your Operations Management Suite workspace ID
  * **shared\_key (required)** - The primary or the secondary Connected Sources client authentication key.
  * **log\_type (required)** - The name of the event type that is being submitted to Log Analytics. This must be only alpha characters. 
+ * **time\_generated\_field (optional)** - Default:''(empty string) The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ). See also [this](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-data-collector-api#create-a-request) for more details
  * **key\_names (optional)** - Default:[] (empty array). list of Key names in in-coming record to deliver.
  * **flush_items (optional)** - Default 50. Max number of items to buffer before flushing (1 - 1000).
  * **flush_interval_time (optional)** - Default 5. Max number of seconds to wait between flushes.

data/VERSION

@@ -1 +1 @@
-0.1.1
+0.2.0

data/lib/logstash/outputs/azure_loganalytics.rb

@@ -17,6 +17,9 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   # The name of the event type that is being submitted to Log Analytics. This must be only alpha characters.
   config :log_type, :validate => :string, :required => true
 
+  # The name of the time generated field. Be carefule that the value of field should strictly follow the ISO 8601 format (YYYY-MM-DDThh:mm:ssZ)
+  config :time_generated_field, :validate => :string, :default => ''
+
   # list of Key names in in-coming record to deliver.
   config :key_names, :validate => :array, :default => []
   
@@ -81,7 +84,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
     end
 
     begin
-      res = @client.post_data(@log_type, documents)
+      res = @client.post_data(@log_type, documents, @time_generated_field)
       if not Azure::Loganalytics::Datacollectorapi::Client.is_success(res)
         $logger.error("DataCollector API request failure: error code: #{res.code}, data=>" + (documents.to_json).to_s)
       end

data/spec/outputs/azure_loganalytics_spec.rb

@@ -9,14 +9,16 @@ describe LogStash::Outputs::AzureLogAnalytics do
   let(:customer_id) { '<Customer ID aka WorkspaceID String>' }
   let(:shared_key) { '<Primary Key String>' }
   let(:log_type) { 'ApacheAccessLog' }
-  let(:key_names) { ['logid','date','processing_time','remote','user','method','status','agent'] }
+  let(:key_names) { ['logid','date','processing_time','remote','user','method','status','agent','eventtime'] }
+  let(:time_generated_field) { 'eventtime' }
 
   let(:azure_loganalytics_config) {
     { 
       "customer_id" => customer_id, 
       "shared_key" => shared_key,
       "log_type" => log_type,
-      "key_names" => key_names
+      "key_names" => key_names,
+      "time_generated_field" => time_generated_field
     }
   }
 
@@ -31,7 +33,7 @@ describe LogStash::Outputs::AzureLogAnalytics do
       events = []
       log1 = {
         :logid => "5cdad72f-c848-4df0-8aaa-ffe033e75d57",
-        :date => "2016-12-10 09:44:32 JST",
+        :date => "2017-04-22 09:44:32 JST",
         :processing_time => "372",
         :remote => "101.202.74.59",
         :user => "-",
@@ -39,12 +41,13 @@ describe LogStash::Outputs::AzureLogAnalytics do
         :status => "304",
         :size => "-",
         :referer => "-",
-        :agent => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:27.0) Gecko/20100101 Firefox/27.0"
+        :agent => "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:27.0) Gecko/20100101 Firefox/27.0",
+        :eventtime => "2017-04-22T01:44:32Z"
       }
 
       log2 = {
         :logid => "7260iswx-8034-4cc3-uirtx-f068dd4cd659",
-        :date => "2016-12-10 09:45:14 JST",
+        :date => "2017-04-22 09:45:14 JST",
         :processing_time => "105",
         :remote => "201.78.74.59",
         :user => "-",
@@ -52,7 +55,8 @@ describe LogStash::Outputs::AzureLogAnalytics do
         :status =>"200",
         :size => "-",
         :referer => "-",
-        :agent => "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
+        :agent => "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0",
+        :eventtime => "2017-04-22T01:45:14Z"
       }
 
       event1 =  LogStash::Event.new(log1) 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-azure_loganalytics
 version: !ruby/object:Gem::Version
-  version: 0.1.1
+  version: 0.2.0
 platform: ruby
 authors:
 - Yoichi Kawasaki
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2017-04-09 00:00:00.000000000 Z
+date: 2017-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement