logstash-output-elasticsearch-test 10.3.0-x86_64-linux

data/spec/integration/outputs/index_spec.rb

@@ -0,0 +1,178 @@
+require_relative "../../../spec/es_spec_helper"
+require "logstash/outputs/elasticsearch"
+
+describe "TARGET_BULK_BYTES", :integration => true do
+  let(:target_bulk_bytes) { LogStash::Outputs::ElasticSearch::TARGET_BULK_BYTES }
+  let(:event_count) { 1000 }
+  let(:events) { event_count.times.map { event }.to_a }
+  let(:config) {
+      {
+        "hosts" => get_host_port,
+        "index" => index
+      }
+  }
+  let(:index) { 10.times.collect { rand(10).to_s }.join("") }
+  let(:type) { ESHelper.es_version_satisfies?("< 7") ? "doc" : "_doc" }
+
+  subject { LogStash::Outputs::ElasticSearch.new(config) }
+
+  before do
+    subject.register
+    allow(subject.client).to receive(:bulk_send).with(any_args).and_call_original
+    subject.multi_receive(events)
+  end
+
+  describe "batches that are too large for one" do
+    let(:event) { LogStash::Event.new("message" => "a " * (((target_bulk_bytes/2) / event_count)+1)) }
+
+    it "should send in two batches" do
+      expect(subject.client).to have_received(:bulk_send).twice do |payload|
+        expect(payload.size).to be <= target_bulk_bytes
+      end
+    end
+
+    describe "batches that fit in one" do
+      # Normally you'd want to generate a request that's just 1 byte below the limit, but it's
+      # impossible to know how many bytes an event will serialize as with bulk proto overhead
+      let(:event) { LogStash::Event.new("message" => "a") }
+
+      it "should send in one batch" do
+        expect(subject.client).to have_received(:bulk_send).once do |payload|
+          expect(payload.size).to be <= target_bulk_bytes
+        end
+      end
+    end
+  end
+end
+
+describe "indexing" do
+  let(:event) { LogStash::Event.new("message" => "Hello World!", "type" => type) }
+  let(:index) { 10.times.collect { rand(10).to_s }.join("") }
+  let(:type) { ESHelper.es_version_satisfies?("< 7") ? "doc" : "_doc" }
+  let(:event_count) { 1 + rand(2) }
+  let(:config) { "not implemented" }
+  let(:events) { event_count.times.map { event }.to_a }
+  subject { LogStash::Outputs::ElasticSearch.new(config) }
+  
+  let(:es_url) { "http://#{get_host_port}" }
+  let(:index_url) {"#{es_url}/#{index}"}
+  let(:http_client_options) { {} }
+  let(:http_client) do
+    Manticore::Client.new(http_client_options)
+  end
+
+  before do
+    subject.register
+    subject.multi_receive([])
+  end
+  
+  shared_examples "an indexer" do |secure|
+    it "ships events" do
+      subject.multi_receive(events)
+
+      http_client.post("#{es_url}/_refresh").call
+
+      response = http_client.get("#{index_url}/_count?q=*")
+      result = LogStash::Json.load(response.body)
+      cur_count = result["count"]
+      expect(cur_count).to eq(event_count)
+
+      response = http_client.get("#{index_url}/_search?q=*&size=1000")
+      result = LogStash::Json.load(response.body)
+      result["hits"]["hits"].each do |doc|
+        expect(doc["_type"]).to eq(type) if ESHelper.es_version_satisfies?(">= 6", "< 8")
+        expect(doc).not_to include("_type") if ESHelper.es_version_satisfies?(">= 8")
+        expect(doc["_index"]).to eq(index)
+      end
+    end
+    
+    it "sets the correct content-type header" do
+      expected_manticore_opts = {:headers => {"Content-Type" => "application/json"}, :body => anything}
+      if secure
+        expected_manticore_opts = {
+          :headers => {"Content-Type" => "application/json"}, 
+          :body => anything, 
+          :auth => {
+            :user => user,
+            :password => password,
+            :eager => true
+          }}
+      end
+      expect(subject.client.pool.adapter.client).to receive(:send).
+        with(anything, anything, expected_manticore_opts).at_least(:once).
+        and_call_original
+      subject.multi_receive(events)
+    end
+  end
+
+  describe "an indexer with custom index_type", :integration => true do
+    let(:config) {
+      {
+        "hosts" => get_host_port,
+        "index" => index
+      }
+    }
+    it_behaves_like("an indexer")
+  end
+
+  describe "an indexer with no type value set (default to doc)", :integration => true do
+    let(:type) { ESHelper.es_version_satisfies?("< 7") ? "doc" : "_doc" }
+    let(:config) {
+      {
+        "hosts" => get_host_port,
+        "index" => index
+      }
+    }
+    it_behaves_like("an indexer")
+  end
+
+  describe "a secured indexer", :secure_integration => true do
+    let(:user) { "simpleuser" }
+    let(:password) { "abc123" }
+    let(:cacert) { "spec/fixtures/test_certs/test.crt" }
+    let(:es_url) {"https://elasticsearch:9200"}
+    let(:config) do
+      {
+        "hosts" => ["elasticsearch:9200"],
+        "user" => user,
+        "password" => password,
+        "ssl" => true,
+        "cacert" => "spec/fixtures/test_certs/test.crt",
+        "index" => index
+      }
+    end
+    let(:http_client_options) do
+      {
+        :auth => {
+          :user => user,
+          :password => password
+        }, 
+        :ssl => {
+          :enabled => true,
+          :ca_file => cacert
+        }
+      }
+    end
+    it_behaves_like("an indexer", true)
+    
+    describe "with a password requiring escaping" do
+      let(:user) { "f@ncyuser" }
+      let(:password) { "ab%12#" }
+      
+      include_examples("an indexer", true)
+    end
+    
+    describe "with a user/password requiring escaping in the URL" do
+      let(:config) do
+        {
+          "hosts" => ["https://#{CGI.escape(user)}:#{CGI.escape(password)}@elasticsearch:9200"],
+          "ssl" => true,
+          "cacert" => "spec/fixtures/test_certs/test.crt",
+          "index" => index
+        }
+      end
+      
+      include_examples("an indexer", true)
+    end
+  end
+end

data/spec/integration/outputs/index_version_spec.rb

@@ -0,0 +1,102 @@
+require_relative "../../../spec/es_spec_helper"
+require "logstash/outputs/elasticsearch"
+
+if ESHelper.es_version_satisfies?(">= 2")
+  describe "Versioned indexing", :integration => true do
+    require "logstash/outputs/elasticsearch"
+
+    let(:es) { get_client }
+
+    before :each do
+      # Delete all templates first.
+      # Clean ES of data before we start.
+      es.indices.delete_template(:name => "*")
+      # This can fail if there are no indexes, ignore failure.
+      es.indices.delete(:index => "*") rescue nil
+      es.indices.refresh
+    end
+
+    context "when index only" do
+      subject { LogStash::Outputs::ElasticSearch.new(settings) }
+
+      before do
+        subject.register
+      end
+
+      describe "unversioned output" do
+        let(:settings) do
+          {
+            "manage_template" => true,
+            "index" => "logstash-index",
+            "template_overwrite" => true,
+            "hosts" => get_host_port(),
+            "action" => "index",
+            "script_lang" => "groovy",
+            "document_id" => "%{my_id}"
+          }
+        end
+
+        it "should default to ES version" do
+          subject.multi_receive([LogStash::Event.new("my_id" => "123", "message" => "foo")])
+          r = es.get(:index => 'logstash-index', :type => doc_type, :id => "123", :refresh => true)
+          expect(r["_version"]).to eq(1)
+          expect(r["_source"]["message"]).to eq('foo')
+          subject.multi_receive([LogStash::Event.new("my_id" => "123", "message" => "foobar")])
+          r2 = es.get(:index => 'logstash-index', :type => doc_type, :id => "123", :refresh => true)
+          expect(r2["_version"]).to eq(2)
+          expect(r2["_source"]["message"]).to eq('foobar')
+        end  
+      end
+
+      describe "versioned output" do
+        let(:settings) do 
+          {
+            "manage_template" => true,
+            "index" => "logstash-index",
+            "template_overwrite" => true,
+            "hosts" => get_host_port(),
+            "action" => "index",
+            "script_lang" => "groovy",
+            "document_id" => "%{my_id}",
+            "version" => "%{my_version}",
+            "version_type" => "external",
+          }
+        end
+
+        it "should respect the external version" do
+          id = "ev1"
+          subject.multi_receive([LogStash::Event.new("my_id" => id, "my_version" => "99", "message" => "foo")])
+          r = es.get(:index => 'logstash-index', :type => doc_type, :id => id, :refresh => true)
+          expect(r["_version"]).to eq(99)
+          expect(r["_source"]["message"]).to eq('foo')
+        end
+
+        it "should ignore non-monotonic external version updates" do
+          id = "ev2"
+          subject.multi_receive([LogStash::Event.new("my_id" => id, "my_version" => "99", "message" => "foo")])
+          r = es.get(:index => 'logstash-index', :type => doc_type, :id => id, :refresh => true)
+          expect(r["_version"]).to eq(99)
+          expect(r["_source"]["message"]).to eq('foo')
+
+          subject.multi_receive([LogStash::Event.new("my_id" => id, "my_version" => "98", "message" => "foo")])
+          r2 = es.get(:index => 'logstash-index', :type => doc_type, :id => id, :refresh => true)
+          expect(r2["_version"]).to eq(99)
+          expect(r2["_source"]["message"]).to eq('foo')
+        end
+
+        it "should commit monotonic external version updates" do
+          id = "ev3"
+          subject.multi_receive([LogStash::Event.new("my_id" => id, "my_version" => "99", "message" => "foo")])
+          r = es.get(:index => 'logstash-index', :type => doc_type, :id => id, :refresh => true)
+          expect(r["_version"]).to eq(99)
+          expect(r["_source"]["message"]).to eq('foo')
+
+          subject.multi_receive([LogStash::Event.new("my_id" => id, "my_version" => "100", "message" => "foo")])
+          r2 = es.get(:index => 'logstash-index', :type => doc_type, :id => id, :refresh => true)
+          expect(r2["_version"]).to eq(100)
+          expect(r2["_source"]["message"]).to eq('foo')
+        end
+      end
+    end
+  end
+end

data/spec/integration/outputs/ingest_pipeline_spec.rb

@@ -0,0 +1,74 @@
+require_relative "../../../spec/es_spec_helper"
+
+if ESHelper.es_version_satisfies?(">= 5")
+  describe "Ingest pipeline execution behavior", :integration => true do
+    subject! do
+      require "logstash/outputs/elasticsearch"
+      settings = {
+        "hosts" => "#{get_host_port()}",
+        "pipeline" => "apache-logs"
+      }
+      next LogStash::Outputs::ElasticSearch.new(settings)
+    end
+
+    let(:http_client) { Manticore::Client.new }
+    let(:ingest_url) { "http://#{get_host_port()}/_ingest/pipeline/apache-logs" }
+    let(:apache_logs_pipeline) { '
+    {
+      "description" : "Pipeline to parse Apache logs",
+      "processors" : [
+        {
+          "grok": {
+            "field": "message",
+            "patterns": ["%{COMBINEDAPACHELOG}"]
+          }
+        }
+      ]
+    }'
+    }
+
+    before :each do
+      # Delete all templates first.
+      require "elasticsearch"
+
+      # Clean ES of data before we start.
+      @es = get_client
+      @es.indices.delete_template(:name => "*")
+
+      # This can fail if there are no indexes, ignore failure.
+      @es.indices.delete(:index => "*") rescue nil
+
+      # delete existing ingest pipeline
+      http_client.delete(ingest_url).call
+
+      # register pipeline
+      http_client.put(ingest_url, :body => apache_logs_pipeline, :headers => {"Content-Type" => "application/json" }).call
+
+      #TODO: Use esclient
+      #@es.ingest.put_pipeline :id => 'apache_pipeline', :body => pipeline_defintion
+
+      subject.register
+      subject.multi_receive([LogStash::Event.new("message" => '183.60.215.50 - - [01/Jun/2015:18:00:00 +0000] "GET /scripts/netcat-webserver HTTP/1.1" 200 182 "-" "Mozilla/5.0 (compatible; EasouSpider; +http://www.easou.com/search/spider.html)"')])
+      @es.indices.refresh
+
+      #Wait or fail until everything's indexed.
+      Stud::try(20.times) do
+        r = @es.search
+        expect(r).to have_hits(1)
+      end
+    end
+
+    it "indexes using the proper pipeline" do
+      results = @es.search(:index => 'logstash-*', :q => "message:\"netcat\"")
+      expect(results).to have_hits(1)
+      expect(results["hits"]["hits"][0]["_source"]["response"]).to eq("200")
+      expect(results["hits"]["hits"][0]["_source"]["bytes"]).to eq("182")
+      expect(results["hits"]["hits"][0]["_source"]["verb"]).to eq("GET")
+      expect(results["hits"]["hits"][0]["_source"]["request"]).to eq("/scripts/netcat-webserver")
+      expect(results["hits"]["hits"][0]["_source"]["auth"]).to eq("-")
+      expect(results["hits"]["hits"][0]["_source"]["ident"]).to eq("-")
+      expect(results["hits"]["hits"][0]["_source"]["clientip"]).to eq("183.60.215.50")
+      expect(results["hits"]["hits"][0]["_source"]["junkfieldaaaa"]).to eq(nil)
+    end
+  end
+end

data/spec/integration/outputs/metrics_spec.rb

@@ -0,0 +1,70 @@
+require_relative "../../../spec/es_spec_helper"
+
+describe "metrics", :integration => true do
+  subject! do
+    require "logstash/outputs/elasticsearch"
+    settings = {
+      "manage_template" => false,
+      "hosts" => "#{get_host_port()}"
+    }
+    plugin = LogStash::Outputs::ElasticSearch.new(settings)
+  end
+
+  let(:metric) { subject.metric }
+  let(:bulk_request_metrics) { subject.instance_variable_get(:@bulk_request_metrics) }
+  let(:document_level_metrics) { subject.instance_variable_get(:@document_level_metrics) }
+
+  before :each do
+    require "elasticsearch"
+
+    # Clean ES of data before we start.
+    @es = get_client
+    @es.indices.delete_template(:name => "*")
+
+    # This can fail if there are no indexes, ignore failure.
+    @es.indices.delete(:index => "*") rescue nil
+    #@es.indices.refresh
+    subject.register
+  end
+
+  context "after a succesful bulk insert" do
+    let(:bulk) { [
+      LogStash::Event.new("message" => "sample message here"),
+      LogStash::Event.new("somemessage" => { "message" => "sample nested message here" }),
+      LogStash::Event.new("somevalue" => 100),
+      LogStash::Event.new("somevalue" => 10),
+      LogStash::Event.new("somevalue" => 1),
+      LogStash::Event.new("country" => "us"),
+      LogStash::Event.new("country" => "at"),
+      LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0 ] })
+    ]}
+
+    it "increases successful bulk request metric" do
+      expect(bulk_request_metrics).to receive(:increment).with(:successes).once
+      subject.multi_receive(bulk)
+    end
+
+    it "increases number of successful inserted documents" do
+      expect(document_level_metrics).to receive(:increment).with(:successes, bulk.size).once
+      subject.multi_receive(bulk)
+    end
+  end
+
+  context "after a bulk insert that generates errors" do
+    let(:bulk) { [
+      LogStash::Event.new("message" => "sample message here"),
+      LogStash::Event.new("message" => { "message" => "sample nested message here" }),
+    ]}
+    it "increases bulk request with error metric" do
+      expect(bulk_request_metrics).to receive(:increment).with(:with_errors).once
+      expect(bulk_request_metrics).to_not receive(:increment).with(:successes)
+      subject.multi_receive(bulk)
+    end
+
+    it "increases number of successful and non retryable documents" do
+      expect(document_level_metrics).to receive(:increment).with(:non_retryable_failures).once
+      expect(document_level_metrics).to receive(:increment).with(:successes).once
+      subject.multi_receive(bulk)
+    end
+  end
+end

data/spec/integration/outputs/no_es_on_startup_spec.rb

@@ -0,0 +1,58 @@
+require "logstash/outputs/elasticsearch"
+require_relative "../../../spec/es_spec_helper"
+
+describe "elasticsearch is down on startup", :integration => true do
+  let(:event1) { LogStash::Event.new("somevalue" => 100, "@timestamp" => "2014-11-17T20:37:17.223Z", "@metadata" => {"retry_count" => 0}) }
+  let(:event2) { LogStash::Event.new("message" => "a") }
+
+  subject {
+    LogStash::Outputs::ElasticSearch.new({
+                                           "manage_template" => true,
+                                           "index" => "logstash-2014.11.17",
+                                           "template_overwrite" => true,
+                                           "hosts" => get_host_port(),
+                                           "retry_max_interval" => 64,
+                                           "retry_initial_interval" => 2
+                                       })
+  }
+
+  before :each do
+    # Delete all templates first.
+    require "elasticsearch"
+    allow(Stud).to receive(:stoppable_sleep)
+
+    # Clean ES of data before we start.
+    @es = get_client
+    @es.indices.delete_template(:name => "*")
+    @es.indices.delete(:index => "*")
+    @es.indices.refresh
+  end
+
+  after :each do
+    subject.close
+  end
+
+  it 'should ingest events when Elasticsearch recovers before documents are sent' do
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    subject.register
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_return(ESHelper.es_version)
+    subject.multi_receive([event1, event2])
+    @es.indices.refresh
+    r = @es.search
+    expect(r).to have_hits(2)
+  end
+
+  it 'should ingest events when Elasticsearch recovers after documents are sent' do
+    allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_raise(::LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError.new(StandardError.new, "big fail"))
+    subject.register
+    Thread.new do
+      sleep 4
+      allow_any_instance_of(LogStash::Outputs::ElasticSearch::HttpClient::Pool).to receive(:get_es_version).and_return(ESHelper.es_version)
+    end
+    subject.multi_receive([event1, event2])
+    @es.indices.refresh
+    r = @es.search
+    expect(r).to have_hits(2)
+  end
+
+end

data/spec/integration/outputs/painless_update_spec.rb

@@ -0,0 +1,189 @@
+require_relative "../../../spec/es_spec_helper"
+
+if ESHelper.es_version_satisfies?(">= 5")
+  describe "Update actions using painless scripts", :integration => true, :update_tests => 'painless' do
+    require "logstash/outputs/elasticsearch"
+
+    def get_es_output( options={} )
+      settings = {
+        "manage_template" => true,
+        "index" => "logstash-update",
+        "template_overwrite" => true,
+        "hosts" => get_host_port(),
+        "action" => "update"
+      }
+      if ESHelper.es_version_satisfies?('<6')
+        settings.merge!({"script_lang" => "painless"})
+      end
+      LogStash::Outputs::ElasticSearch.new(settings.merge!(options))
+    end
+
+    before :each do
+      @es = get_client
+      # Delete all templates first.
+      # Clean ES of data before we start.
+      @es.indices.delete_template(:name => "*")
+      # This can fail if there are no indexes, ignore failure.
+      @es.indices.delete(:index => "*") rescue nil
+      @es.index(
+        :index => 'logstash-update',
+        :type => doc_type,
+        :id => "123",
+        :body => { :message => 'Test', :counter => 1 }
+      )
+      @es.indices.refresh
+    end
+
+    context "scripted updates" do
+      if ESHelper.es_version_satisfies?('<6')
+        context 'with file based scripts' do
+          it "should increment a counter with event/doc 'count' variable" do
+            subject = get_es_output({ 'document_id' => "123", 'script' => 'scripted_update', 'script_type' => 'file' })
+            subject.register
+            subject.multi_receive([LogStash::Event.new("count" => 2)])
+            r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+            expect(r["_source"]["counter"]).to eq(3)
+          end
+
+          it "should increment a counter with event/doc '[data][count]' nested variable" do
+            subject = get_es_output({ 'document_id' => "123", 'script' => 'scripted_update_nested', 'script_type' => 'file' })
+            subject.register
+            subject.multi_receive([LogStash::Event.new("data" => { "count" => 3 })])
+            r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+            expect(r["_source"]["counter"]).to eq(4)
+          end
+        end
+      end
+
+      it "should increment a counter with event/doc 'count' variable with inline script" do
+        subject = get_es_output({
+          'document_id' => "123",
+          'script' => 'ctx._source.counter += params.event.counter',
+          'script_type' => 'inline'
+        })
+        subject.register
+        subject.multi_receive([LogStash::Event.new("counter" => 3 )])
+        r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+        expect(r["_source"]["counter"]).to eq(4)
+      end
+
+      it "should increment a counter with event/doc 'count' variable with event/doc as upsert and inline script" do
+        subject = get_es_output({
+          'document_id' => "123",
+          'doc_as_upsert' => true,
+          'script' => 'if( ctx._source.containsKey("counter") ){ ctx._source.counter += params.event.counter; } else { ctx._source.counter = params.event.counter; }',
+          'script_type' => 'inline'
+        })
+        subject.register
+        subject.multi_receive([LogStash::Event.new("counter" => 3 )])
+        r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+        expect(r["_source"]["counter"]).to eq(4)
+      end
+
+      it "should, with new doc, set a counter with event/doc 'count' variable with event/doc as upsert and inline script" do
+        subject = get_es_output({
+          'document_id' => "456",
+          'doc_as_upsert' => true,
+          'script' => 'if( ctx._source.containsKey("counter") ){ ctx._source.counter += params.event.counter; } else { ctx._source.counter = params.event.counter; }',
+          'script_type' => 'inline'
+        })
+        subject.register
+        subject.multi_receive([LogStash::Event.new("counter" => 3 )])
+        r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+        expect(r["_source"]["counter"]).to eq(3)
+      end
+
+      context 'with an indexed script' do
+        it "should increment a counter with event/doc 'count' variable with indexed script" do
+          if ESHelper.es_version_satisfies?('<6')
+            @es.perform_request(:put, "_scripts/painless/indexed_update", {}, {"script" => "ctx._source.counter += params.event.count" })
+          else
+            @es.perform_request(:put, "_scripts/indexed_update", {}, {"script" => {"source" => "ctx._source.counter += params.event.count", "lang" => "painless"}})
+          end
+
+          plugin_parameters = {
+            'document_id' => "123",
+            'script' => 'indexed_update',
+            'script_type' => 'indexed'
+          }
+
+          if ESHelper.es_version_satisfies?('>= 6.0.0')
+            plugin_parameters.merge!('script_lang' => '')
+          end
+
+          subject = get_es_output(plugin_parameters)
+          subject.register
+          subject.multi_receive([LogStash::Event.new("count" => 4 )])
+          r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "123", :refresh => true)
+          expect(r["_source"]["counter"]).to eq(5)
+        end
+      end
+     end
+
+    context "when update with upsert" do
+      it "should create new documents with provided upsert" do
+        subject = get_es_output({ 'document_id' => "456", 'upsert' => '{"message": "upsert message"}' })
+        subject.register
+        subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+        r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+        expect(r["_source"]["message"]).to eq('upsert message')
+      end
+
+      it "should create new documents with event/doc as upsert" do
+        subject = get_es_output({ 'document_id' => "456", 'doc_as_upsert' => true })
+        subject.register
+        subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+        r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+        expect(r["_source"]["message"]).to eq('sample message here')
+      end
+
+      it "should fail on documents with event/doc as upsert at external version" do
+        subject = get_es_output({ 'document_id' => "456", 'doc_as_upsert' => true, 'version' => 999, "version_type" => "external" })
+        expect { subject.register }.to raise_error(LogStash::ConfigurationError)
+      end
+    end
+
+    context "updates with scripted upsert" do
+      if ESHelper.es_version_satisfies?('<6')
+        context 'with file based scripts' do
+          it "should create new documents with upsert content" do
+            subject = get_es_output({ 'document_id' => "456", 'script' => 'scripted_update', 'upsert' => '{"message": "upsert message"}', 'script_type' => 'file' })
+            subject.register
+            subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+            r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+            expect(r["_source"]["message"]).to eq('upsert message')
+          end
+
+          it "should create new documents with event/doc as script params" do
+            subject = get_es_output({ 'document_id' => "456", 'script' => 'scripted_upsert', 'scripted_upsert' => true, 'script_type' => 'file' })
+            subject.register
+            subject.multi_receive([LogStash::Event.new("counter" => 1)])
+            @es.indices.refresh
+            r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+            expect(r["_source"]["counter"]).to eq(1)
+          end
+        end
+      end
+
+      context 'with an inline script' do
+        it "should create new documents with upsert content" do
+          subject = get_es_output({ 'document_id' => "456", 'script' => 'ctx._source.counter = params.event.counter', 'upsert' => '{"message": "upsert message"}', 'script_type' => 'inline' })
+          subject.register
+
+          subject.multi_receive([LogStash::Event.new("message" => "sample message here")])
+          r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+          expect(r["_source"]["message"]).to eq('upsert message')
+        end
+
+        it "should create new documents with event/doc as script params" do
+          subject = get_es_output({ 'document_id' => "456", 'script' => 'ctx._source.counter = params.event.counter', 'scripted_upsert' => true, 'script_type' => 'inline' })
+          subject.register
+          subject.multi_receive([LogStash::Event.new("counter" => 1)])
+          @es.indices.refresh
+          r = @es.get(:index => 'logstash-update', :type => doc_type, :id => "456", :refresh => true)
+          expect(r["_source"]["counter"]).to eq(1)
+        end
+      end
+    end
+  end
+end