logstash-output-elasticsearch 0.1.8-java

data/lib/logstash/outputs/elasticsearch/elasticsearch-template.json

@@ -0,0 +1,42 @@
+{
+  "template" : "logstash-*",
+  "settings" : {
+    "index.refresh_interval" : "5s"
+  },
+  "mappings" : {
+    "_default_" : {
+       "_all" : {"enabled" : true},
+       "dynamic_templates" : [ {
+         "message_field" : {
+           "match" : "message",
+           "match_mapping_type" : "string",
+           "mapping" : {
+             "type" : "string", "index" : "analyzed", "omit_norms" : true
+           }
+         }
+       }, {
+         "string_fields" : {
+           "match" : "*",
+           "match_mapping_type" : "string",
+           "mapping" : {
+             "type" : "string", "index" : "analyzed", "omit_norms" : true,
+               "fields" : {
+                 "raw" : {"type": "string", "index" : "not_analyzed", "ignore_above" : 256}
+               }
+           }
+         }
+       } ],
+       "properties" : {
+         "@version": { "type": "string", "index": "not_analyzed" },
+         "geoip"  : {
+           "type" : "object",
+             "dynamic": true,
+             "path": "full",
+             "properties" : {
+               "location" : { "type" : "geo_point" }
+             }
+         }
+       }
+    }
+  }
+}

data/lib/logstash/outputs/elasticsearch/protocol.rb

@@ -0,0 +1,253 @@
+require "logstash/outputs/elasticsearch"
+require "cabin"
+
+module LogStash::Outputs::Elasticsearch
+  module Protocols
+    class Base
+      private
+      def initialize(options={})
+        # host(s), port, cluster
+        @logger = Cabin::Channel.get
+      end
+
+      def client
+        return @client if @client
+        @client = build_client(@options)
+        return @client
+      end # def client
+
+
+      def template_install(name, template, force=false)
+        if template_exists?(name) && !force
+          @logger.debug("Found existing Elasticsearch template. Skipping template management", :name => name)
+          return
+        end
+        template_put(name, template)
+      end
+
+      # Do a bulk request with the given actions.
+      #
+      # 'actions' is expected to be an array of bulk requests as string json
+      # values.
+      #
+      # Each 'action' becomes a single line in the bulk api call. For more
+      # details on the format of each.
+      def bulk(actions)
+        raise NotImplemented, "You must implement this yourself"
+        # bulk([
+        # '{ "index" : { "_index" : "test", "_type" : "type1", "_id" : "1" } }',
+        # '{ "field1" : "value1" }'
+        #])
+      end
+
+      public(:initialize, :template_install)
+    end
+
+    class HTTPClient < Base
+      private
+
+      DEFAULT_OPTIONS = {
+        :port => 9200
+      }
+
+      def initialize(options={})
+        super
+        require "elasticsearch" # gem 'elasticsearch-ruby'
+        # manticore http transport
+        require "elasticsearch/transport/transport/http/manticore"
+        @options = DEFAULT_OPTIONS.merge(options)
+        @client = client
+      end
+
+      def build_client(options)
+        uri = "#{options[:protocol]}://#{options[:host]}:#{options[:port]}"
+
+        client_options = {
+          :host => [uri],
+          :transport_options => options[:client_settings]
+        }
+        client_options[:transport_class] = ::Elasticsearch::Transport::Transport::HTTP::Manticore
+        client_options[:ssl] = client_options[:transport_options].delete(:ssl)
+
+        if options[:user] && options[:password] then
+          token = Base64.strict_encode64(options[:user] + ":" + options[:password])
+          client_options[:headers] = { "Authorization" => "Basic #{token}" }
+        end
+
+        Elasticsearch::Client.new client_options
+      end
+
+      def bulk(actions)
+        @client.bulk(:body => actions.collect do |action, args, source|
+          if source
+            next [ { action => args }, source ]
+          else
+            next { action => args }
+          end
+        end.flatten)
+      end # def bulk
+
+      def template_exists?(name)
+        @client.indices.get_template(:name => name)
+        return true
+      rescue Elasticsearch::Transport::Transport::Errors::NotFound
+        return false
+      end # def template_exists?
+
+      def template_put(name, template)
+        @client.indices.put_template(:name => name, :body => template)
+      end # template_put
+
+      public(:bulk)
+    end # class HTTPClient
+
+    class NodeClient < Base
+      private
+
+      DEFAULT_OPTIONS = {
+        :port => 9300,
+      }
+
+      def initialize(options={})
+        super
+        require "java"
+        @options = DEFAULT_OPTIONS.merge(options)
+        setup(@options)
+        @client = client
+      end # def initialize
+
+      def settings
+        return @settings
+      end
+
+      def setup(options={})
+        @settings = org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder
+        if options[:host]
+          @settings.put("discovery.zen.ping.multicast.enabled", false)
+          @settings.put("discovery.zen.ping.unicast.hosts", hosts(options))
+        end
+
+        @settings.put("node.client", true)
+        @settings.put("http.enabled", false)
+
+        if options[:client_settings]
+          options[:client_settings].each do |key, value|
+            @settings.put(key, value)
+          end
+        end
+
+        return @settings
+      end
+
+      def hosts(options)
+        # http://www.elasticsearch.org/guide/reference/modules/discovery/zen/
+        result = Array.new
+        if options[:host].class == Array
+          options[:host].each do |host|
+            if host.to_s =~ /^.+:.+$/
+              # For host in format: host:port, ignore options[:port]
+              result << host
+            else
+              if options[:port].to_s =~ /^\d+-\d+$/
+                # port ranges are 'host[port1-port2]'
+                result << Range.new(*options[:port].split("-")).collect { |p| "#{host}:#{p}" }
+              else
+                result << "#{host}:#{options[:port]}"
+              end
+            end
+          end
+        else
+          if options[:host].to_s =~ /^.+:.+$/
+            # For host in format: host:port, ignore options[:port]
+            result << options[:host]
+          else
+            if options[:port].to_s =~ /^\d+-\d+$/
+              # port ranges are 'host[port1-port2]' according to
+              # http://www.elasticsearch.org/guide/reference/modules/discovery/zen/
+              # However, it seems to only query the first port.
+              # So generate our own list of unicast hosts to scan.
+              range = Range.new(*options[:port].split("-"))
+              result << range.collect { |p| "#{options[:host]}:#{p}" }
+            else
+              result << "#{options[:host]}:#{options[:port]}"
+            end
+          end
+        end
+        result.flatten.join(",")
+      end # def hosts
+
+      def build_client(options)
+        nodebuilder = org.elasticsearch.node.NodeBuilder.nodeBuilder
+        return nodebuilder.settings(@settings).node.client
+      end # def build_client
+
+      def bulk(actions)
+        # Actions an array of [ action, action_metadata, source ]
+        prep = @client.prepareBulk
+        actions.each do |action, args, source|
+          prep.add(build_request(action, args, source))
+        end
+        response = prep.execute.actionGet()
+
+        # TODO(sissel): What format should the response be in?
+      end # def bulk
+
+      def build_request(action, args, source)
+        case action
+          when "index"
+            request = org.elasticsearch.action.index.IndexRequest.new(args[:_index])
+            request.id(args[:_id]) if args[:_id]
+            request.source(source)
+          when "delete"
+            request = org.elasticsearch.action.delete.DeleteRequest.new(args[:_index])
+            request.id(args[:_id])
+          #when "update"
+          #when "create"
+        end # case action
+
+        request.type(args[:_type]) if args[:_type]
+        return request
+      end # def build_request
+
+      def template_exists?(name)
+        request = org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesRequestBuilder.new(@client.admin.indices, name)
+        response = request.get
+        return !response.getIndexTemplates.isEmpty
+      end # def template_exists?
+
+      def template_put(name, template)
+        request = org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequestBuilder.new(@client.admin.indices, name)
+        request.setSource(LogStash::Json.dump(template))
+
+        # execute the request and get the response, if it fails, we'll get an exception.
+        request.get
+      end # template_put
+
+      public(:initialize, :bulk)
+    end # class NodeClient
+
+    class TransportClient < NodeClient
+      private
+      def build_client(options)
+        client = org.elasticsearch.client.transport.TransportClient.new(settings.build)
+
+        if options[:host]
+          client.addTransportAddress(
+            org.elasticsearch.common.transport.InetSocketTransportAddress.new(
+              options[:host], options[:port].to_i
+            )
+          )
+        end
+
+        return client
+      end # def build_client
+    end # class TransportClient
+  end # module Protocols
+
+  module Requests
+    class GetIndexTemplates; end
+    class Bulk; end
+    class Index; end
+    class Delete; end
+  end
+end

data/logstash-output-elasticsearch.gemspec

@@ -0,0 +1,42 @@
+Gem::Specification.new do |s|
+
+  s.name            = 'logstash-output-elasticsearch'
+  s.version         = '0.1.8'
+  s.licenses        = ['Apache License (2.0)']
+  s.summary         = "Logstash Output to Elasticsearch"
+  s.description     = "Output events to elasticsearch"
+  s.authors         = ["Elasticsearch"]
+  s.email           = 'info@elasticsearch.com'
+  s.homepage        = "http://logstash.net/"
+  s.require_paths = ["lib"]
+
+  # Files
+  s.files = `git ls-files`.split($\)
+
+  # Tests
+  s.test_files = s.files.grep(%r{^(test|spec|features)/})
+
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { "logstash_plugin" => "true", "logstash_group" => "output" }
+
+  # Jar dependencies
+  s.requirements << "jar 'org.elasticsearch:elasticsearch', '1.4.0'"
+
+  # Gem dependencies
+  s.add_runtime_dependency 'elasticsearch', ['>= 1.0.6', '~> 1.0']
+  s.add_runtime_dependency 'stud', ['>= 0.0.17', '~> 0.0']
+  s.add_runtime_dependency 'cabin', ['~> 0.6']
+  s.add_runtime_dependency 'logstash', '>= 1.4.0', '< 2.0.0'
+  s.add_runtime_dependency 'jar-dependencies'
+
+  s.add_development_dependency 'ftw', ['>= 0.0.40', '~> 0']
+  s.add_development_dependency 'logstash-input-generator'
+
+
+  if RUBY_PLATFORM == 'java'
+    s.platform = RUBY_PLATFORM
+    s.add_runtime_dependency "manticore", '~> 0.3'
+  end
+
+  s.add_development_dependency 'logstash-devutils'
+end

data/spec/outputs/elasticsearch_spec.rb

@@ -0,0 +1,517 @@
+require "logstash/devutils/rspec/spec_helper"
+require "ftw"
+require "logstash/plugin"
+require "logstash/json"
+
+describe "outputs/elasticsearch" do
+
+  it "should register" do
+    output = LogStash::Plugin.lookup("output", "elasticsearch").new("embedded" => "false", "protocol" => "transport", "manage_template" => "false")
+
+    # register will try to load jars and raise if it cannot find jars
+    expect {output.register}.to_not raise_error
+  end
+
+  describe "ship lots of events w/ default index_type", :elasticsearch => true do
+    # Generate a random index name
+    index = 10.times.collect { rand(10).to_s }.join("")
+    type = 10.times.collect { rand(10).to_s }.join("")
+
+    # Write about 10000 events. Add jitter to increase likeliness of finding
+    # boundary-related bugs.
+    event_count = 10000 + rand(500)
+    flush_size = rand(200) + 1
+
+    config <<-CONFIG
+      input {
+        generator {
+          message => "hello world"
+          count => #{event_count}
+          type => "#{type}"
+        }
+      }
+      output {
+        elasticsearch {
+          host => "127.0.0.1"
+          index => "#{index}"
+          flush_size => #{flush_size}
+        }
+      }
+    CONFIG
+
+    agent do
+      # Try a few times to check if we have the correct number of events stored
+      # in ES.
+      #
+      # We try multiple times to allow final agent flushes as well as allowing
+      # elasticsearch to finish processing everything.
+      ftw = FTW::Agent.new
+      ftw.post!("http://localhost:9200/#{index}/_refresh")
+
+      # Wait until all events are available.
+      Stud::try(10.times) do
+        data = ""
+        response = ftw.get!("http://127.0.0.1:9200/#{index}/_count?q=*")
+        response.read_body { |chunk| data << chunk }
+        result = LogStash::Json.load(data)
+        count = result["count"]
+        insist { count } == event_count
+      end
+
+      response = ftw.get!("http://127.0.0.1:9200/#{index}/_search?q=*&size=1000")
+      data = ""
+      response.read_body { |chunk| data << chunk }
+      result = LogStash::Json.load(data)
+      result["hits"]["hits"].each do |doc|
+        # With no 'index_type' set, the document type should be the type
+        # set on the input
+        insist { doc["_type"] } == type
+        insist { doc["_index"] } == index
+        insist { doc["_source"]["message"] } == "hello world"
+      end
+    end
+  end
+
+  describe "testing index_type", :elasticsearch => true do
+    describe "no type value" do
+      # Generate a random index name
+      index = 10.times.collect { rand(10).to_s }.join("")
+      event_count = 100 + rand(100)
+      flush_size = rand(200) + 1
+
+      config <<-CONFIG
+        input {
+          generator {
+            message => "hello world"
+            count => #{event_count}
+          }
+        }
+        output {
+          elasticsearch {
+            host => "127.0.0.1"
+            index => "#{index}"
+            flush_size => #{flush_size}
+          }
+        }
+      CONFIG
+
+      agent do
+        ftw = FTW::Agent.new
+        ftw.post!("http://localhost:9200/#{index}/_refresh")
+
+        # Wait until all events are available.
+        Stud::try(10.times) do
+          data = ""
+          response = ftw.get!("http://127.0.0.1:9200/#{index}/_count?q=*")
+          response.read_body { |chunk| data << chunk }
+          result = LogStash::Json.load(data)
+          count = result["count"]
+          insist { count } == event_count
+        end
+
+        response = ftw.get!("http://127.0.0.1:9200/#{index}/_search?q=*&size=1000")
+        data = ""
+        response.read_body { |chunk| data << chunk }
+        result = LogStash::Json.load(data)
+        result["hits"]["hits"].each do |doc|
+          insist { doc["_type"] } == "logs"
+        end
+      end
+    end
+
+    describe "default event type value" do
+      # Generate a random index name
+      index = 10.times.collect { rand(10).to_s }.join("")
+      event_count = 100 + rand(100)
+      flush_size = rand(200) + 1
+
+      config <<-CONFIG
+        input {
+          generator {
+            message => "hello world"
+            count => #{event_count}
+            type => "generated"
+          }
+        }
+        output {
+          elasticsearch {
+            host => "127.0.0.1"
+            index => "#{index}"
+            flush_size => #{flush_size}
+          }
+        }
+      CONFIG
+
+      agent do
+        ftw = FTW::Agent.new
+        ftw.post!("http://localhost:9200/#{index}/_refresh")
+
+        # Wait until all events are available.
+        Stud::try(10.times) do
+          data = ""
+          response = ftw.get!("http://127.0.0.1:9200/#{index}/_count?q=*")
+          response.read_body { |chunk| data << chunk }
+          result = LogStash::Json.load(data)
+          count = result["count"]
+          insist { count } == event_count
+        end
+
+        response = ftw.get!("http://127.0.0.1:9200/#{index}/_search?q=*&size=1000")
+        data = ""
+        response.read_body { |chunk| data << chunk }
+        result = LogStash::Json.load(data)
+        result["hits"]["hits"].each do |doc|
+          insist { doc["_type"] } == "generated"
+        end
+      end
+    end
+  end
+
+  describe "action => ...", :elasticsearch => true do
+    index_name = 10.times.collect { rand(10).to_s }.join("")
+
+    config <<-CONFIG
+      input {
+        generator {
+          message => "hello world"
+          count => 100
+        }
+      }
+      output {
+        elasticsearch {
+          host => "127.0.0.1"
+          index => "#{index_name}"
+        }
+      }
+    CONFIG
+
+
+    agent do
+      ftw = FTW::Agent.new
+      ftw.post!("http://localhost:9200/#{index_name}/_refresh")
+
+      # Wait until all events are available.
+      Stud::try(10.times) do
+        data = ""
+        response = ftw.get!("http://127.0.0.1:9200/#{index_name}/_count?q=*")
+        response.read_body { |chunk| data << chunk }
+        result = LogStash::Json.load(data)
+        count = result["count"]
+        insist { count } == 100
+      end
+
+      response = ftw.get!("http://127.0.0.1:9200/#{index_name}/_search?q=*&size=1000")
+      data = ""
+      response.read_body { |chunk| data << chunk }
+      result = LogStash::Json.load(data)
+      result["hits"]["hits"].each do |doc|
+        insist { doc["_type"] } == "logs"
+      end
+    end
+
+    describe "default event type value", :elasticsearch => true do
+      # Generate a random index name
+      index = 10.times.collect { rand(10).to_s }.join("")
+      event_count = 100 + rand(100)
+      flush_size = rand(200) + 1
+
+      config <<-CONFIG
+        input {
+          generator {
+            message => "hello world"
+            count => #{event_count}
+            type => "generated"
+          }
+        }
+        output {
+          elasticsearch {
+            host => "127.0.0.1"
+            index => "#{index}"
+            flush_size => #{flush_size}
+          }
+        }
+      CONFIG
+
+      agent do
+        ftw = FTW::Agent.new
+        ftw.post!("http://localhost:9200/#{index}/_refresh")
+
+        # Wait until all events are available.
+        Stud::try(10.times) do
+          data = ""
+          response = ftw.get!("http://127.0.0.1:9200/#{index}/_count?q=*")
+          response.read_body { |chunk| data << chunk }
+          result = LogStash::Json.load(data)
+          count = result["count"]
+          insist { count } == event_count
+        end
+
+        response = ftw.get!("http://127.0.0.1:9200/#{index}/_search?q=*&size=1000")
+        data = ""
+        response.read_body { |chunk| data << chunk }
+        result = LogStash::Json.load(data)
+        result["hits"]["hits"].each do |doc|
+          insist { doc["_type"] } == "generated"
+        end
+      end
+    end
+  end
+
+  describe "wildcard substitution in index templates", :todo => true do
+    require "logstash/outputs/elasticsearch"
+
+    let(:template) { '{"template" : "not important, will be updated by :index"}' }
+
+    def settings_with_index(index)
+      return {
+        "manage_template" => true,
+        "template_overwrite" => true,
+        "protocol" => "http",
+        "host" => "localhost",
+        "index" => "#{index}"
+      }
+    end
+
+    it "should substitude placeholders" do
+      IO.stub(:read).with(anything) { template }
+      es_output = LogStash::Outputs::ElasticSearch.new(settings_with_index("index-%{YYYY}"))
+      insist { es_output.get_template['template'] } == "index-*"
+    end
+
+    it "should do nothing to an index with no placeholder" do
+      IO.stub(:read).with(anything) { template }
+      es_output = LogStash::Outputs::ElasticSearch.new(settings_with_index("index"))
+      insist { es_output.get_template['template'] } == "index"
+    end
+  end
+
+  describe "index template expected behavior", :elasticsearch => true do
+    ["node", "transport", "http"].each do |protocol|
+      context "with protocol => #{protocol}" do
+        subject do
+          require "logstash/outputs/elasticsearch"
+          settings = {
+            "manage_template" => true,
+            "template_overwrite" => true,
+            "protocol" => protocol,
+            "host" => "localhost"
+          }
+          next LogStash::Outputs::ElasticSearch.new(settings)
+        end
+
+        before :each do
+          # Delete all templates first.
+          require "elasticsearch"
+
+          # Clean ES of data before we start.
+          @es = Elasticsearch::Client.new
+          @es.indices.delete_template(:name => "*")
+
+          # This can fail if there are no indexes, ignore failure.
+          @es.indices.delete(:index => "*") rescue nil
+
+          subject.register
+
+          subject.receive(LogStash::Event.new("message" => "sample message here"))
+          subject.receive(LogStash::Event.new("somevalue" => 100))
+          subject.receive(LogStash::Event.new("somevalue" => 10))
+          subject.receive(LogStash::Event.new("somevalue" => 1))
+          subject.receive(LogStash::Event.new("country" => "us"))
+          subject.receive(LogStash::Event.new("country" => "at"))
+          subject.receive(LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0 ] }))
+          subject.buffer_flush(:final => true)
+          @es.indices.refresh
+
+          # Wait or fail until everything's indexed.
+          Stud::try(20.times) do
+            r = @es.search
+            insist { r["hits"]["total"] } == 7
+          end
+        end
+
+        it "permits phrase searching on string fields" do
+          results = @es.search(:q => "message:\"sample message\"")
+          insist { results["hits"]["total"] } == 1
+          insist { results["hits"]["hits"][0]["_source"]["message"] } == "sample message here"
+        end
+
+        it "numbers dynamically map to a numeric type and permit range queries" do
+          results = @es.search(:q => "somevalue:[5 TO 105]")
+          insist { results["hits"]["total"] } == 2
+
+          values = results["hits"]["hits"].collect { |r| r["_source"]["somevalue"] }
+          insist { values }.include?(10)
+          insist { values }.include?(100)
+          reject { values }.include?(1)
+        end
+
+        it "creates .raw field fro any string field which is not_analyzed" do
+          results = @es.search(:q => "message.raw:\"sample message here\"")
+          insist { results["hits"]["total"] } == 1
+          insist { results["hits"]["hits"][0]["_source"]["message"] } == "sample message here"
+
+          # partial or terms should not work.
+          results = @es.search(:q => "message.raw:\"sample\"")
+          insist { results["hits"]["total"] } == 0
+        end
+
+        it "make [geoip][location] a geo_point" do
+          results = @es.search(:body => { "filter" => { "geo_distance" => { "distance" => "1000km", "geoip.location" => { "lat" => 0.5, "lon" => 0.5 } } } })
+          insist { results["hits"]["total"] } == 1
+          insist { results["hits"]["hits"][0]["_source"]["geoip"]["location"] } == [ 0.0, 0.0 ]
+        end
+
+        it "should index stopwords like 'at' " do
+          results = @es.search(:body => { "facets" => { "t" => { "terms" => { "field" => "country" } } } })["facets"]["t"]
+          terms = results["terms"].collect { |t| t["term"] }
+
+          insist { terms }.include?("us")
+
+          # 'at' is a stopword, make sure stopwords are not ignored.
+          insist { terms }.include?("at")
+        end
+      end
+    end
+  end
+
+  describe "elasticsearch protocol", :elasticsearch => true do
+    # ElasticSearch related jars
+#LogStash::Environment.load_elasticsearch_jars!
+    # Load elasticsearch protocol
+    require "logstash/outputs/elasticsearch/protocol"
+
+    describe "elasticsearch node client" do
+      # Test ElasticSearch Node Client
+      # Reference: http://www.elasticsearch.org/guide/reference/modules/discovery/zen/
+
+      it "should support hosts in both string and array" do
+        # Because we defined *hosts* method in NodeClient as private,
+        # we use *obj.send :method,[args...]* to call method *hosts*
+        client = LogStash::Outputs::Elasticsearch::Protocols::NodeClient.new
+
+        # Node client should support host in string
+        # Case 1: default :host in string
+        insist { client.send :hosts, :host => "host",:port => 9300 } == "host:9300"
+        # Case 2: :port =~ /^\d+_\d+$/
+        insist { client.send :hosts, :host => "host",:port => "9300-9302"} == "host:9300,host:9301,host:9302"
+        # Case 3: :host =~ /^.+:.+$/
+        insist { client.send :hosts, :host => "host:9303",:port => 9300 } == "host:9303"
+        # Case 4:  :host =~ /^.+:.+$/ and :port =~ /^\d+_\d+$/
+        insist { client.send :hosts, :host => "host:9303",:port => "9300-9302"} == "host:9303"
+
+        # Node client should support host in array
+        # Case 5: :host in array with single item
+        insist { client.send :hosts, :host => ["host"],:port => 9300 } == ("host:9300")
+        # Case 6: :host in array with more than one items
+        insist { client.send :hosts, :host => ["host1","host2"],:port => 9300 } == "host1:9300,host2:9300"
+        # Case 7: :host in array with more than one items and :port =~ /^\d+_\d+$/
+        insist { client.send :hosts, :host => ["host1","host2"],:port => "9300-9302" } == "host1:9300,host1:9301,host1:9302,host2:9300,host2:9301,host2:9302"
+        # Case 8: :host in array with more than one items and some :host =~ /^.+:.+$/
+        insist { client.send :hosts, :host => ["host1","host2:9303"],:port => 9300 } == "host1:9300,host2:9303"
+        # Case 9: :host in array with more than one items, :port =~ /^\d+_\d+$/ and some :host =~ /^.+:.+$/
+        insist { client.send :hosts, :host => ["host1","host2:9303"],:port => "9300-9302" } == "host1:9300,host1:9301,host1:9302,host2:9303"
+      end
+    end
+  end
+
+  describe "Authentication option" do
+    ["node", "transport"].each do |protocol|
+      context "with protocol => #{protocol}" do
+        subject do
+          require "logstash/outputs/elasticsearch"
+          settings = {
+            "protocol" => protocol,
+            "node_name" => "logstash",
+            "cluster" => "elasticsearch",
+            "host" => "node01",
+            "user" => "test",
+            "password" => "test"
+          }
+          next LogStash::Outputs::ElasticSearch.new(settings)
+        end
+
+        it "should fail in register" do
+          expect {subject.register}.to raise_error
+        end
+      end
+    end
+  end
+
+  describe "SSL option" do
+    ["node", "transport"].each do |protocol|
+      context "with protocol => #{protocol}" do
+        subject do
+          require "logstash/outputs/elasticsearch"
+          settings = {
+            "protocol" => protocol,
+            "node_name" => "logstash",
+            "cluster" => "elasticsearch",
+            "host" => "node01",
+            "ssl" => true
+          }
+          next LogStash::Outputs::ElasticSearch.new(settings)
+        end
+
+        it "should fail in register" do
+          expect {subject.register}.to raise_error
+        end
+      end
+    end
+  end
+
+  describe "send messages to ElasticSearch using HTTPS", :elasticsearch_secure => true do
+    subject do
+      require "logstash/outputs/elasticsearch"
+      settings = {
+        "protocol" => "http",
+        "node_name" => "logstash",
+        "cluster" => "elasticsearch",
+        "host" => "node01",
+        "user" => "user",
+        "password" => "changeme",
+        "ssl" => true,
+        "cacert" => "/tmp/ca/certs/cacert.pem",
+        # or
+        #"truststore" => "/tmp/ca/truststore.jks",
+        #"truststore_password" => "testeteste"
+      }
+      next LogStash::Outputs::ElasticSearch.new(settings)
+    end
+
+    before :each do
+      subject.register
+    end
+
+    it "sends events to ES" do
+      expect {
+        subject.receive(LogStash::Event.new("message" => "sample message here"))
+        subject.buffer_flush(:final => true)
+      }.to_not raise_error
+    end
+  end
+
+  describe "connect using HTTP Authentication", :elasticsearch_secure => true do
+    subject do
+      require "logstash/outputs/elasticsearch"
+      settings = {
+        "protocol" => "http",
+        "cluster" => "elasticsearch",
+        "host" => "node01",
+        "user" => "user",
+        "password" => "changeme",
+      }
+      next LogStash::Outputs::ElasticSearch.new(settings)
+    end
+
+    before :each do
+      subject.register
+    end
+
+    it "sends events to ES" do
+      expect {
+        subject.receive(LogStash::Event.new("message" => "sample message here"))
+        subject.buffer_flush(:final => true)
+      }.to_not raise_error
+    end
+  end
+end