logstash-output-elasticsearch 10.8.6-java → 11.0.3-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/docs/index.asciidoc +132 -22
- data/lib/logstash/outputs/elasticsearch.rb +125 -64
- data/lib/logstash/outputs/elasticsearch/data_stream_support.rb +233 -0
- data/lib/logstash/outputs/elasticsearch/http_client.rb +9 -7
- data/lib/logstash/outputs/elasticsearch/http_client/pool.rb +49 -62
- data/lib/logstash/outputs/elasticsearch/ilm.rb +13 -45
- data/lib/logstash/outputs/elasticsearch/license_checker.rb +26 -23
- data/lib/logstash/outputs/elasticsearch/template_manager.rb +4 -6
- data/lib/logstash/outputs/elasticsearch/templates/ecs-v1/elasticsearch-8x.json +1 -0
- data/lib/logstash/plugin_mixins/elasticsearch/api_configs.rb +157 -153
- data/lib/logstash/plugin_mixins/elasticsearch/common.rb +71 -58
- data/logstash-output-elasticsearch.gemspec +3 -3
- data/spec/es_spec_helper.rb +7 -12
- data/spec/fixtures/_nodes/{5x_6x.json → 6x.json} +5 -5
- data/spec/integration/outputs/compressed_indexing_spec.rb +47 -46
- data/spec/integration/outputs/data_stream_spec.rb +61 -0
- data/spec/integration/outputs/delete_spec.rb +49 -51
- data/spec/integration/outputs/ilm_spec.rb +236 -248
- data/spec/integration/outputs/index_spec.rb +5 -2
- data/spec/integration/outputs/index_version_spec.rb +78 -82
- data/spec/integration/outputs/ingest_pipeline_spec.rb +58 -58
- data/spec/integration/outputs/painless_update_spec.rb +74 -164
- data/spec/integration/outputs/parent_spec.rb +67 -75
- data/spec/integration/outputs/retry_spec.rb +6 -6
- data/spec/integration/outputs/sniffer_spec.rb +15 -54
- data/spec/integration/outputs/templates_spec.rb +79 -81
- data/spec/integration/outputs/update_spec.rb +99 -101
- data/spec/spec_helper.rb +10 -0
- data/spec/unit/outputs/elasticsearch/data_stream_support_spec.rb +528 -0
- data/spec/unit/outputs/elasticsearch/http_client/manticore_adapter_spec.rb +1 -0
- data/spec/unit/outputs/elasticsearch/http_client/pool_spec.rb +36 -29
- data/spec/unit/outputs/elasticsearch/http_client_spec.rb +2 -3
- data/spec/unit/outputs/elasticsearch/template_manager_spec.rb +10 -12
- data/spec/unit/outputs/elasticsearch_proxy_spec.rb +1 -2
- data/spec/unit/outputs/elasticsearch_spec.rb +176 -41
- data/spec/unit/outputs/elasticsearch_ssl_spec.rb +1 -2
- data/spec/unit/outputs/error_whitelist_spec.rb +3 -2
- data/spec/unit/outputs/license_check_spec.rb +0 -16
- metadata +29 -36
- data/lib/logstash/outputs/elasticsearch/templates/ecs-disabled/elasticsearch-2x.json +0 -95
- data/lib/logstash/outputs/elasticsearch/templates/ecs-disabled/elasticsearch-5x.json +0 -46
- data/spec/fixtures/_nodes/2x_1x.json +0 -27
- data/spec/fixtures/scripts/groovy/scripted_update.groovy +0 -2
- data/spec/fixtures/scripts/groovy/scripted_update_nested.groovy +0 -2
- data/spec/fixtures/scripts/groovy/scripted_upsert.groovy +0 -2
- data/spec/integration/outputs/groovy_update_spec.rb +0 -150
- data/spec/integration/outputs/templates_5x_spec.rb +0 -98
@@ -1,98 +0,0 @@
|
|
1
|
-
require_relative "../../../spec/es_spec_helper"
|
2
|
-
|
3
|
-
if ESHelper.es_version_satisfies?(">= 5")
|
4
|
-
describe "index template expected behavior for 5.x", :integration => true do
|
5
|
-
subject! do
|
6
|
-
require "logstash/outputs/elasticsearch"
|
7
|
-
settings = {
|
8
|
-
"manage_template" => true,
|
9
|
-
"template_overwrite" => true,
|
10
|
-
"hosts" => "#{get_host_port()}"
|
11
|
-
}
|
12
|
-
next LogStash::Outputs::ElasticSearch.new(settings)
|
13
|
-
end
|
14
|
-
|
15
|
-
before :each do
|
16
|
-
# Delete all templates first.
|
17
|
-
require "elasticsearch"
|
18
|
-
|
19
|
-
# Clean ES of data before we start.
|
20
|
-
@es = get_client
|
21
|
-
@es.indices.delete_template(:name => "*")
|
22
|
-
|
23
|
-
# This can fail if there are no indexes, ignore failure.
|
24
|
-
@es.indices.delete(:index => "*") rescue nil
|
25
|
-
|
26
|
-
subject.register
|
27
|
-
|
28
|
-
subject.multi_receive([
|
29
|
-
LogStash::Event.new("message" => "sample message here"),
|
30
|
-
LogStash::Event.new("somemessage" => { "message" => "sample nested message here" }),
|
31
|
-
LogStash::Event.new("somevalue" => 100),
|
32
|
-
LogStash::Event.new("somevalue" => 10),
|
33
|
-
LogStash::Event.new("somevalue" => 1),
|
34
|
-
LogStash::Event.new("country" => "us"),
|
35
|
-
LogStash::Event.new("country" => "at"),
|
36
|
-
LogStash::Event.new("geoip" => { "location" => [ 0.0, 0.0 ] })
|
37
|
-
])
|
38
|
-
|
39
|
-
@es.indices.refresh
|
40
|
-
|
41
|
-
# Wait or fail until everything's indexed.
|
42
|
-
Stud::try(20.times) do
|
43
|
-
r = @es.search(index: 'logstash-*')
|
44
|
-
expect(r).to have_hits(8)
|
45
|
-
end
|
46
|
-
end
|
47
|
-
|
48
|
-
it "permits phrase searching on string fields" do
|
49
|
-
results = @es.search(:q => "message:\"sample message\"")
|
50
|
-
expect(results).to have_hits(1)
|
51
|
-
expect(results["hits"]["hits"][0]["_source"]["message"]).to eq("sample message here")
|
52
|
-
end
|
53
|
-
|
54
|
-
it "numbers dynamically map to a numeric type and permit range queries" do
|
55
|
-
results = @es.search(:q => "somevalue:[5 TO 105]")
|
56
|
-
expect(results).to have_hits(2)
|
57
|
-
|
58
|
-
values = results["hits"]["hits"].collect { |r| r["_source"]["somevalue"] }
|
59
|
-
expect(values).to include(10)
|
60
|
-
expect(values).to include(100)
|
61
|
-
expect(values).to_not include(1)
|
62
|
-
end
|
63
|
-
|
64
|
-
it "does not create .keyword field for top-level message field" do
|
65
|
-
results = @es.search(:q => "message.keyword:\"sample message here\"")
|
66
|
-
expect(results).to have_hits(0)
|
67
|
-
end
|
68
|
-
|
69
|
-
it "creates .keyword field for nested message fields" do
|
70
|
-
results = @es.search(:q => "somemessage.message.keyword:\"sample nested message here\"")
|
71
|
-
expect(results).to have_hits(1)
|
72
|
-
end
|
73
|
-
|
74
|
-
it "creates .keyword field from any string field which is not_analyzed" do
|
75
|
-
results = @es.search(:q => "country.keyword:\"us\"")
|
76
|
-
expect(results).to have_hits(1)
|
77
|
-
expect(results["hits"]["hits"][0]["_source"]["country"]).to eq("us")
|
78
|
-
|
79
|
-
# partial or terms should not work.
|
80
|
-
results = @es.search(:q => "country.keyword:\"u\"")
|
81
|
-
expect(results).to have_hits(0)
|
82
|
-
end
|
83
|
-
|
84
|
-
it "make [geoip][location] a geo_point" do
|
85
|
-
expect(field_properties_from_template("logstash", "geoip")["location"]["type"]).to eq("geo_point")
|
86
|
-
end
|
87
|
-
|
88
|
-
it "aggregate .keyword results correctly " do
|
89
|
-
results = @es.search(:body => { "aggregations" => { "my_agg" => { "terms" => { "field" => "country.keyword" } } } })["aggregations"]["my_agg"]
|
90
|
-
terms = results["buckets"].collect { |b| b["key"] }
|
91
|
-
|
92
|
-
expect(terms).to include("us")
|
93
|
-
|
94
|
-
# 'at' is a stopword, make sure stopwords are not ignored.
|
95
|
-
expect(terms).to include("at")
|
96
|
-
end
|
97
|
-
end
|
98
|
-
end
|