logstash-output-sumologic 1.0.4 → 1.1.0

data/lib/logstash/plugin_mixins/http_client.rb

@@ -0,0 +1,187 @@
+# encoding: utf-8
+require "logstash/config/mixin"
+
+# This module makes it easy to add a very fully configured HTTP client to logstash
+# based on [Manticore](https://github.com/cheald/manticore).
+# For an example of its usage see https://github.com/logstash-plugins/logstash-input-http_poller
+module LogStash::PluginMixins::HttpClient
+  class InvalidHTTPConfigError < StandardError; end
+
+  def self.included(base)
+    require 'manticore'
+    base.extend(self)
+    base.setup_http_client_config
+  end
+
+  public
+  def setup_http_client_config
+    # Timeout (in seconds) for the entire request
+    config :request_timeout, :validate => :number, :default => 60
+
+    # Timeout (in seconds) to wait for data on the socket. Default is `10s`
+    config :socket_timeout, :validate => :number, :default => 10
+
+    # Timeout (in seconds) to wait for a connection to be established. Default is `10s`
+    config :connect_timeout, :validate => :number, :default => 10
+
+    # Should redirects be followed? Defaults to `true`
+    config :follow_redirects, :validate => :boolean, :default => true
+
+    # Max number of concurrent connections. Defaults to `50`
+    config :pool_max, :validate => :number, :default => 50
+
+    # Max number of concurrent connections to a single host. Defaults to `25`
+    config :pool_max_per_route, :validate => :number, :default => 25
+
+    # Turn this on to enable HTTP keepalive support. We highly recommend setting `automatic_retries` to at least
+    # one with this to fix interactions with broken keepalive implementations.
+    config :keepalive, :validate => :boolean, :default => true
+
+    # How many times should the client retry a failing URL. We highly recommend NOT setting this value
+    # to zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry!
+    # Note: if `retry_non_idempotent` is set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.
+    config :automatic_retries, :validate => :number, :default => 1
+
+    # If `automatic_retries` is enabled this will cause non-idempotent HTTP verbs (such as POST) to be retried.
+    config :retry_non_idempotent, :validate => :boolean, :default => false
+
+    # How long to wait before checking if the connection is stale before executing a request on a connection using keepalive.
+    # # You may want to set this lower, possibly to 0 if you get connection errors regularly
+    # Quoting the Apache commons docs (this client is based Apache Commmons):
+    # 'Defines period of inactivity in milliseconds after which persistent connections must be re-validated prior to being leased to the consumer. Non-positive value passed to this method disables connection validation. This check helps detect connections that have become stale (half-closed) while kept inactive in the pool.'
+    # See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
+    config :validate_after_inactivity, :validate => :number, :default => 200
+
+    config :ssl_certificate_validation, :deprecated => "This never worked correctly and is now deprecated and a noop"
+
+    # If you need to use a custom X.509 CA (.pem certs) specify the path to that here
+    config :cacert, :validate => :path
+
+    # If you'd like to use a client certificate (note, most people don't want this) set the path to the x509 cert here
+    config :client_cert, :validate => :path
+    # If you're using a client certificate specify the path to the encryption key here
+    config :client_key, :validate => :path
+
+    # If you need to use a custom keystore (`.jks`) specify that here. This does not work with .pem keys!
+    config :keystore, :validate => :path
+
+    # Specify the keystore password here.
+    # Note, most .jks files created with keytool require a password!
+    config :keystore_password, :validate => :password
+
+    # Specify the keystore type here. One of `JKS` or `PKCS12`. Default is `JKS`
+    config :keystore_type, :validate => :string, :default => "JKS"
+
+    # If you need to use a custom truststore (`.jks`) specify that here. This does not work with .pem certs!
+    config :truststore, :validate => :path
+
+    # Specify the truststore password here.
+    # Note, most .jks files created with keytool require a password!
+    config :truststore_password, :validate => :password
+
+    # Specify the truststore type here. One of `JKS` or `PKCS12`. Default is `JKS`
+    config :truststore_type, :validate => :string, :default => "JKS"
+
+    # Enable cookie support. With this enabled the client will persist cookies
+    # across requests as a normal web browser would. Enabled by default
+    config :cookies, :validate => :boolean, :default => true
+
+    # If you'd like to use an HTTP proxy . This supports multiple configuration syntaxes:
+    #
+    # 1. Proxy host in form: `http://proxy.org:1234`
+    # 2. Proxy host in form: `{host => "proxy.org", port => 80, scheme => 'http', user => 'username@host', password => 'password'}`
+    # 3. Proxy host in form: `{url =>  'http://proxy.org:1234', user => 'username@host', password => 'password'}`
+    config :proxy
+
+    # Username to use for HTTP auth.
+    config :user, :validate => :string
+
+    # Password to use for HTTP auth
+    config :password, :validate => :password
+  end
+
+  public
+  def client_config
+    c = {
+      connect_timeout: @connect_timeout,
+      socket_timeout: @socket_timeout,
+      request_timeout: @request_timeout,
+      follow_redirects: @follow_redirects,
+      automatic_retries: @automatic_retries,
+      retry_non_idempotent: @retry_non_idempotent,
+      check_connection_timeout: @validate_after_inactivity,
+      pool_max: @pool_max,
+      pool_max_per_route: @pool_max_per_route,
+      cookies: @cookies,
+      keepalive: @keepalive
+    }
+
+    if @proxy
+      # Symbolize keys if necessary
+      c[:proxy] = @proxy.is_a?(Hash) ?
+        @proxy.reduce({}) {|memo,(k,v)| memo[k.to_sym] = v; memo} :
+        @proxy
+    end
+
+    if @user
+      if !@password || !@password.value
+        raise ::LogStash::ConfigurationError, "User '#{@user}' specified without password!"
+      end
+
+      # Symbolize keys if necessary
+      c[:auth] = {
+        :user => @user,
+        :password => @password.value,
+        :eager => true
+      }
+    end
+
+    c[:ssl] = {}
+    if @cacert
+      c[:ssl][:ca_file] = @cacert
+    end
+
+    if @truststore
+      c[:ssl].merge!(
+        :truststore => @truststore,
+        :truststore_type => @truststore_type,
+        :truststore_password => @truststore_password.value
+      )
+      
+      if c[:ssl][:truststore_password].nil?
+        raise LogStash::ConfigurationError, "Truststore declared without a password! This is not valid, please set the 'truststore_password' option"
+      end
+    end
+
+    if @keystore
+      c[:ssl].merge!(
+        :keystore => @keystore,
+        :keystore_type => @keystore_type,
+        :keystore_password => @keystore_password.value
+      )
+
+      if c[:ssl][:keystore_password].nil?
+        raise LogStash::ConfigurationError, "Keystore declared without a password! This is not valid, please set the 'keystore_password' option"
+      end
+    end
+
+    if @client_cert && @client_key
+      c[:ssl][:client_cert] = @client_cert
+      c[:ssl][:client_key] = @client_key
+    elsif !!@client_cert ^ !!@client_key
+      raise InvalidHTTPConfigError, "You must specify both client_cert and client_key for an HTTP client, or neither!"
+    end
+
+    c
+  end
+
+  private
+  def make_client
+    Manticore::Client.new(client_config)
+  end
+
+  public
+  def client
+    @client ||= make_client
+  end
+end

data/logstash-output-sumologic.gemspec

@@ -1,11 +1,11 @@
 Gem::Specification.new do |s|
   s.name          = "logstash-output-sumologic"
-  s.version       = "1.0.4"
+  s.version       = "1.1.0"
   s.licenses      = ["Apache-2.0"]
   s.summary       = "Deliever the log to Sumo Logic cloud service."
-  s.description   = "This gem is a Logstash output plugin to deliver the log to Sumo Logic cloud service. Go to https://github.com/SumoLogic/logstash-output-sumologic for getting help, reporting issues, etc."
+  s.description   = "This gem is a Logstash output plugin to deliver the log or metrics to Sumo Logic cloud service. Go to https://github.com/SumoLogic/logstash-output-sumologic for getting help, reporting issues, etc."
   s.authors       = ["Sumo Logic"]
-  s.email         = "byi@sumologic.com"
+  s.email         = "collection@sumologic.com "
   s.homepage      = "https://github.com/SumoLogic/logstash-output-sumologic"
   s.require_paths = ["lib"]
 
@@ -19,6 +19,6 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", "~> 2.0"
-  s.add_runtime_dependency "logstash-codec-plain"
-  s.add_development_dependency "logstash-devutils"
+  s.add_runtime_dependency "logstash-codec-plain", "~> 0"
+  s.add_development_dependency "logstash-devutils", "~> 0"
 end

data/spec/outputs/sumologic_spec.rb

@@ -1,22 +1,353 @@
+
 # encoding: utf-8
 require "logstash/devutils/rspec/spec_helper"
 require "logstash/outputs/sumologic"
-require "logstash/codecs/plain"
 require "logstash/event"
 
+require_relative '../spec_helper'
+
 describe LogStash::Outputs::SumoLogic do
-  let(:sample_event) { LogStash::Event.new }
-  let(:output) { LogStash::Outputs::SumoLogic.new }
 
-  before do
-    output.register
+  let(:server) { subject.server }
+  
+  before :each do
+    subject.register
+    subject.receive(event)
+  end
+
+  # For log
+  context "log sent in default format" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
+
+    it "include all content" do
+      expect(server.pop).to include("myHost Hello world")
+    end
+
+  end
+
+  context "log sent as @json" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "format" => "%{@json}") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
+
+    it "include all content" do
+      received = server.pop
+      expect(received).to include("\"host\":\"myHost\"")
+      expect(received).to include("\"message\":\"Hello world\"")
+    end
+
+  end
+
+  context "log sent in customized format" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "format" => "%{foo} %{bar}" ) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
+
+    it "include all content" do
+      expect(server.pop).to eq("fancy 24")
+    end
+
   end
 
-  describe "receive message" do
-    subject { output.receive(sample_event) }
+  context "log sent with customized json_mapping" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "format" => "%{host} %{@json}", "json_mapping" => { "foo" => "%{foo}", "bar" => "%{bar}", "%{foo}" => "%{bar}" } ) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
 
-    it "returns a string" do
-      expect(subject).to eq("Event received")
+    it "include all content" do
+      expect(server.pop).to eq("myHost {\"foo\":\"fancy\",\"bar\":\"24\",\"fancy\":\"24\"}")
     end
+
   end
+
+  # For headers
+  context "check default headers" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain"})
+    end
+
+  end
+
+  context "override source_category" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "source_category" => "my source category") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain", "X-Sumo-Category"=>"my source category"})
+    end
+
+  end
+
+  context "override source_name" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "source_name" => "my source name") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain", "X-Sumo-Name"=>"my source name"})
+    end
+
+  end
+
+  context "override source_host" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "source_host" => "my source host") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>"my source host", "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain"})
+    end
+
+  end
+
+  context "with extra_headers" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "extra_headers" => {"foo" => "bar"}) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain", "foo"=>"bar"})
+    end
+
+  end
+
+  context "with compress" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "compress" => true) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain", "Content-Encoding"=>"deflate"})
+    end
+
+  end
+
+  context "with gzip" do
+    
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "compress" => true, "compress_encoding"=>"gzip") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "message" => "Hello world") }
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"text/plain", "Content-Encoding"=>"gzip"})
+    end
+
+  end
+
+  # For metrics
+  context "with metrics sent in graphite" do
+
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "hurray.%{foo}" => "%{bar}"}, "metrics_format" => "graphite") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"application/vnd.sumologic.graphite"})
+    end
+
+    it "include all content" do
+      expect(server.pop).to match(/^hurray.fancy 24 \d{10,}$/)
+    end
+
+  end
+
+  context "with metrics sent in carbon2" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "hurray.%{foo}" => "%{bar}" }) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "generate one element" do
+      expect(server.size).to eq(1)
+    end
+
+    it "check header" do
+      expect(server.header).to eq({"X-Sumo-Host"=>`hostname`.strip, "X-Sumo-Client"=>"logstash-output-sumologic", "Content-Type"=>"application/vnd.sumologic.carbon2"})
+    end
+
+    it "include all content" do
+      expect(server.pop).to match(/^metric=hurray.fancy  24 \d{10,}$/)
+    end
+  end
+
+  context "with metrics_name override" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "hurray.%{foo}" => "%{bar}" }, "metrics_name" => "mynamespace.*") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "include all content" do
+      expect(server.pop).to match(/^metric=mynamespace.hurray.fancy  24 \d{10,}$/)
+    end
+  end
+
+  context "with intrinsic_tags override" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "bar" => "%{bar}" }, "intrinsic_tags" => {"host"=>"%{host}"}) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "include all content" do
+      expect(server.pop).to match(/^host=myHost metric=bar  24 \d{10,}$/)
+    end
+  end
+
+  context "with meta_tags override" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "bar" => "%{bar}" }, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "bar" => 24) }
+
+    it "include all content" do
+      expect(server.pop).to match(/^host=myHost metric=bar  foo=fancy 24 \d{10,}$/)
+    end
+  end
+
+  context "with multiple metrics mapping" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "cpu1" => "%{cpu1}", "cpu2" => "%{cpu2}" }, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "cpu1" => 0.24, "cpu2" => 0.11) }
+
+    it "include content" do
+      expect(server.pop).to match(/^host=myHost metric=cpu1  foo=fancy 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu2  foo=fancy 0\.11 \d{10,}$/)
+    end
+  end
+
+  context "metrics with non-number value should be dropped (carbon2)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "cpu1" => "%{cpu1}", "cpu2" => "%{cpu2}", "cpu3" => "%{cpu3}" }, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}) }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "cpu1" => 0.24, "cpu2" => "abc", "cpu3" => 0.11) }
+
+    it "include content" do
+      expect(server.pop).to match(/^host=myHost metric=cpu1  foo=fancy 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu3  foo=fancy 0\.11 \d{10,}$/)
+      expect(server.empty?).to eq(true)
+    end
+  end
+
+  context "metrics with non-number value should be dropped (graphite)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "metrics" => { "cpu1" => "%{cpu1}", "cpu2" => "%{cpu2}", "cpu3" => "%{cpu3}" }, "metrics_format" => "graphite") }
+    let(:event) { LogStash::Event.new("host" => "myHost", "foo" => "fancy", "cpu1" => 0.24, "cpu2" => "abc", "cpu3" => 0.11) }
+
+    it "include content" do
+      expect(server.pop).to match(/^cpu1 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^cpu3 0\.11 \d{10,}$/)
+      expect(server.empty?).to eq(true)
+    end
+  end
+
+  context "fields_as_metrics (carbon2)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "fields_as_metrics" => true, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}) }
+    let(:event) { LogStash::Event.new(
+      "host" => "myHost", 
+      "foo" => "fancy", 
+      "cpu" => [0.24, 0.11, 0.75, 0.28], 
+      "storageRW" => 51, 
+      "bar" => "blahblah", 
+      "blkio" => {
+        "write_ps" => 5,
+        "read_ps" => 2,
+        "total_ps" => 0
+      })}
+
+    it "include content" do
+      expect(server.pop).to match(/^host=myHost metric=blkio\.write_ps  foo=fancy 5 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=blkio\.read_ps  foo=fancy 2 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=blkio\.total_ps  foo=fancy 0 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.0  foo=fancy 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.1  foo=fancy 0\.11 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.2  foo=fancy 0\.75 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.3  foo=fancy 0\.28 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=storageRW  foo=fancy 51 \d{10,}$/)
+      expect(server.empty?).to eq(true)
+    end
+  end
+
+  context "fields_as_metrics (graphite)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "fields_as_metrics" => true, "metrics_format" => "graphite") }
+    let(:event) { LogStash::Event.new(
+      "host" => "myHost", 
+      "foo" => "fancy", 
+      "cpu" => [0.24, 0.11, 0.75, 0.28], 
+      "storageRW" => 51, 
+      "bar" => "blahblah", 
+      "blkio" => {
+        "write_ps" => 0,
+        "read_ps" => 0,
+        "total_ps" => 0
+      })}
+
+    it "include content" do
+      expect(server.pop).to match(/^blkio.write_ps 0 \d{10,}$/)
+      expect(server.pop).to match(/^blkio.read_ps 0 \d{10,}$/)
+      expect(server.pop).to match(/^blkio.total_ps 0 \d{10,}$/)
+      expect(server.pop).to match(/^cpu\.0 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^cpu\.1 0\.11 \d{10,}$/)
+      expect(server.pop).to match(/^cpu\.2 0\.75 \d{10,}$/)
+      expect(server.pop).to match(/^cpu\.3 0\.28 \d{10,}$/)
+      expect(server.pop).to match(/^storageRW 51 \d{10,}$/)
+    end
+  end
+
+  context "fields_include is honored when fields_as_metrics (carbon2)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "fields_as_metrics" => true, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}, "fields_include" => ["cpu*"]) }
+    let(:event) { LogStash::Event.new(
+      "host" => "myHost", 
+      "foo" => "fancy", 
+      "cpu" => [0.24, 0.11, 0.75, 0.28], 
+      "storageRW" => 51, 
+      "bar" => "blahblah", 
+      "blkio" => {
+        "write_ps" => 5,
+        "read_ps" => 2,
+        "total_ps" => 0
+      })}
+
+    it "include content" do
+      expect(server.pop).to match(/^host=myHost metric=cpu\.0  foo=fancy 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.1  foo=fancy 0\.11 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.2  foo=fancy 0\.75 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.3  foo=fancy 0\.28 \d{10,}$/)
+      expect(server.empty?).to eq(true)
+    end
+  end
+
+  context "fields_exclude is honored when fields_as_metrics (carbon2)" do
+    subject { LogStash::Outputs::SumoLogic.new("url" => "http://localhost/1234", "fields_as_metrics" => true, "intrinsic_tags" => {"host"=>"%{host}"}, "meta_tags" => {"foo" => "%{foo}"}, "fields_include" => ["cpu*"], "fields_exclude" => [".*1"]) }
+    let(:event) { LogStash::Event.new(
+      "host" => "myHost", 
+      "foo" => "fancy", 
+      "cpu" => [0.24, 0.11, 0.75, 0.28], 
+      "storageRW" => 51, 
+      "bar" => "blahblah", 
+      "blkio" => {
+        "write_ps" => 5,
+        "read_ps" => 2,
+        "total_ps" => 0
+      })}
+
+    it "include content" do
+      expect(server.pop).to match(/^host=myHost metric=cpu\.0  foo=fancy 0\.24 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.2  foo=fancy 0\.75 \d{10,}$/)
+      expect(server.pop).to match(/^host=myHost metric=cpu\.3  foo=fancy 0\.28 \d{10,}$/)
+      expect(server.empty?).to eq(true)
+    end
+  end
+
 end