microsoft-logstash-output-azure-loganalytics 0.2.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 178a030469859740207ce35bf63639665662d42302c5a10b3e3c9646a97f33ad
-  data.tar.gz: e90ee6beecc15fe88ff0f5da812bbd213c136b9b84a569ee704a397b4dbc150b
+  metadata.gz: 1c22cab429408578d01be04be5aa28e65b4f0e012c366c581952efe0b8e85333
+  data.tar.gz: b8dc9f1fb3ddcacd49d9812ea26368ef5243b04836f0fee8572f0ab3b52b52f4
 SHA512:
-  metadata.gz: 10aca1c15e681831bd84f605daa869c581c500a7f32bce99f16bea23f006e0ebf0029725c6f99416a340e417cc62ed17a97aecdceae0e6c719d7febf1cf6fc2b
-  data.tar.gz: e60c8c43520ae0c49387ae21cb0ea7d5fea45dab2633f1e41bb7e0fcf5e9166ec766b92c344fd34e82029c03f28088fb6c9dbfd344e3db8ebb4a8ae8e5fafd41
+  metadata.gz: cd373e048bcf8f96dface58538c747b3047ff9954d2157e306fc3855bb6e51e2b5bacbb4171b9bad6b55aa735f674d9e6c5798fb2d65c7bfe72904544b41a622
+  data.tar.gz: afc3e71b8b69d8c1ab6c0fb7aa17c5722739b4327ef9155ec9075a0f72056de1792c2cc3bacb2ff821691bc1983a2c1da8e01f8b8708c0af199c606e55a663bb

data/README.md

@@ -20,7 +20,8 @@ For offline setup follow [Logstash Offline Plugin Management instruction](
 in your Logstash configuration file, add the Azure Sentinel output plugin to the configuration with following values: 
 - workspace_id – your workspace ID guid 
 - workspace_key (primary key) – your workspace primary key guid. You can find your workspace key and id the following path: Home > Log Analytics workspace > Advanced settings
-- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix. Table name must be only alpha characters.
+- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix. 
+	Table name must be only alpha characters, and shoud not exceed 100 characters.
 - endpoint – Optional field by default set as log analytics endpoint.  
 - time_generated_field – Optional field, this property is used to override the default TimeGenerated field in Log Analytics. Populate this property with the name of the sent data time field. 
 - key_names – list of Log analytics output schema fields. 
@@ -55,7 +56,7 @@ output {
     }
 }
 ```
-- Or using the tcp imput pipe
+- Or using the tcp input pipe
 
 ```
 input {

data/VERSION

@@ -1 +1 @@
-0.2.0
+0.3.0

data/lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb

@@ -72,19 +72,19 @@ class LogStashAutoResizeBuffer
     # We would like to do it until we reached to the duration 
     def resend_message(documents_json, amount_of_documents, remaining_duration)
         if remaining_duration > 0
-            @logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMITION_DELAY} seconds.")
+            @logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
             sleep @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY
             begin
                 response = @client.post_data(documents_json)
                 if is_successfully_posted(response)
                     @logger.info("Successfully sent #{amount_of_documents} logs into custom log analytics table[#{@logstashLoganalyticsConfiguration.custom_log_table_name}] after resending.")
                 else
-                    @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMITION_DELAY)}")
-                    resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMITION_DELAY))
+                    @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
+                    resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
                 end
             rescue Exception => ex
-                @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMITION_DELAY)}")
-                resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMITION_DELAY))
+                @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
+                resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
             end
         else 
             @logger.error("Could not resend #{amount_of_documents} documents, message is dropped.")

data/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb

@@ -28,8 +28,11 @@ class LogstashLoganalyticsOutputConfiguration
         elsif @workspace_id.empty? or @workspace_key.empty? or @custom_log_table_name.empty? 
             raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key} , custom_log_table_name=#{@custom_log_table_name}]"
 
-        elsif not @custom_log_table_name.match(/^[[:alpha:]]+$/)
-            raise ArgumentError, 'custom_log_table_name must be only alpha characters.' 
+        elsif not @custom_log_table_name.match(/^[[:alpha:][:digit:]_]+$/)
+            raise ArgumentError, 'custom_log_table_name must be only alpha characters, numbers and underscore.'
+
+        elsif @custom_log_table_name.length > 100
+            raise ArgumentError, 'custom_log_table_name must not exceed 100 characters.'
 
         elsif custom_log_table_name.empty?
             raise ArgumentError, 'custom_log_table_name should not be empty.' 

data/lib/logstash/outputs/microsoft-logstash-output-azure-loganalytics.rb

@@ -19,7 +19,8 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   config :workspace_key, :validate => :string, :required => true
 
   # The name of the event type that is being submitted to Log Analytics. 
-  # This must be only alpha characters.
+  # This must be only alpha characters, numbers and underscore.
+  # This must not exceed 100 characters.
   # Table name under custom logs in which the data will be inserted
   config :custom_log_table_name, :validate => :string, :required => true
 

data/microsoft-logstash-output-azure-loganalytics.gemspec

@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
   s.name = 'microsoft-logstash-output-azure-loganalytics'
   s.version    =  File.read("VERSION").strip
-  s.authors = ["Ron Marsiano"]
+  s.authors = ["Ron Marsiano", "Haim Rubinstein"]
   s.email = "romarsia@outlook.com"
   s.summary = %q{Azure Sentinel provides a new output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace}
   s.description = s.summary

metadata

@@ -1,10 +1,11 @@
 --- !ruby/object:Gem::Specification
 name: microsoft-logstash-output-azure-loganalytics
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Ron Marsiano
+- Haim Rubinstein
 autorequire:
 bindir: bin
 cert_chain: []