microsoft-logstash-output-azure-loganalytics 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +3 -2
- data/VERSION +1 -1
- data/lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb +5 -5
- data/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb +5 -2
- data/lib/logstash/outputs/microsoft-logstash-output-azure-loganalytics.rb +2 -1
- data/microsoft-logstash-output-azure-loganalytics.gemspec +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1c22cab429408578d01be04be5aa28e65b4f0e012c366c581952efe0b8e85333
|
|
4
|
+
data.tar.gz: b8dc9f1fb3ddcacd49d9812ea26368ef5243b04836f0fee8572f0ab3b52b52f4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: cd373e048bcf8f96dface58538c747b3047ff9954d2157e306fc3855bb6e51e2b5bacbb4171b9bad6b55aa735f674d9e6c5798fb2d65c7bfe72904544b41a622
|
|
7
|
+
data.tar.gz: afc3e71b8b69d8c1ab6c0fb7aa17c5722739b4327ef9155ec9075a0f72056de1792c2cc3bacb2ff821691bc1983a2c1da8e01f8b8708c0af199c606e55a663bb
|
data/README.md
CHANGED
|
@@ -20,7 +20,8 @@ For offline setup follow [Logstash Offline Plugin Management instruction]( |
|
|
20
20
|
in your Logstash configuration file, add the Azure Sentinel output plugin to the configuration with following values:
|
|
21
21
|
- workspace_id – your workspace ID guid
|
|
22
22
|
- workspace_key (primary key) – your workspace primary key guid. You can find your workspace key and id the following path: Home > Log Analytics workspace > Advanced settings
|
|
23
|
-
- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix.
|
|
23
|
+
- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix.
|
|
24
|
+
Table name must be only alpha characters, and shoud not exceed 100 characters.
|
|
24
25
|
- endpoint – Optional field by default set as log analytics endpoint.
|
|
25
26
|
- time_generated_field – Optional field, this property is used to override the default TimeGenerated field in Log Analytics. Populate this property with the name of the sent data time field.
|
|
26
27
|
- key_names – list of Log analytics output schema fields.
|
|
@@ -55,7 +56,7 @@ output {
|
|
|
55
56
|
}
|
|
56
57
|
}
|
|
57
58
|
```
|
|
58
|
-
- Or using the tcp
|
|
59
|
+
- Or using the tcp input pipe
|
|
59
60
|
|
|
60
61
|
```
|
|
61
62
|
input {
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
|
@@ -72,19 +72,19 @@ class LogStashAutoResizeBuffer
|
|
|
72
72
|
# We would like to do it until we reached to the duration
|
|
73
73
|
def resend_message(documents_json, amount_of_documents, remaining_duration)
|
|
74
74
|
if remaining_duration > 0
|
|
75
|
-
@logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.
|
|
75
|
+
@logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
|
|
76
76
|
sleep @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY
|
|
77
77
|
begin
|
|
78
78
|
response = @client.post_data(documents_json)
|
|
79
79
|
if is_successfully_posted(response)
|
|
80
80
|
@logger.info("Successfully sent #{amount_of_documents} logs into custom log analytics table[#{@logstashLoganalyticsConfiguration.custom_log_table_name}] after resending.")
|
|
81
81
|
else
|
|
82
|
-
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.
|
|
83
|
-
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.
|
|
82
|
+
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
|
|
83
|
+
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
|
|
84
84
|
end
|
|
85
85
|
rescue Exception => ex
|
|
86
|
-
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.
|
|
87
|
-
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.
|
|
86
|
+
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
|
|
87
|
+
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
|
|
88
88
|
end
|
|
89
89
|
else
|
|
90
90
|
@logger.error("Could not resend #{amount_of_documents} documents, message is dropped.")
|
|
@@ -28,8 +28,11 @@ class LogstashLoganalyticsOutputConfiguration
|
|
|
28
28
|
elsif @workspace_id.empty? or @workspace_key.empty? or @custom_log_table_name.empty?
|
|
29
29
|
raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key} , custom_log_table_name=#{@custom_log_table_name}]"
|
|
30
30
|
|
|
31
|
-
elsif not @custom_log_table_name.match(/^[[:alpha:]]+$/)
|
|
32
|
-
raise ArgumentError, 'custom_log_table_name must be only alpha characters.'
|
|
31
|
+
elsif not @custom_log_table_name.match(/^[[:alpha:][:digit:]_]+$/)
|
|
32
|
+
raise ArgumentError, 'custom_log_table_name must be only alpha characters, numbers and underscore.'
|
|
33
|
+
|
|
34
|
+
elsif @custom_log_table_name.length > 100
|
|
35
|
+
raise ArgumentError, 'custom_log_table_name must not exceed 100 characters.'
|
|
33
36
|
|
|
34
37
|
elsif custom_log_table_name.empty?
|
|
35
38
|
raise ArgumentError, 'custom_log_table_name should not be empty.'
|
|
@@ -19,7 +19,8 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
|
19
19
|
config :workspace_key, :validate => :string, :required => true
|
|
20
20
|
|
|
21
21
|
# The name of the event type that is being submitted to Log Analytics.
|
|
22
|
-
# This must be only alpha characters.
|
|
22
|
+
# This must be only alpha characters, numbers and underscore.
|
|
23
|
+
# This must not exceed 100 characters.
|
|
23
24
|
# Table name under custom logs in which the data will be inserted
|
|
24
25
|
config :custom_log_table_name, :validate => :string, :required => true
|
|
25
26
|
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'microsoft-logstash-output-azure-loganalytics'
|
|
3
3
|
s.version = File.read("VERSION").strip
|
|
4
|
-
s.authors = ["Ron Marsiano"]
|
|
4
|
+
s.authors = ["Ron Marsiano", "Haim Rubinstein"]
|
|
5
5
|
s.email = "romarsia@outlook.com"
|
|
6
6
|
s.summary = %q{Azure Sentinel provides a new output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace}
|
|
7
7
|
s.description = s.summary
|
metadata
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: microsoft-logstash-output-azure-loganalytics
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Ron Marsiano
|
|
8
|
+
- Haim Rubinstein
|
|
8
9
|
autorequire:
|
|
9
10
|
bindir: bin
|
|
10
11
|
cert_chain: []
|