microsoft-logstash-output-azure-loganalytics 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +3 -2
- data/VERSION +1 -1
- data/lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb +5 -5
- data/lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb +5 -2
- data/lib/logstash/outputs/microsoft-logstash-output-azure-loganalytics.rb +2 -1
- data/microsoft-logstash-output-azure-loganalytics.gemspec +1 -1
- metadata +2 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 1c22cab429408578d01be04be5aa28e65b4f0e012c366c581952efe0b8e85333
|
4
|
+
data.tar.gz: b8dc9f1fb3ddcacd49d9812ea26368ef5243b04836f0fee8572f0ab3b52b52f4
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cd373e048bcf8f96dface58538c747b3047ff9954d2157e306fc3855bb6e51e2b5bacbb4171b9bad6b55aa735f674d9e6c5798fb2d65c7bfe72904544b41a622
|
7
|
+
data.tar.gz: afc3e71b8b69d8c1ab6c0fb7aa17c5722739b4327ef9155ec9075a0f72056de1792c2cc3bacb2ff821691bc1983a2c1da8e01f8b8708c0af199c606e55a663bb
|
data/README.md
CHANGED
@@ -20,7 +20,8 @@ For offline setup follow [Logstash Offline Plugin Management instruction]( |
|
20
20
|
in your Logstash configuration file, add the Azure Sentinel output plugin to the configuration with following values:
|
21
21
|
- workspace_id – your workspace ID guid
|
22
22
|
- workspace_key (primary key) – your workspace primary key guid. You can find your workspace key and id the following path: Home > Log Analytics workspace > Advanced settings
|
23
|
-
- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix.
|
23
|
+
- custom_log_table_name – table name, in which the logs will be ingested, limited to one table, the log table will be presented in the logs blade under the custom logs label, with a _CL suffix.
|
24
|
+
Table name must be only alpha characters, and shoud not exceed 100 characters.
|
24
25
|
- endpoint – Optional field by default set as log analytics endpoint.
|
25
26
|
- time_generated_field – Optional field, this property is used to override the default TimeGenerated field in Log Analytics. Populate this property with the name of the sent data time field.
|
26
27
|
- key_names – list of Log analytics output schema fields.
|
@@ -55,7 +56,7 @@ output {
|
|
55
56
|
}
|
56
57
|
}
|
57
58
|
```
|
58
|
-
- Or using the tcp
|
59
|
+
- Or using the tcp input pipe
|
59
60
|
|
60
61
|
```
|
61
62
|
input {
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
0.
|
1
|
+
0.3.0
|
@@ -72,19 +72,19 @@ class LogStashAutoResizeBuffer
|
|
72
72
|
# We would like to do it until we reached to the duration
|
73
73
|
def resend_message(documents_json, amount_of_documents, remaining_duration)
|
74
74
|
if remaining_duration > 0
|
75
|
-
@logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.
|
75
|
+
@logger.info("Resending #{amount_of_documents} documents as log type #{@logstashLoganalyticsConfiguration.custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
|
76
76
|
sleep @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY
|
77
77
|
begin
|
78
78
|
response = @client.post_data(documents_json)
|
79
79
|
if is_successfully_posted(response)
|
80
80
|
@logger.info("Successfully sent #{amount_of_documents} logs into custom log analytics table[#{@logstashLoganalyticsConfiguration.custom_log_table_name}] after resending.")
|
81
81
|
else
|
82
|
-
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.
|
83
|
-
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.
|
82
|
+
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
|
83
|
+
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
|
84
84
|
end
|
85
85
|
rescue Exception => ex
|
86
|
-
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.
|
87
|
-
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.
|
86
|
+
@logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
|
87
|
+
resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
|
88
88
|
end
|
89
89
|
else
|
90
90
|
@logger.error("Could not resend #{amount_of_documents} documents, message is dropped.")
|
@@ -28,8 +28,11 @@ class LogstashLoganalyticsOutputConfiguration
|
|
28
28
|
elsif @workspace_id.empty? or @workspace_key.empty? or @custom_log_table_name.empty?
|
29
29
|
raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key} , custom_log_table_name=#{@custom_log_table_name}]"
|
30
30
|
|
31
|
-
elsif not @custom_log_table_name.match(/^[[:alpha:]]+$/)
|
32
|
-
raise ArgumentError, 'custom_log_table_name must be only alpha characters.'
|
31
|
+
elsif not @custom_log_table_name.match(/^[[:alpha:][:digit:]_]+$/)
|
32
|
+
raise ArgumentError, 'custom_log_table_name must be only alpha characters, numbers and underscore.'
|
33
|
+
|
34
|
+
elsif @custom_log_table_name.length > 100
|
35
|
+
raise ArgumentError, 'custom_log_table_name must not exceed 100 characters.'
|
33
36
|
|
34
37
|
elsif custom_log_table_name.empty?
|
35
38
|
raise ArgumentError, 'custom_log_table_name should not be empty.'
|
@@ -19,7 +19,8 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
|
|
19
19
|
config :workspace_key, :validate => :string, :required => true
|
20
20
|
|
21
21
|
# The name of the event type that is being submitted to Log Analytics.
|
22
|
-
# This must be only alpha characters.
|
22
|
+
# This must be only alpha characters, numbers and underscore.
|
23
|
+
# This must not exceed 100 characters.
|
23
24
|
# Table name under custom logs in which the data will be inserted
|
24
25
|
config :custom_log_table_name, :validate => :string, :required => true
|
25
26
|
|
@@ -1,7 +1,7 @@
|
|
1
1
|
Gem::Specification.new do |s|
|
2
2
|
s.name = 'microsoft-logstash-output-azure-loganalytics'
|
3
3
|
s.version = File.read("VERSION").strip
|
4
|
-
s.authors = ["Ron Marsiano"]
|
4
|
+
s.authors = ["Ron Marsiano", "Haim Rubinstein"]
|
5
5
|
s.email = "romarsia@outlook.com"
|
6
6
|
s.summary = %q{Azure Sentinel provides a new output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace}
|
7
7
|
s.description = s.summary
|
metadata
CHANGED
@@ -1,10 +1,11 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: microsoft-logstash-output-azure-loganalytics
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Ron Marsiano
|
8
|
+
- Haim Rubinstein
|
8
9
|
autorequire:
|
9
10
|
bindir: bin
|
10
11
|
cert_chain: []
|