RubyGems - microsoft-sentinel-log-analytics-logstash-output-plugin - Versions diffs - 1.1.4 → 2.2.1-java - Mend

microsoft-sentinel-log-analytics-logstash-output-plugin 1.1.4 → 2.2.1-java

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +18 -16
data/Gemfile +12 -2
data/README.md +251 -258
data/VERSION +1 -0
data/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb +7 -116
data/lib/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars.rb +5 -0
data/lib/logstash_registry.rb +4 -0
data/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec +22 -0
data/vendor/jar-dependencies/org/logstashplugins/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin/2.2.1/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin-2.2.1.jar +0 -0
metadata +17 -44
data/LICENSE +0 -21
data/lib/logstash/sentinel_la/customSizeBasedBuffer.rb +0 -293
data/lib/logstash/sentinel_la/eventsHandler.rb +0 -58
data/lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb +0 -90
data/lib/logstash/sentinel_la/logAnalyticsClient.rb +0 -135
data/lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb +0 -157
data/lib/logstash/sentinel_la/logStashCompressedStream.rb +0 -144
data/lib/logstash/sentinel_la/logStashEventsBatcher.rb +0 -144
data/lib/logstash/sentinel_la/logsSender.rb +0 -47
data/lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb +0 -243
data/lib/logstash/sentinel_la/sampleFileCreator.rb +0 -61
data/lib/logstash/sentinel_la/version.rb +0 -10
data/microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec +0 -27

data/lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb CHANGED Viewed

@@ -1,116 +1,7 @@
-# encoding: utf-8
-require "logstash/outputs/base"
-require "logstash/namespace"
-require "logstash/sentinel_la/logstashLoganalyticsConfiguration"
-require "logstash/sentinel_la/sampleFileCreator"
-require "logstash/sentinel_la/logsSender"
-class LogStash::Outputs::MicrosoftSentinelOutput < LogStash::Outputs::Base
-  config_name "microsoft-sentinel-log-analytics-logstash-output-plugin"
-  # Stating that the output plugin will run in concurrent mode
-  concurrency :shared
-  # Your registered app ID
-  config :client_app_Id, :validate => :string
-  # The registered app's secret, required by Azure Loganalytics REST API
-  config :client_app_secret, :validate => :string
-  # Your Operations Management Suite Tenant ID
-  config :tenant_id, :validate => :string
-  # Your data collection rule endpoint
-  config :data_collection_endpoint, :validate => :string
-  # Your data collection rule ID
-  config :dcr_immutable_id, :validate => :string
-  # Your dcr data stream name
-  config :dcr_stream_name, :validate => :string
-  # Subset of keys to send to the Azure Loganalytics workspace
-  config :key_names, :validate => :array, :default => []
-  # Max number of seconds to wait between flushes. Default 5
-  config :plugin_flush_interval, :validate => :number, :default => 5
-  # Factor for adding to the amount of messages sent
-  config :decrease_factor, :validate => :number, :default => 100
-  # This will trigger message amount resizing in a REST request to LA
-  config :amount_resizing, :validate => :boolean, :default => true
-  # Setting the default amount of messages sent
-  # it this is set with amount_resizing=false --> each message will have max_items
-  config :max_items, :validate => :number, :default => 2000
-  # Setting default proxy to be used for all communication with azure
-  config :proxy, :validate => :string
-  # Setting proxy_aad to be used for communicating with azure active directory service
-  config :proxy_aad, :validate => :string
-  # Setting proxy to be used for the LogAnalytics endpoint REST client
-  config :proxy_endpoint, :validate => :string
-  # This will set the amount of time given for retransmitting messages once sending is failed
-  config :retransmission_time, :validate => :number, :default => 10
-  # Compress the message body before sending to LA
-  config :compress_data, :validate => :boolean, :default => false
-  # Generate sample file from incoming events
-  config :create_sample_file, :validate => :boolean, :default => false
-  # Path where to place the sample file created
-  config :sample_file_path, :validate => :string
-  # Used to specify the name of the Azure cloud that is being used. By default, the value is set to "AzureCloud", which
-  # is the public Azure cloud. However, you can specify a different Azure cloud if you are
-  # using a different environment, such as Azure Government or Azure China.
-  config :azure_cloud, :validate => :string
-  public
-  def register
-    @logstash_configuration= build_logstash_configuration()
-    # Validate configuration correctness
-    @logstash_configuration.validate_configuration()
-    @events_handler = @logstash_configuration.create_sample_file ?
-                        LogStash::Outputs::MicrosoftSentinelOutputInternal::SampleFileCreator::new(@logstash_configuration) :
-                        LogStash::Outputs::MicrosoftSentinelOutputInternal::LogsSender::new(@logstash_configuration)
-  end # def register
-  def multi_receive(events)
-    @events_handler.handle_events(events)
-  end # def multi_receive
-  def close
-    @events_handler.close
-  end
-  #private
-  private
-  # Building the logstash object configuration from the output configuration provided by the user
-  # Return LogstashLoganalyticsOutputConfiguration populated with the configuration values
-  def build_logstash_configuration()
-    logstash_configuration= LogStash::Outputs::MicrosoftSentinelOutputInternal::LogstashLoganalyticsOutputConfiguration::new(@client_app_Id, @client_app_secret, @tenant_id, @data_collection_endpoint, @dcr_immutable_id, @dcr_stream_name, @compress_data, @create_sample_file, @sample_file_path, @logger)
-    logstash_configuration.key_names = @key_names
-    logstash_configuration.plugin_flush_interval = @plugin_flush_interval
-    logstash_configuration.decrease_factor = @decrease_factor
-    logstash_configuration.amount_resizing = @amount_resizing
-    logstash_configuration.max_items = @max_items
-    logstash_configuration.proxy_aad = @proxy_aad || @proxy || ENV['http_proxy']
-    logstash_configuration.proxy_endpoint = @proxy_endpoint || @proxy || ENV['http_proxy']
-    logstash_configuration.retransmission_time = @retransmission_time
-    logstash_configuration.azure_cloud = @azure_cloud || "AzureCloud"
-    return logstash_configuration
-  end # def build_logstash_configuration
-end # class LogStash::Outputs::MicrosoftSentinelOutput
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+# encoding: utf-8
+# NOTE: Java plugin (no Ruby plugin class). This file exists only to ensure
+# jar-dependencies loads the packaged jar into JRuby's classpath.
+require "logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars"
+require "java"

data/lib/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars.rb ADDED Viewed

@@ -0,0 +1,5 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+# encoding: utf-8
+require 'jar_dependencies'
+require_jar('org.logstashplugins', 'logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin', '2.2.1')

data/lib/logstash_registry.rb ADDED Viewed

@@ -0,0 +1,4 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+# encoding: utf-8
+require "logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars"
+require "java"

data/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec ADDED Viewed

@@ -0,0 +1,22 @@
+# AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
+Gem::Specification.new do |s|
+  s.name            = 'microsoft-sentinel-log-analytics-logstash-output-plugin'
+  s.version         = '2.2.1'
+  s.licenses        = ['Apache-2.0']
+  s.summary         = 'Microsoft Sentinel Log Analytics output plugin'
+  s.description     = 'Microsoft Sentinel provides a new output plugin for Logstash. Use this output plugin to send any log via Logstash to the Microsoft Sentinel/Log Analytics workspace. This is done with the Log Analytics DCR-based API.'
+  s.authors         = ['Microsoft']
+  s.email           = ['msg-ucp@service.microsoft.com']
+  s.platform        = 'java'
+  s.require_paths   = ['lib', 'vendor/jar-dependencies']
+  s.files = Dir["lib/**/*","*.gemspec","*.md","CONTRIBUTORS","Gemfile","LICENSE","NOTICE.TXT", "vendor/jar-dependencies/**/*.jar", "vendor/jar-dependencies/**/*.rb", "VERSION", "docs/**/*"]
+  # Special flag to let us know this is actually a logstash plugin
+  s.metadata = { 'logstash_plugin' => 'true', 'logstash_group' => 'output', 'java_plugin' => 'true'}
+  # Gem dependencies
+  s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
+  s.add_runtime_dependency 'jar-dependencies'
+  s.add_development_dependency 'logstash-devutils'
+end

data/vendor/jar-dependencies/org/logstashplugins/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin/2.2.1/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin-2.2.1.jar ADDED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: microsoft-sentinel-log-analytics-logstash-output-plugin
 version: !ruby/object:Gem::Version
-  version: 1.1.4
-platform: ruby
+  version: 2.2.1
+platform: java
 authors:
-- Microsoft Sentinel
+- Microsoft
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-12-10 00:00:00.000000000 Z
+date: 2026-05-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -36,7 +36,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  name: logstash-codec-plain
+  name: jar-dependencies
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -44,26 +44,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.88.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
-  name: excon
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: 0.88.0
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: 1.0.0
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
     requirements:
@@ -81,38 +61,33 @@ dependencies:
 description: Microsoft Sentinel provides a new output plugin for Logstash. Use this
   output plugin to send any log via Logstash to the Microsoft Sentinel/Log Analytics
   workspace. This is done with the Log Analytics DCR-based API.
-email: AzureSentinel@microsoft.com
+email:
+- msg-ucp@service.microsoft.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
 - CHANGELOG.md
 - Gemfile
-- LICENSE
 - README.md
+- VERSION
+- lib/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars.rb
 - lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb
-- lib/logstash/sentinel_la/customSizeBasedBuffer.rb
-- lib/logstash/sentinel_la/eventsHandler.rb
-- lib/logstash/sentinel_la/logAnalyticsAadTokenProvider.rb
-- lib/logstash/sentinel_la/logAnalyticsClient.rb
-- lib/logstash/sentinel_la/logStashAutoResizeBuffer.rb
-- lib/logstash/sentinel_la/logStashCompressedStream.rb
-- lib/logstash/sentinel_la/logStashEventsBatcher.rb
-- lib/logstash/sentinel_la/logsSender.rb
-- lib/logstash/sentinel_la/logstashLoganalyticsConfiguration.rb
-- lib/logstash/sentinel_la/sampleFileCreator.rb
-- lib/logstash/sentinel_la/version.rb
-- microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec
-homepage: https://github.com/Azure/Azure-Sentinel
+- lib/logstash_registry.rb
+- logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec
+- vendor/jar-dependencies/org/logstashplugins/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin/2.2.1/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin-2.2.1.jar
+homepage:
 licenses:
-- MIT
+- Apache-2.0
 metadata:
   logstash_plugin: 'true'
   logstash_group: output
+  java_plugin: 'true'
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
+- vendor/jar-dependencies
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
@@ -127,7 +102,5 @@ requirements: []
 rubygems_version: 3.3.26
 signing_key:
 specification_version: 4
-summary: Microsoft Sentinel provides a new output plugin for Logstash. Use this output
-  plugin to send any log via Logstash to the Microsoft Sentinel/Log Analytics workspace.
-  This is done with the Log Analytics DCR-based API.
+summary: Microsoft Sentinel Log Analytics output plugin
 test_files: []

data/LICENSE DELETED Viewed

@@ -1,21 +0,0 @@
-MIT License
-Copyright (c) Microsoft Corporation. All rights reserved.
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE

data/lib/logstash/sentinel_la/customSizeBasedBuffer.rb DELETED Viewed

@@ -1,293 +0,0 @@
-  # This code is from a PR for the official repo of ruby-stud
-  # with a small change to calculating the event size in the var_size function
-  # https://github.com/jordansissel/ruby-stud/pull/19
-  #
-  # @author {Alex Dean}[http://github.com/alexdean]
-  #
-  # Implements a generic framework for accepting events which are later flushed
-  # in batches. Flushing occurs whenever +:max_items+ or +:max_interval+ (seconds)
-  # has been reached or if the event size outgrows +:flush_each+ (bytes)
-  #
-  # Including class must implement +flush+, which will be called with all
-  # accumulated items either when the output buffer fills (+:max_items+ or
-  # +:flush_each+) or when a fixed amount of time (+:max_interval+) passes.
-  #
-  # == batch_receive and flush
-  # General receive/flush can be implemented in one of two ways.
-  #
-  # === batch_receive(event) / flush(events)
-  # +flush+ will receive an array of events which were passed to +buffer_receive+.
-  #
-  #   batch_receive('one')
-  #   batch_receive('two')
-  #
-  # will cause a flush invocation like
-  #
-  #   flush(['one', 'two'])
-  #
-  # === batch_receive(event, group) / flush(events, group)
-  # flush() will receive an array of events, plus a grouping key.
-  #
-  #   batch_receive('one',   :server => 'a')
-  #   batch_receive('two',   :server => 'b')
-  #   batch_receive('three', :server => 'a')
-  #   batch_receive('four',  :server => 'b')
-  #
-  # will result in the following flush calls
-  #
-  #   flush(['one', 'three'], {:server => 'a'})
-  #   flush(['two', 'four'],  {:server => 'b'})
-  #
-  # Grouping keys can be anything which are valid Hash keys. (They don't have to
-  # be hashes themselves.) Strings or Fixnums work fine. Use anything which you'd
-  # like to receive in your +flush+ method to help enable different handling for
-  # various groups of events.
-  #
-  # == on_flush_error
-  # Including class may implement +on_flush_error+, which will be called with an
-  # Exception instance whenever buffer_flush encounters an error.
-  #
-  # * +buffer_flush+ will automatically re-try failed flushes, so +on_flush_error+
-  #   should not try to implement retry behavior.
-  # * Exceptions occurring within +on_flush_error+ are not handled by
-  #   +buffer_flush+.
-  #
-  # == on_full_buffer_receive
-  # Including class may implement +on_full_buffer_receive+, which will be called
-  # whenever +buffer_receive+ is called while the buffer is full.
-  #
-  # +on_full_buffer_receive+ will receive a Hash like <code>{:pending => 30,
-  # :outgoing => 20}</code> which describes the internal state of the module at
-  # the moment.
-  #
-  # == final flush
-  # Including class should call <code>buffer_flush(:final => true)</code>
-  # during a teardown/shutdown routine (after the last call to buffer_receive)
-  # to ensure that all accumulated messages are flushed.
-  module LogStash; module Outputs; class MicrosoftSentinelOutputInternal
-  module CustomSizeBasedBuffer
-    public
-    # Initialize the buffer.
-    #
-    # Call directly from your constructor if you wish to set some non-default
-    # options. Otherwise buffer_initialize will be called automatically during the
-    # first buffer_receive call.
-    #
-    # Options:
-    # * :max_items, Max number of items to buffer before flushing. Default 50.
-    # * :flush_each, Flush each bytes of buffer. Default 0 (no flushing fired by
-    #                a buffer size).
-    # * :max_interval, Max number of seconds to wait between flushes. Default 5.
-    # * :logger, A logger to write log messages to. No default. Optional.
-    #
-    # @param [Hash] options
-    def buffer_initialize(options={})
-      if ! self.class.method_defined?(:flush)
-        raise ArgumentError, "Any class including Stud::Buffer must define a flush() method."
-      end
-      @buffer_config = {
-        :max_items => options[:max_items] || 50,
-        :flush_each => options[:flush_each].to_i || 0,
-        :max_interval => options[:max_interval] || 5,
-        :logger => options[:logger] || nil,
-        :has_on_flush_error => self.class.method_defined?(:on_flush_error),
-        :has_on_full_buffer_receive => self.class.method_defined?(:on_full_buffer_receive)
-      }
-      @buffer_state = {
-        # items accepted from including class
-        :pending_items => {},
-        :pending_count => 0,
-        :pending_size => 0,
-        # guard access to pending_items & pending_count & pending_size
-        :pending_mutex => Mutex.new,
-        # items which are currently being flushed
-        :outgoing_items => {},
-        :outgoing_count => 0,
-        :outgoing_size => 0,
-        # ensure only 1 flush is operating at once
-        :flush_mutex => Mutex.new,
-        # data for timed flushes
-        :last_flush => Time.now.to_i,
-        :timer => Thread.new do
-          loop do
-            sleep(@buffer_config[:max_interval])
-            buffer_flush(:force => true)
-          end
-        end
-      }
-      # events we've accumulated
-      buffer_clear_pending
-    end
-    # Determine if +:max_items+ or +:flush_each+ has been reached.
-    #
-    # buffer_receive calls will block while <code>buffer_full? == true</code>.
-    #
-    # @return [bool] Is the buffer full?
-    def buffer_full?
-      (@buffer_state[:pending_count] + @buffer_state[:outgoing_count] >= @buffer_config[:max_items]) || \
-      (@buffer_config[:flush_each] != 0 && @buffer_state[:pending_size] + @buffer_state[:outgoing_size] >= @buffer_config[:flush_each])
-    end
-    # Save an event for later delivery
-    #
-    # Events are grouped by the (optional) group parameter you provide.
-    # Groups of events, plus the group name, are later passed to +flush+.
-    #
-    # This call will block if +:max_items+ or +:flush_each+ has been reached.
-    #
-    # @see Stud::Buffer The overview has more information on grouping and flushing.
-    #
-    # @param event An item to buffer for flushing later.
-    # @param group Optional grouping key. All events with the same key will be
-    #              passed to +flush+ together, along with the grouping key itself.
-    def buffer_receive(event, group=nil)
-      buffer_initialize if ! @buffer_state
-      # block if we've accumulated too many events
-      while buffer_full? do
-        on_full_buffer_receive(
-          :pending => @buffer_state[:pending_count],
-          :outgoing => @buffer_state[:outgoing_count]
-        ) if @buffer_config[:has_on_full_buffer_receive]
-        sleep 0.1
-      end
-      @buffer_state[:pending_mutex].synchronize do
-        @buffer_state[:pending_items][group] << event
-        @buffer_state[:pending_count] += 1
-        @buffer_state[:pending_size] += var_size(event) if @buffer_config[:flush_each] != 0
-      end
-      buffer_flush
-    end
-    # Try to flush events.
-    #
-    # Returns immediately if flushing is not necessary/possible at the moment:
-    # * :max_items or :flush_each have not been accumulated
-    # * :max_interval seconds have not elapased since the last flush
-    # * another flush is in progress
-    #
-    # <code>buffer_flush(:force => true)</code> will cause a flush to occur even
-    # if +:max_items+ or +:flush_each+ or +:max_interval+ have not been reached. A forced flush
-    # will still return immediately (without flushing) if another flush is
-    # currently in progress.
-    #
-    # <code>buffer_flush(:final => true)</code> is identical to <code>buffer_flush(:force => true)</code>,
-    # except that if another flush is already in progress, <code>buffer_flush(:final => true)</code>
-    # will block/wait for the other flush to finish before proceeding.
-    #
-    # @param [Hash] options Optional. May be <code>{:force => true}</code> or <code>{:final => true}</code>.
-    # @return [Fixnum] The number of items successfully passed to +flush+.
-    def buffer_flush(options={})
-      force = options[:force] || options[:final]
-      final = options[:final]
-      # final flush will wait for lock, so we are sure to flush out all buffered events
-      if options[:final]
-        @buffer_state[:flush_mutex].lock
-      elsif ! @buffer_state[:flush_mutex].try_lock # failed to get lock, another flush already in progress
-        return 0
-      end
-      items_flushed = 0
-      begin
-        return 0 if @buffer_state[:pending_count] == 0
-        # compute time_since_last_flush only when some item is pending
-        time_since_last_flush = get_time_since_last_flush
-        return 0 if (!force) &&
-           (@buffer_state[:pending_count] < @buffer_config[:max_items]) &&
-           (@buffer_config[:flush_each] == 0 || @buffer_state[:pending_size] < @buffer_config[:flush_each]) &&
-           (time_since_last_flush < @buffer_config[:max_interval])
-        @buffer_state[:pending_mutex].synchronize do
-          @buffer_state[:outgoing_items] = @buffer_state[:pending_items]
-          @buffer_state[:outgoing_count] = @buffer_state[:pending_count]
-          @buffer_state[:outgoing_size] = @buffer_state[:pending_size]
-          buffer_clear_pending
-        end
-        @buffer_config[:logger].debug("Flushing output",
-          :outgoing_count => @buffer_state[:outgoing_count],
-          :time_since_last_flush => time_since_last_flush,
-          :outgoing_events => @buffer_state[:outgoing_items],
-          :batch_timeout => @buffer_config[:max_interval],
-          :force => force,
-          :final => final
-        ) if @buffer_config[:logger]
-        @buffer_state[:outgoing_items].each do |group, events|
-          begin
-            if group.nil?
-              flush(events,final)
-            else
-              flush(events, group, final)
-            end
-            @buffer_state[:outgoing_items].delete(group)
-            events_size = events.size
-            @buffer_state[:outgoing_count] -= events_size
-            if @buffer_config[:flush_each] != 0
-              events_volume = 0
-              events.each do |event|
-                events_volume += var_size(event)
-              end
-              @buffer_state[:outgoing_size] -= events_volume
-            end
-            items_flushed += events_size
-          rescue => e
-            @buffer_config[:logger].warn("Failed to flush outgoing items",
-              :outgoing_count => @buffer_state[:outgoing_count],
-              :exception => e,
-              :backtrace => e.backtrace
-            ) if @buffer_config[:logger]
-            if @buffer_config[:has_on_flush_error]
-              on_flush_error e
-            end
-            sleep 1
-            retry
-          end
-          @buffer_state[:last_flush] = Time.now.to_i
-        end
-      ensure
-        @buffer_state[:flush_mutex].unlock
-      end
-      return items_flushed
-    end
-    private
-    def buffer_clear_pending
-      @buffer_state[:pending_items] = Hash.new { |h, k| h[k] = [] }
-      @buffer_state[:pending_count] = 0
-      @buffer_state[:pending_size] = 0
-    end
-    private
-    def var_size(var)
-        # Calculate event size as a json.
-        # assuming event is a hash
-       return var.to_json.bytesize + 2
-    end
-    protected
-    def get_time_since_last_flush
-      Time.now.to_i - @buffer_state[:last_flush]
-    end
-  end
-end ;end ;end

data/lib/logstash/sentinel_la/eventsHandler.rb DELETED Viewed

@@ -1,58 +0,0 @@
-# encoding: utf-8
-require "logstash/sentinel_la/logstashLoganalyticsConfiguration"
-module LogStash
-  module Outputs
-    class MicrosoftSentinelOutputInternal
-      class EventsHandler
-        def initialize(logstashLogAnalyticsConfiguration)
-          @logstashLogAnalyticsConfiguration = logstashLogAnalyticsConfiguration
-          @logger = logstashLogAnalyticsConfiguration.logger
-          @key_names = logstashLogAnalyticsConfiguration.key_names
-          @columns_to_modify = {"@timestamp" => "ls_timestamp", "@version" => "ls_version"}
-        end
-        def handle_events(events)
-          raise "Method handle_events not implemented"
-        end
-        def close
-          raise "Method close not implemented"
-        end
-        # In case that the user has defined key_names meaning that he would like to a subset of the data,
-        # we would like to insert only those keys.
-        # If no keys were defined we will send all the data
-        def create_event_document(event)
-          document = {}
-          event_hash = event.to_hash
-          @columns_to_modify.each {|original_key, new_key|
-            if event_hash.has_key?(original_key)
-              event_hash[new_key] = event_hash[original_key]
-              event_hash.delete(original_key)
-            end
-          }
-          if @key_names.length > 0
-            # Get the intersection of key_names and keys of event_hash
-            keys_intersection = @key_names & event_hash.keys
-            keys_intersection.each do |key|
-              document[key] = event_hash[key]
-            end
-            if document.keys.length < 1
-              @logger.warn("No keys found, message is dropped. Plugin keys: #{@key_names}, Event keys: #{event_hash}. The event message do not match event expected structre. Please edit key_names section in output plugin and try again.")
-            end
-          else
-            document = event_hash
-          end
-          return document
-        end
-        # def create_event_document
-      end
-    end
-  end
-end