microsoft-sentinel-log-analytics-logstash-output-plugin 2.1.2-java → 2.2.0-java

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 16ae1363dac1277cccd578f81efa97f07ca0481f76e68a993222662ebb3c6d0f
-  data.tar.gz: d96abddda1956f691433970eb1497b3438b748f86e8e5e65767091de39b8d9d8
+  metadata.gz: 0f77b193c8121a3b1e99f505cbf101c5f882f8bc307c7e44d5d23c26775230a3
+  data.tar.gz: d4ad2452b52b6c7e17e7ee60264eece406f38a45f0be65c84fea33e770134d6c
 SHA512:
-  metadata.gz: e35270e4da2ecf50d0f2e93de74a7591b6afe41ed4f50c95b57a4c7fef596b46fe73de45767f9d32d589a3ce35ec8655e7f05fe946d1e1f708a544d1c72b7ebb
-  data.tar.gz: bcd085a506738868cc57134584090e265cffdd8e9f36fd687f53a0ed8d8ecc5dfa2c69b0ce839d50bf648b4c8a970476b869c7a0b6c5deef40e03396750bea3a
+  metadata.gz: 1994c3752c45290802f5979b00ca25ac27e3bf3d5dd6237741ff29332077b255f433857ab3485c57cccdf2f402a2d7efd25b357b61ead3eb3dcb26515e4a9a22
+  data.tar.gz: cd681f40f8fa06b4eda60015052cd247904acdaefea5dc9294cdb017b64ffa30b10f15d47dfab9b539714cfd7f14d7fa4dd6c39893c12e56bb8bd750678c83d2

data/README.md

@@ -3,8 +3,8 @@
 Microsoft Sentinel provides a new output plugin for Logstash. Use this output plugin to send any log via Logstash to the Microsoft Sentinel/Log Analytics workspace. This is done with the Log Analytics DCR-based API.
 You may send logs to custom or standard tables.  
 
-Plugin version: v2.1.0  
-Released on: 2026-03-30  
+Plugin version: v2.2.0  
+Released on: 2026-05-04  
 
 This plugin is currently in development and is free to use. We request and appreciate feedback from users.  
 
@@ -94,7 +94,7 @@ To configure Microsoft Sentinel Logstash plugin you first need to create the DCR
 
 *Note:* The identity (service principal or managed identity) must have the **Monitoring Metrics Publisher** role on the target DCR:  
 
-    ```
+    ```bash
     az role assignment create \
       --assignee <object-id-of-identity> \
       --role "Monitoring Metrics Publisher" \
@@ -124,7 +124,7 @@ The plugin auto-detects the auth method based on which config values are present
 
 Provide `client_id`, `client_secret`, and `tenant_id` for your Azure App Registration / service principal.  
 
-    ```
+    ```logstash
     output {
       microsoft-sentinel-log-analytics-logstash-output-plugin {
         data_collection_endpoint => "https://<your-dce-name>.<region>.ingest.monitor.azure.com"
@@ -142,7 +142,7 @@ Provide `client_id`, `client_secret`, and `tenant_id` for your Azure App Registr
 
 When running on an Azure VM with a system-assigned managed identity, omit `client_id`, `client_secret`, and `tenant_id`. The plugin will automatically use the VM's managed identity.  
 
-    ```
+    ```logstash
     output {
       microsoft-sentinel-log-analytics-logstash-output-plugin {
         data_collection_endpoint => "https://<your-dce-name>.<region>.ingest.monitor.azure.com"
@@ -156,7 +156,7 @@ When running on an Azure VM with a system-assigned managed identity, omit `clien
 
 To authenticate against a sovereign cloud, add `azure_cloud`. Supported values: `AzurePublicCloud` (default), `AzureUSGovernment`, `AzureChinaCloud`, `AzureGermanyCloud`.  
 
-    ```
+    ```logstash
     output {
       microsoft-sentinel-log-analytics-logstash-output-plugin {
         data_collection_endpoint => "https://<your-dce-ingestion-endpoint>"
@@ -172,7 +172,7 @@ To authenticate against a sovereign cloud, add `azure_cloud`. Supported values:
 
 #### Option 4: Managed Identity + Sovereign Cloud
 
-    ```
+    ```logstash
     output {
       microsoft-sentinel-log-analytics-logstash-output-plugin {
         data_collection_endpoint => "https://<your-dce-ingestion-endpoint>"
@@ -192,7 +192,7 @@ Security notice: We recommend not to implicitly state client_id, client_secret,
 
 A complete `logstash.conf` using client secret auth with a Beats input:  
 
-    ```
+    ```logstash
     input {
       beats {
         port => 5044
@@ -225,6 +225,10 @@ A complete `logstash.conf` using client secret auth with a Beats input:
 | `initial_wait_time_seconds` | `1` | Initial backoff between retries |  
 | `max_graceful_shutdown_time_seconds` | `60` | Max wait for graceful shutdown |  
 | `max_waiting_time_for_batch_seconds` | `10` | Max wait before flushing a batch |  
+| `max_waiting_for_unifier_time_seconds` | `10` | Max wait before flushing the unifier |  
+| `max_batch_size` | `10000` | Maximum number of events per batch. When a batch reaches this size it is flushed immediately, regardless of the time window |  
+| `input_queue_capacity` | `50000` | Maximum capacity of the input queue. Bounds memory usage under high-volume ingestion. When full, back-pressure is applied to the Logstash pipeline |  
+| `internal_queue_capacity` | `500` | Maximum capacity of the internal queues between batcher, unifier, and sender workers. Bounds memory usage for in-flight batches |  
 | `worker_sleep_time_millis` | `10` | Delay between worker iterations |  
 | `batcher_workers_count` | *(auto)* | Number of batcher threads |  
 | `sender_workers_count` | *(auto)* | Number of sender threads |  
@@ -239,7 +243,7 @@ When using Logstash installed on a Docker image of Lite Ubuntu, the following wa
     ```
 
 To resolve it, use the following commands to install the *netbase* package within your Dockerfile:  
-    ```
+    ```bash
     USER root
     RUN apt install netbase -y
     ```

data/VERSION

@@ -1 +1 @@
-2.1.2
+2.2.0

data/lib/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin_jars.rb

@@ -2,4 +2,4 @@
 # encoding: utf-8
 
 require 'jar_dependencies'
-require_jar('org.logstashplugins', 'logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin', '2.1.2')
+require_jar('org.logstashplugins', 'logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin', '2.2.0')

data/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec

@@ -1,7 +1,7 @@
 # AUTOGENERATED BY THE GRADLE SCRIPT. EDITS WILL BE OVERWRITTEN.
 Gem::Specification.new do |s|
   s.name            = 'microsoft-sentinel-log-analytics-logstash-output-plugin'
-  s.version         = '2.1.2'
+  s.version         = '2.2.0'
   s.licenses        = ['Apache-2.0']
   s.summary         = 'Microsoft Sentinel Log Analytics output plugin'
   s.description     = 'Microsoft Sentinel provides a new output plugin for Logstash. Use this output plugin to send any log via Logstash to the Microsoft Sentinel/Log Analytics workspace. This is done with the Log Analytics DCR-based API.'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: microsoft-sentinel-log-analytics-logstash-output-plugin
 version: !ruby/object:Gem::Version
-  version: 2.1.2
+  version: 2.2.0
 platform: java
 authors:
 - Microsoft
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-04-29 00:00:00.000000000 Z
+date: 2026-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   requirement: !ruby/object:Gem::Requirement
@@ -74,7 +74,7 @@ files:
 - lib/logstash/outputs/microsoft-sentinel-log-analytics-logstash-output-plugin.rb
 - lib/logstash_registry.rb
 - logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin.gemspec
-- vendor/jar-dependencies/org/logstashplugins/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin/2.1.2/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin-2.1.2.jar
+- vendor/jar-dependencies/org/logstashplugins/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin/2.2.0/logstash-output-microsoft-sentinel-log-analytics-logstash-output-plugin-2.2.0.jar
 homepage:
 licenses:
 - Apache-2.0