sentinelblue-logstash-output-azure-loganalytics 1.1.1 → 1.1.3.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41e20d6292a1fe6e9b70ce0860be3f92dd47b6a90ddbb6d5ee87f7335fb30270
-  data.tar.gz: bbfd6a8f894905f0f2e2e04fdcb3daa034f04047c5f847e26817670ee8cf58f3
+  metadata.gz: 8a6135d1df0d5d38a762d443acea323b7cca725c3a381a4782137e5da06c1830
+  data.tar.gz: 74141b9a0d28b93e623e1da575243ea94ffdf2f2baf4527102ff5e21297fc643
 SHA512:
-  metadata.gz: 269d4146de6a9bdbd206f76c2d8c2563093cfb71c43a5d1660e429816d5e6577e4610987ce9b2c63f545efe385beaa1b394b0f26f7017a6ca43e9ca6e95195fa
-  data.tar.gz: 78984fe0392d030f17f1842738371c875fc7478db115fc1f0f8a42769210ce0a7e5f277aab641f63e06ab267db55b1016b6d280bcd9c21e6c2c90e887d88dc5d
+  metadata.gz: a0142efda4fff94c1bc7a46865674c27cf68e23b46e32789257c4b4bb686f574bc8397adb7da3a54861b6dc70c1b87eea3e5b9a4abf3ec20a7db567fefb58a45
+  data.tar.gz: 0b8f6ca5ba27907346cd8fe31a9965e4e301ae0772324fb2407fb1434ac0ad26b9afee5838320bcfd7ee167b667ef43a398693ca9e125438406476b77bf4cbd9

data/CHANGELOG.md

@@ -5,3 +5,11 @@
 ## 1.1.1
 
 * Updated strings to reference Sentinel Blue
+
+## 1.1.2
+
+* Enhanced error checking 
+
+## 1.1.3
+
+* Renamed classes to avoid conflict with microsoft-logstash-output-azure-loganalytics plugin

data/README.md

@@ -1,30 +1,35 @@
 # Sentinel Blue Azure Log Analytics output plugin for Logstash
 
-Azure Sentinel provides an output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace
-Today you will be able to send messages to custom logs table that you will define in the output plugin.
-[Getting started with Logstash](<https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html>)
+Sentinel Blue provides an updated output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace using dynamic custom table names.
+
+This allows you to set your destination table in your filtering process and reference it in the output plugin. The original plugin functionality has been preserved as well.
 
 Azure Sentinel output plugin uses the rest API integration to Log Analytics, in order to ingest the logs into custom logs tables [What are custom logs tables](<https://docs.microsoft.com/azure/azure-monitor/platform/data-sources-custom-logs>)
 
 This plugin is based on the original provided by the Azure Sentinel team. View the original plugin here: <https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/microsoft-logstash-output-azure-loganalytics>
 
 ```text
-Plugin version: v1.1.1
-Released on: 2022-10-20
+Plugin version: v1.1.2.rc1
+Released on: 2022-10-28
 ```
 
 This plugin is currently in development and is free to use. We welcome contributions from the open source community on this project, and we request and appreciate feedback from users.
 
+<https://rubygems.org/gems/sentinelblue-logstash-output-azure-loganalytics>
+
 ## Support
 
 For issues regarding the output plugin please open a support issue here. Create a new issue describing the problem so that we can assist you.
 
 ## Installation
 
-Azure Sentinel provides Logstash an output plugin to Log analytics workspace.
 Install the sentinelblue-logstash-output-azure-loganalytics, use [Logstash Working with plugins](<https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html>) document.
 For offline setup follow [Logstash Offline Plugin Management instruction](<https://www.elastic.co/guide/en/logstash/current/offline-plugins.html>).
 
+```bash
+logstash-plugin install sentinelblue-logstash-output-azure-loganalytics
+```
+
 Required Logstash version: between 7.0+
 
 ## Configuration

data/VERSION

@@ -1 +1 @@
-1.1.1
+1.1.3.rc1

data/lib/logstash/{logAnalyticsClient/logAnalyticsClient.rb → azureLAClasses/azureLAClient.rb}

@@ -1,18 +1,18 @@
 # encoding: utf-8
-require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
+require "logstash/azureLAClasses/logAnalyticsConfiguration"
 require 'rest-client'
 require 'json'
 require 'openssl'
 require 'base64'
 require 'time'
 
-class LogAnalyticsClient
+class AzureLAClient
   API_VERSION = '2016-04-01'.freeze
 
-  def initialize (logstashLoganalyticsConfiguration)
-    @logstashLoganalyticsConfiguration = logstashLoganalyticsConfiguration
-    set_proxy(@logstashLoganalyticsConfiguration.proxy)
-    @uri = sprintf("https://%s.%s/api/logs?api-version=%s", @logstashLoganalyticsConfiguration.workspace_id, @logstashLoganalyticsConfiguration.endpoint, API_VERSION)
+  def initialize (logAnalyticsConfiguration)
+    @logAnalyticsConfiguration = logAnalyticsConfiguration
+    set_proxy(@logAnalyticsConfiguration.proxy)
+    @uri = sprintf("https://%s.%s/api/logs?api-version=%s", @logAnalyticsConfiguration.workspace_id, @logAnalyticsConfiguration.endpoint, API_VERSION)
   end # def initialize
 
 
@@ -39,8 +39,8 @@ class LogAnalyticsClient
       'Authorization' => signature(date, body_bytesize_length),
       'Log-Type' => custom_table_name,
       'x-ms-date' => date,
-      'time-generated-field' =>  @logstashLoganalyticsConfiguration.time_generated_field,
-      'x-ms-AzureResourceId' => @logstashLoganalyticsConfiguration.azure_resource_id
+      'time-generated-field' =>  @logAnalyticsConfiguration.time_generated_field,
+      'x-ms-AzureResourceId' => @logAnalyticsConfiguration.azure_resource_id
     }
   end # def get_header
 
@@ -61,10 +61,10 @@ class LogAnalyticsClient
   def signature(date, body_bytesize_length)
     sigs = sprintf("POST\n%d\napplication/json\nx-ms-date:%s\n/api/logs", body_bytesize_length, date)
     utf8_sigs = sigs.encode('utf-8')
-    decoded_shared_key = Base64.decode64(@logstashLoganalyticsConfiguration.workspace_key)
+    decoded_shared_key = Base64.decode64(@logAnalyticsConfiguration.workspace_key)
     hmac_sha256_sigs = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), decoded_shared_key, utf8_sigs)
     encoded_hash = Base64.encode64(hmac_sha256_sigs)
-    authorization = sprintf("SharedKey %s:%s", @logstashLoganalyticsConfiguration.workspace_id, encoded_hash)
+    authorization = sprintf("SharedKey %s:%s", @logAnalyticsConfiguration.workspace_id, encoded_hash)
     
     return authorization
   end # def signature

data/lib/logstash/{logAnalyticsClient/logStashAutoResizeBuffer.rb → azureLAClasses/logAnalyticsAutoResizeBuffer.rb}

@@ -1,23 +1,23 @@
 # encoding: utf-8
 require "stud/buffer"
-require "logstash/logAnalyticsClient/logAnalyticsClient"
+require "logstash/azureLAClasses/azureLAClient"
 require "stud/buffer"
-require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
+require "logstash/azureLAClasses/logAnalyticsConfiguration"
 
-# LogStashAutoResizeBuffer class setting a resizable buffer which is flushed periodically
+# LogAnalyticsAutoResizeBuffer class setting a resizable buffer which is flushed periodically
 # The buffer resize itself according to Azure Loganalytics  and configuration limitations
-class LogStashAutoResizeBuffer
+class LogAnalyticsAutoResizeBuffer
     include Stud::Buffer
 
-    def initialize(logstashLoganalyticsConfiguration,custom_table_name)
-        @logstashLoganalyticsConfiguration = logstashLoganalyticsConfiguration
-        @logger = @logstashLoganalyticsConfiguration.logger
+    def initialize(logAnalyticsConfiguration,custom_table_name)
+        @logAnalyticsConfiguration = logAnalyticsConfiguration
+        @logger = @logAnalyticsConfiguration.logger
         @custom_log_table_name = custom_table_name
-        @client=LogAnalyticsClient::new(logstashLoganalyticsConfiguration)
+        @client=AzureLAClient::new(logAnalyticsConfiguration)
         buffer_initialize(
-          :max_items => logstashLoganalyticsConfiguration.max_items,
-          :max_interval => logstashLoganalyticsConfiguration.plugin_flush_interval,
-          :logger => @logstashLoganalyticsConfiguration.logger
+          :max_items => logAnalyticsConfiguration.max_items,
+          :max_interval => logAnalyticsConfiguration.plugin_flush_interval,
+          :logger => @logAnalyticsConfiguration.logger
         )
     end # initialize
 
@@ -41,7 +41,7 @@ class LogStashAutoResizeBuffer
         # We send Json in the REST request 
         documents_json = documents.to_json
         # Setting resizing to true will cause changing the max size
-        if @logstashLoganalyticsConfiguration.amount_resizing == true
+        if @logAnalyticsConfiguration.amount_resizing == true
             # Resizing the amount of messages according to size of message received and amount of messages
             change_message_limit_size(documents.length, documents_json.bytesize)
         end
@@ -60,12 +60,12 @@ class LogStashAutoResizeBuffer
                 @logger.info("Successfully posted #{amount_of_documents} logs into custom log analytics table[#{@custom_log_table_name}].")
             else
                 @logger.error("DataCollector API request failure: error code: #{response.code}, data=>" + (documents.to_json).to_s)
-                resend_message(documents_json, amount_of_documents, @logstashLoganalyticsConfiguration.retransmission_time)
+                resend_message(documents_json, amount_of_documents, @logAnalyticsConfiguration.retransmission_time)
             end
             rescue Exception => ex
-                @logger.error("Exception in posting data to Azure Loganalytics.\n[Exception: '#{ex}]'")
+                @logger.error("Exception in posting data to Azure Loganalytics. [Exception: '#{ex}]'")
                 @logger.trace("Exception in posting data to Azure Loganalytics.[amount_of_documents=#{amount_of_documents} documents=#{documents_json}]")
-                resend_message(documents_json, amount_of_documents, @logstashLoganalyticsConfiguration.retransmission_time)
+                resend_message(documents_json, amount_of_documents, @logAnalyticsConfiguration.retransmission_time)
             end
     end # end send_message_to_loganalytics
 
@@ -73,19 +73,19 @@ class LogStashAutoResizeBuffer
     # We would like to do it until we reached to the duration 
     def resend_message(documents_json, amount_of_documents, remaining_duration)
         if remaining_duration > 0
-            @logger.info("Resending #{amount_of_documents} documents as log type #{@custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
-            sleep @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY
+            @logger.info("Resending #{amount_of_documents} documents as log type #{@custom_log_table_name} to DataCollector API in #{@logAnalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
+            sleep @logAnalyticsConfiguration.RETRANSMISSION_DELAY
             begin
                 response = @client.post_data(documents_json,@custom_log_table_name)
                 if is_successfully_posted(response)
                     @logger.info("Successfully sent #{amount_of_documents} logs into custom log analytics table[#{@custom_log_table_name}] after resending.")
                 else
-                    @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
-                    resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
+                    @logger.debug("Resending #{amount_of_documents} documents failed (error code #{response.code}), will try to resend for #{(remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY)}")
+                    resend_message(documents_json, amount_of_documents, (remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY))
                 end
             rescue Exception => ex
-                @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
-                resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
+                @logger.debug("Resending #{amount_of_documents} documents failed (Exception: '#{ex}'), will try to resend for #{(remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY)}")
+                resend_message(documents_json, amount_of_documents, (remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY))
             end
         else 
             @logger.error("Could not resend #{amount_of_documents} documents, message is dropped.")
@@ -99,23 +99,23 @@ class LogStashAutoResizeBuffer
     # Meaning that if we reached the max amount we would like to increase it.
     # Else we would like to decrease it(to reduce latency for messages)
     def change_message_limit_size(amount_of_documents, documents_byte_size)
-        new_buffer_size = @logstashLoganalyticsConfiguration.max_items
+        new_buffer_size = @logAnalyticsConfiguration.max_items
         average_document_size = documents_byte_size / amount_of_documents
         # If window is full we need to increase it 
         # "amount_of_documents" can be greater since buffer is not synchronized meaning 
         # that flush can occur after limit was reached.
-        if  amount_of_documents >= @logstashLoganalyticsConfiguration.max_items
+        if  amount_of_documents >= @logAnalyticsConfiguration.max_items
             # if doubling the size wouldn't exceed the API limit
-            if ((2 * @logstashLoganalyticsConfiguration.max_items) * average_document_size) < @logstashLoganalyticsConfiguration.MAX_SIZE_BYTES
-                new_buffer_size = 2 * @logstashLoganalyticsConfiguration.max_items
+            if ((2 * @logAnalyticsConfiguration.max_items) * average_document_size) < @logAnalyticsConfiguration.MAX_SIZE_BYTES
+                new_buffer_size = 2 * @logAnalyticsConfiguration.max_items
             else
-                new_buffer_size = (@logstashLoganalyticsConfiguration.MAX_SIZE_BYTES / average_document_size) -1000
+                new_buffer_size = (@logAnalyticsConfiguration.MAX_SIZE_BYTES / average_document_size) -1000
             end
 
         # We would like to decrease the window but not more then the MIN_MESSAGE_AMOUNT
         # We are trying to decrease it slowly to be able to send as much messages as we can in one window 
-        elsif amount_of_documents < @logstashLoganalyticsConfiguration.max_items and  @logstashLoganalyticsConfiguration.max_items != [(@logstashLoganalyticsConfiguration.max_items - @logstashLoganalyticsConfiguration.decrease_factor) ,@logstashLoganalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
-            new_buffer_size = [(@logstashLoganalyticsConfiguration.max_items - @logstashLoganalyticsConfiguration.decrease_factor) ,@logstashLoganalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
+        elsif amount_of_documents < @logAnalyticsConfiguration.max_items and  @logAnalyticsConfiguration.max_items != [(@logAnalyticsConfiguration.max_items - @logAnalyticsConfiguration.decrease_factor) ,@logAnalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
+            new_buffer_size = [(@logAnalyticsConfiguration.max_items - @logAnalyticsConfiguration.decrease_factor) ,@logAnalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
         end
 
         change_buffer_size(new_buffer_size)
@@ -128,7 +128,7 @@ class LogStashAutoResizeBuffer
         if @buffer_config[:max_items] != new_size
             old_buffer_size = @buffer_config[:max_items]
             @buffer_config[:max_items] = new_size
-            @logstashLoganalyticsConfiguration.max_items = new_size
+            @logAnalyticsConfiguration.max_items = new_size
             @logger.info("Changing buffer size.[configuration='#{old_buffer_size}' , new_size='#{new_size}']")
         else
             @logger.info("Buffer size wasn't changed.[configuration='#{old_buffer_size}' , new_size='#{new_size}']")
@@ -140,4 +140,4 @@ class LogStashAutoResizeBuffer
         return (response.code == 200) ? true : false
       end # def is_successfully_posted
 
-end # LogStashAutoResizeBuffer
+end # LogAnalyticsAutoResizeBuffer

data/lib/logstash/{logAnalyticsClient/logstashLoganalyticsConfiguration.rb → azureLAClasses/logAnalyticsConfiguration.rb}

@@ -1,8 +1,9 @@
 # encoding: utf-8
-class LogstashLoganalyticsOutputConfiguration
-    def initialize(workspace_id, workspace_key, logger)
+class LogAnalyticsConfiguration
+    def initialize(workspace_id, workspace_key, custom_log_table_name, logger)
         @workspace_id = workspace_id
         @workspace_key = workspace_key
+        @custom_log_table_name = custom_log_table_name
         @logger = logger
 
         # Delay between each resending of a message
@@ -24,8 +25,14 @@ class LogstashLoganalyticsOutputConfiguration
         elsif @max_items < @MIN_MESSAGE_AMOUNT
             raise ArgumentError, "Setting max_items to value must be greater then #{@MIN_MESSAGE_AMOUNT}."
 
-        elsif @workspace_id.empty? or @workspace_key.empty? 
-            raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key}]"
+        elsif @workspace_id.empty? or @workspace_key.empty? or @custom_log_table_name.empty?
+            raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key} , custom_log_table_name=#{@custom_log_table_name}]"
+
+        elsif !@custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/) and !@custom_log_table_name.match(/^%{((\[[\w_\-@]*\])*)([\w_\-@]*)}$/)
+            raise ArgumentError, "custom_log_table_name must be either a static name starting with a letter and consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}."
+
+        elsif @custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/) and @custom_log_table_name.length > 100
+            raise ArgumentError, "custom_log_table_name must not exceed 100 characters"
             
         elsif @key_names.length > 500
             raise ArgumentError, 'Azure Loganalytics limits the amount of columns to 500 in each table.' 
@@ -77,6 +84,10 @@ class LogstashLoganalyticsOutputConfiguration
         @workspace_key
     end
 
+    def custom_log_table_name
+        @custom_log_table_name
+    end
+
     def endpoint
         @endpoint
     end

data/lib/logstash/outputs/sentinelblue-logstash-output-azure-loganalytics.rb

@@ -2,8 +2,8 @@
 require "logstash/outputs/base"
 require "logstash/namespace"
 require "stud/buffer"
-require "logstash/logAnalyticsClient/logStashAutoResizeBuffer"
-require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
+require "logstash/azureLAClasses/logAnalyticsAutoResizeBuffer"
+require "logstash/azureLAClasses/logAnalyticsConfiguration"
 
 class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
 
@@ -70,7 +70,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
     # Initialize the logstash resizable buffer
     # This buffer will increase and decrease size according to the amount of messages inserted.
     # If the buffer reached the max amount of messages the amount will be increased until the limit
-    # @logstash_resizable_event_buffer=LogStashAutoResizeBuffer::new(@logstash_configuration)
+    # @logstash_resizable_event_buffer=LogAnalyticsAutoResizeBuffer::new(@logstash_configuration)
 
   end # def register
 
@@ -89,7 +89,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
       custom_table_name = ""
 
       # Check if the table name is static or dynamic
-      if @custom_log_table_name.match(/^[[:alpha:][:digit:]_]+$/)
+      if @custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/)
         # Table name is static.
         custom_table_name = @custom_log_table_name
 
@@ -100,28 +100,26 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
 
       else
         # Incorrect format
-        @logger.warn("custom_log_table_name must be either a static name consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}.")
+        @logger.error("custom_log_table_name must be either a static name consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}.")
         break
 
       end
 
       # Check that the table name is a string, exists, and is les than 100 characters
-      if !custom_table_name.is_a?(String)
-        @logger.warn("The custom table name must be a string. If you used a dynamic name from one of the log fields, make sure it is a string.")
-        break
+      if !custom_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/)
+        @logger.error("The custom table name must start with a letter and only consist of letters, numbers, and/or underscores (_). Also check the field name used. If it doesn't exist, you will also receive this error.")
+        next
         
       elsif custom_table_name.empty? or custom_table_name.nil?
-        @logger.warn("The custom table name is empty. If you used a dynamic name from one of the log fields, check that it exists.")
-        break
+        @logger.error("The custom table name is empty. Make sure the field you used always returns a table name.")
+        next
 
       elsif custom_table_name.length > 100
-        @logger.warn("The custom table name must not exceed 100 characters")
-        break
+        @logger.error("The custom table name must not exceed 100 characters")
+        next
 
       end
 
-      @logger.info("Custom table name #{custom_table_name} is valid")
-
       # Determine if there is a buffer for the given table
       if buffers.keys.include?(custom_table_name)
         @logger.trace("Adding event document - " + event.to_s)
@@ -129,7 +127,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
     
       else
         # If the buffer doesn't exist for the table, create one and add the document
-        buffers[custom_table_name] = LogStashAutoResizeBuffer::new(@logstash_configuration,custom_table_name)
+        buffers[custom_table_name] = LogAnalyticsAutoResizeBuffer::new(@logstash_configuration,custom_table_name)
         @logger.trace("Adding event document - " + event.to_s)
         buffers[custom_table_name].add_event_document(document)
 
@@ -165,9 +163,9 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
   end # def create_event_document
 
   # Building the logstash object configuration from the output configuration provided by the user
-  # Return LogstashLoganalyticsOutputConfiguration populated with the configuration values
+  # Return LogAnalyticsConfiguration populated with the configuration values
   def build_logstash_configuration()
-    logstash_configuration= LogstashLoganalyticsOutputConfiguration::new(@workspace_id, @workspace_key, @logger)    
+    logstash_configuration= LogAnalyticsConfiguration::new(@workspace_id, @workspace_key, @custom_log_table_name, @logger)    
     logstash_configuration.endpoint = @endpoint
     logstash_configuration.time_generated_field = @time_generated_field
     logstash_configuration.key_names = @key_names

data/sentinelblue-logstash-output-azure-loganalytics.gemspec

@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
   s.summary       = %q{Sentinel Blue provides a plugin outputing to Azure Sentinel for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace. You can utilize a dynamic table name during output to simplify complex table schemes.}
   s.description   = s.summary
   s.homepage      = "https://github.com/sentinelblue/sentinelblue-logstash-output-azure-loganalytics"
-  s.licenses      = ['Apache License (2.0)']
+  s.licenses      = ['Apache-2.0']
   s.require_paths = ["lib"]
 
   # Files

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sentinelblue-logstash-output-azure-loganalytics
 version: !ruby/object:Gem::Version
-  version: 1.1.1
+  version: 1.1.3.rc1
 platform: ruby
 authors:
 - Sentinel Blue
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-10-20 00:00:00.000000000 Z
+date: 2022-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rest-client
@@ -86,15 +86,15 @@ files:
 - LICENSE
 - README.md
 - VERSION
-- lib/logstash/logAnalyticsClient/logAnalyticsClient.rb
-- lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb
-- lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb
+- lib/logstash/azureLAClasses/azureLAClient.rb
+- lib/logstash/azureLAClasses/logAnalyticsAutoResizeBuffer.rb
+- lib/logstash/azureLAClasses/logAnalyticsConfiguration.rb
 - lib/logstash/outputs/sentinelblue-logstash-output-azure-loganalytics.rb
 - sentinelblue-logstash-output-azure-loganalytics.gemspec
 - spec/outputs/azure_loganalytics_spec.rb
 homepage: https://github.com/sentinelblue/sentinelblue-logstash-output-azure-loganalytics
 licenses:
-- Apache License (2.0)
+- Apache-2.0
 metadata:
   logstash_plugin: 'true'
   logstash_group: output
@@ -109,9 +109,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">="
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubygems_version: 3.3.7
 signing_key: