sentinelblue-logstash-output-azure-loganalytics 1.1.1 → 1.1.3.rc1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 41e20d6292a1fe6e9b70ce0860be3f92dd47b6a90ddbb6d5ee87f7335fb30270
4
- data.tar.gz: bbfd6a8f894905f0f2e2e04fdcb3daa034f04047c5f847e26817670ee8cf58f3
3
+ metadata.gz: 8a6135d1df0d5d38a762d443acea323b7cca725c3a381a4782137e5da06c1830
4
+ data.tar.gz: 74141b9a0d28b93e623e1da575243ea94ffdf2f2baf4527102ff5e21297fc643
5
5
  SHA512:
6
- metadata.gz: 269d4146de6a9bdbd206f76c2d8c2563093cfb71c43a5d1660e429816d5e6577e4610987ce9b2c63f545efe385beaa1b394b0f26f7017a6ca43e9ca6e95195fa
7
- data.tar.gz: 78984fe0392d030f17f1842738371c875fc7478db115fc1f0f8a42769210ce0a7e5f277aab641f63e06ab267db55b1016b6d280bcd9c21e6c2c90e887d88dc5d
6
+ metadata.gz: a0142efda4fff94c1bc7a46865674c27cf68e23b46e32789257c4b4bb686f574bc8397adb7da3a54861b6dc70c1b87eea3e5b9a4abf3ec20a7db567fefb58a45
7
+ data.tar.gz: 0b8f6ca5ba27907346cd8fe31a9965e4e301ae0772324fb2407fb1434ac0ad26b9afee5838320bcfd7ee167b667ef43a398693ca9e125438406476b77bf4cbd9
data/CHANGELOG.md CHANGED
@@ -5,3 +5,11 @@
5
5
  ## 1.1.1
6
6
 
7
7
  * Updated strings to reference Sentinel Blue
8
+
9
+ ## 1.1.2
10
+
11
+ * Enhanced error checking
12
+
13
+ ## 1.1.3
14
+
15
+ * Renamed classes to avoid conflict with microsoft-logstash-output-azure-loganalytics plugin
data/README.md CHANGED
@@ -1,30 +1,35 @@
1
1
  # Sentinel Blue Azure Log Analytics output plugin for Logstash
2
2
 
3
- Azure Sentinel provides an output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace
4
- Today you will be able to send messages to custom logs table that you will define in the output plugin.
5
- [Getting started with Logstash](<https://www.elastic.co/guide/en/logstash/current/getting-started-with-logstash.html>)
3
+ Sentinel Blue provides an updated output plugin for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace using dynamic custom table names.
4
+
5
+ This allows you to set your destination table in your filtering process and reference it in the output plugin. The original plugin functionality has been preserved as well.
6
6
 
7
7
  Azure Sentinel output plugin uses the rest API integration to Log Analytics, in order to ingest the logs into custom logs tables [What are custom logs tables](<https://docs.microsoft.com/azure/azure-monitor/platform/data-sources-custom-logs>)
8
8
 
9
9
  This plugin is based on the original provided by the Azure Sentinel team. View the original plugin here: <https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/microsoft-logstash-output-azure-loganalytics>
10
10
 
11
11
  ```text
12
- Plugin version: v1.1.1
13
- Released on: 2022-10-20
12
+ Plugin version: v1.1.2.rc1
13
+ Released on: 2022-10-28
14
14
  ```
15
15
 
16
16
  This plugin is currently in development and is free to use. We welcome contributions from the open source community on this project, and we request and appreciate feedback from users.
17
17
 
18
+ <https://rubygems.org/gems/sentinelblue-logstash-output-azure-loganalytics>
19
+
18
20
  ## Support
19
21
 
20
22
  For issues regarding the output plugin please open a support issue here. Create a new issue describing the problem so that we can assist you.
21
23
 
22
24
  ## Installation
23
25
 
24
- Azure Sentinel provides Logstash an output plugin to Log analytics workspace.
25
26
  Install the sentinelblue-logstash-output-azure-loganalytics, use [Logstash Working with plugins](<https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html>) document.
26
27
  For offline setup follow [Logstash Offline Plugin Management instruction](<https://www.elastic.co/guide/en/logstash/current/offline-plugins.html>).
27
28
 
29
+ ```bash
30
+ logstash-plugin install sentinelblue-logstash-output-azure-loganalytics
31
+ ```
32
+
28
33
  Required Logstash version: between 7.0+
29
34
 
30
35
  ## Configuration
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.1.1
1
+ 1.1.3.rc1
@@ -1,18 +1,18 @@
1
1
  # encoding: utf-8
2
- require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
2
+ require "logstash/azureLAClasses/logAnalyticsConfiguration"
3
3
  require 'rest-client'
4
4
  require 'json'
5
5
  require 'openssl'
6
6
  require 'base64'
7
7
  require 'time'
8
8
 
9
- class LogAnalyticsClient
9
+ class AzureLAClient
10
10
  API_VERSION = '2016-04-01'.freeze
11
11
 
12
- def initialize (logstashLoganalyticsConfiguration)
13
- @logstashLoganalyticsConfiguration = logstashLoganalyticsConfiguration
14
- set_proxy(@logstashLoganalyticsConfiguration.proxy)
15
- @uri = sprintf("https://%s.%s/api/logs?api-version=%s", @logstashLoganalyticsConfiguration.workspace_id, @logstashLoganalyticsConfiguration.endpoint, API_VERSION)
12
+ def initialize (logAnalyticsConfiguration)
13
+ @logAnalyticsConfiguration = logAnalyticsConfiguration
14
+ set_proxy(@logAnalyticsConfiguration.proxy)
15
+ @uri = sprintf("https://%s.%s/api/logs?api-version=%s", @logAnalyticsConfiguration.workspace_id, @logAnalyticsConfiguration.endpoint, API_VERSION)
16
16
  end # def initialize
17
17
 
18
18
 
@@ -39,8 +39,8 @@ class LogAnalyticsClient
39
39
  'Authorization' => signature(date, body_bytesize_length),
40
40
  'Log-Type' => custom_table_name,
41
41
  'x-ms-date' => date,
42
- 'time-generated-field' => @logstashLoganalyticsConfiguration.time_generated_field,
43
- 'x-ms-AzureResourceId' => @logstashLoganalyticsConfiguration.azure_resource_id
42
+ 'time-generated-field' => @logAnalyticsConfiguration.time_generated_field,
43
+ 'x-ms-AzureResourceId' => @logAnalyticsConfiguration.azure_resource_id
44
44
  }
45
45
  end # def get_header
46
46
 
@@ -61,10 +61,10 @@ class LogAnalyticsClient
61
61
  def signature(date, body_bytesize_length)
62
62
  sigs = sprintf("POST\n%d\napplication/json\nx-ms-date:%s\n/api/logs", body_bytesize_length, date)
63
63
  utf8_sigs = sigs.encode('utf-8')
64
- decoded_shared_key = Base64.decode64(@logstashLoganalyticsConfiguration.workspace_key)
64
+ decoded_shared_key = Base64.decode64(@logAnalyticsConfiguration.workspace_key)
65
65
  hmac_sha256_sigs = OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), decoded_shared_key, utf8_sigs)
66
66
  encoded_hash = Base64.encode64(hmac_sha256_sigs)
67
- authorization = sprintf("SharedKey %s:%s", @logstashLoganalyticsConfiguration.workspace_id, encoded_hash)
67
+ authorization = sprintf("SharedKey %s:%s", @logAnalyticsConfiguration.workspace_id, encoded_hash)
68
68
 
69
69
  return authorization
70
70
  end # def signature
@@ -1,23 +1,23 @@
1
1
  # encoding: utf-8
2
2
  require "stud/buffer"
3
- require "logstash/logAnalyticsClient/logAnalyticsClient"
3
+ require "logstash/azureLAClasses/azureLAClient"
4
4
  require "stud/buffer"
5
- require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
5
+ require "logstash/azureLAClasses/logAnalyticsConfiguration"
6
6
 
7
- # LogStashAutoResizeBuffer class setting a resizable buffer which is flushed periodically
7
+ # LogAnalyticsAutoResizeBuffer class setting a resizable buffer which is flushed periodically
8
8
  # The buffer resize itself according to Azure Loganalytics and configuration limitations
9
- class LogStashAutoResizeBuffer
9
+ class LogAnalyticsAutoResizeBuffer
10
10
  include Stud::Buffer
11
11
 
12
- def initialize(logstashLoganalyticsConfiguration,custom_table_name)
13
- @logstashLoganalyticsConfiguration = logstashLoganalyticsConfiguration
14
- @logger = @logstashLoganalyticsConfiguration.logger
12
+ def initialize(logAnalyticsConfiguration,custom_table_name)
13
+ @logAnalyticsConfiguration = logAnalyticsConfiguration
14
+ @logger = @logAnalyticsConfiguration.logger
15
15
  @custom_log_table_name = custom_table_name
16
- @client=LogAnalyticsClient::new(logstashLoganalyticsConfiguration)
16
+ @client=AzureLAClient::new(logAnalyticsConfiguration)
17
17
  buffer_initialize(
18
- :max_items => logstashLoganalyticsConfiguration.max_items,
19
- :max_interval => logstashLoganalyticsConfiguration.plugin_flush_interval,
20
- :logger => @logstashLoganalyticsConfiguration.logger
18
+ :max_items => logAnalyticsConfiguration.max_items,
19
+ :max_interval => logAnalyticsConfiguration.plugin_flush_interval,
20
+ :logger => @logAnalyticsConfiguration.logger
21
21
  )
22
22
  end # initialize
23
23
 
@@ -41,7 +41,7 @@ class LogStashAutoResizeBuffer
41
41
  # We send Json in the REST request
42
42
  documents_json = documents.to_json
43
43
  # Setting resizing to true will cause changing the max size
44
- if @logstashLoganalyticsConfiguration.amount_resizing == true
44
+ if @logAnalyticsConfiguration.amount_resizing == true
45
45
  # Resizing the amount of messages according to size of message received and amount of messages
46
46
  change_message_limit_size(documents.length, documents_json.bytesize)
47
47
  end
@@ -60,12 +60,12 @@ class LogStashAutoResizeBuffer
60
60
  @logger.info("Successfully posted #{amount_of_documents} logs into custom log analytics table[#{@custom_log_table_name}].")
61
61
  else
62
62
  @logger.error("DataCollector API request failure: error code: #{response.code}, data=>" + (documents.to_json).to_s)
63
- resend_message(documents_json, amount_of_documents, @logstashLoganalyticsConfiguration.retransmission_time)
63
+ resend_message(documents_json, amount_of_documents, @logAnalyticsConfiguration.retransmission_time)
64
64
  end
65
65
  rescue Exception => ex
66
- @logger.error("Exception in posting data to Azure Loganalytics.\n[Exception: '#{ex}]'")
66
+ @logger.error("Exception in posting data to Azure Loganalytics. [Exception: '#{ex}]'")
67
67
  @logger.trace("Exception in posting data to Azure Loganalytics.[amount_of_documents=#{amount_of_documents} documents=#{documents_json}]")
68
- resend_message(documents_json, amount_of_documents, @logstashLoganalyticsConfiguration.retransmission_time)
68
+ resend_message(documents_json, amount_of_documents, @logAnalyticsConfiguration.retransmission_time)
69
69
  end
70
70
  end # end send_message_to_loganalytics
71
71
 
@@ -73,19 +73,19 @@ class LogStashAutoResizeBuffer
73
73
  # We would like to do it until we reached to the duration
74
74
  def resend_message(documents_json, amount_of_documents, remaining_duration)
75
75
  if remaining_duration > 0
76
- @logger.info("Resending #{amount_of_documents} documents as log type #{@custom_log_table_name} to DataCollector API in #{@logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
77
- sleep @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY
76
+ @logger.info("Resending #{amount_of_documents} documents as log type #{@custom_log_table_name} to DataCollector API in #{@logAnalyticsConfiguration.RETRANSMISSION_DELAY} seconds.")
77
+ sleep @logAnalyticsConfiguration.RETRANSMISSION_DELAY
78
78
  begin
79
79
  response = @client.post_data(documents_json,@custom_log_table_name)
80
80
  if is_successfully_posted(response)
81
81
  @logger.info("Successfully sent #{amount_of_documents} logs into custom log analytics table[#{@custom_log_table_name}] after resending.")
82
82
  else
83
- @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
84
- resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
83
+ @logger.debug("Resending #{amount_of_documents} documents failed (error code #{response.code}), will try to resend for #{(remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY)}")
84
+ resend_message(documents_json, amount_of_documents, (remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY))
85
85
  end
86
86
  rescue Exception => ex
87
- @logger.debug("Resending #{amount_of_documents} documents failed, will try to resend for #{(remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY)}")
88
- resend_message(documents_json, amount_of_documents, (remaining_duration - @logstashLoganalyticsConfiguration.RETRANSMISSION_DELAY))
87
+ @logger.debug("Resending #{amount_of_documents} documents failed (Exception: '#{ex}'), will try to resend for #{(remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY)}")
88
+ resend_message(documents_json, amount_of_documents, (remaining_duration - @logAnalyticsConfiguration.RETRANSMISSION_DELAY))
89
89
  end
90
90
  else
91
91
  @logger.error("Could not resend #{amount_of_documents} documents, message is dropped.")
@@ -99,23 +99,23 @@ class LogStashAutoResizeBuffer
99
99
  # Meaning that if we reached the max amount we would like to increase it.
100
100
  # Else we would like to decrease it(to reduce latency for messages)
101
101
  def change_message_limit_size(amount_of_documents, documents_byte_size)
102
- new_buffer_size = @logstashLoganalyticsConfiguration.max_items
102
+ new_buffer_size = @logAnalyticsConfiguration.max_items
103
103
  average_document_size = documents_byte_size / amount_of_documents
104
104
  # If window is full we need to increase it
105
105
  # "amount_of_documents" can be greater since buffer is not synchronized meaning
106
106
  # that flush can occur after limit was reached.
107
- if amount_of_documents >= @logstashLoganalyticsConfiguration.max_items
107
+ if amount_of_documents >= @logAnalyticsConfiguration.max_items
108
108
  # if doubling the size wouldn't exceed the API limit
109
- if ((2 * @logstashLoganalyticsConfiguration.max_items) * average_document_size) < @logstashLoganalyticsConfiguration.MAX_SIZE_BYTES
110
- new_buffer_size = 2 * @logstashLoganalyticsConfiguration.max_items
109
+ if ((2 * @logAnalyticsConfiguration.max_items) * average_document_size) < @logAnalyticsConfiguration.MAX_SIZE_BYTES
110
+ new_buffer_size = 2 * @logAnalyticsConfiguration.max_items
111
111
  else
112
- new_buffer_size = (@logstashLoganalyticsConfiguration.MAX_SIZE_BYTES / average_document_size) -1000
112
+ new_buffer_size = (@logAnalyticsConfiguration.MAX_SIZE_BYTES / average_document_size) -1000
113
113
  end
114
114
 
115
115
  # We would like to decrease the window but not more then the MIN_MESSAGE_AMOUNT
116
116
  # We are trying to decrease it slowly to be able to send as much messages as we can in one window
117
- elsif amount_of_documents < @logstashLoganalyticsConfiguration.max_items and @logstashLoganalyticsConfiguration.max_items != [(@logstashLoganalyticsConfiguration.max_items - @logstashLoganalyticsConfiguration.decrease_factor) ,@logstashLoganalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
118
- new_buffer_size = [(@logstashLoganalyticsConfiguration.max_items - @logstashLoganalyticsConfiguration.decrease_factor) ,@logstashLoganalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
117
+ elsif amount_of_documents < @logAnalyticsConfiguration.max_items and @logAnalyticsConfiguration.max_items != [(@logAnalyticsConfiguration.max_items - @logAnalyticsConfiguration.decrease_factor) ,@logAnalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
118
+ new_buffer_size = [(@logAnalyticsConfiguration.max_items - @logAnalyticsConfiguration.decrease_factor) ,@logAnalyticsConfiguration.MIN_MESSAGE_AMOUNT].max
119
119
  end
120
120
 
121
121
  change_buffer_size(new_buffer_size)
@@ -128,7 +128,7 @@ class LogStashAutoResizeBuffer
128
128
  if @buffer_config[:max_items] != new_size
129
129
  old_buffer_size = @buffer_config[:max_items]
130
130
  @buffer_config[:max_items] = new_size
131
- @logstashLoganalyticsConfiguration.max_items = new_size
131
+ @logAnalyticsConfiguration.max_items = new_size
132
132
  @logger.info("Changing buffer size.[configuration='#{old_buffer_size}' , new_size='#{new_size}']")
133
133
  else
134
134
  @logger.info("Buffer size wasn't changed.[configuration='#{old_buffer_size}' , new_size='#{new_size}']")
@@ -140,4 +140,4 @@ class LogStashAutoResizeBuffer
140
140
  return (response.code == 200) ? true : false
141
141
  end # def is_successfully_posted
142
142
 
143
- end # LogStashAutoResizeBuffer
143
+ end # LogAnalyticsAutoResizeBuffer
@@ -1,8 +1,9 @@
1
1
  # encoding: utf-8
2
- class LogstashLoganalyticsOutputConfiguration
3
- def initialize(workspace_id, workspace_key, logger)
2
+ class LogAnalyticsConfiguration
3
+ def initialize(workspace_id, workspace_key, custom_log_table_name, logger)
4
4
  @workspace_id = workspace_id
5
5
  @workspace_key = workspace_key
6
+ @custom_log_table_name = custom_log_table_name
6
7
  @logger = logger
7
8
 
8
9
  # Delay between each resending of a message
@@ -24,8 +25,14 @@ class LogstashLoganalyticsOutputConfiguration
24
25
  elsif @max_items < @MIN_MESSAGE_AMOUNT
25
26
  raise ArgumentError, "Setting max_items to value must be greater then #{@MIN_MESSAGE_AMOUNT}."
26
27
 
27
- elsif @workspace_id.empty? or @workspace_key.empty?
28
- raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key}]"
28
+ elsif @workspace_id.empty? or @workspace_key.empty? or @custom_log_table_name.empty?
29
+ raise ArgumentError, "Malformed configuration , the following arguments can not be null or empty.[workspace_id=#{@workspace_id} , workspace_key=#{@workspace_key} , custom_log_table_name=#{@custom_log_table_name}]"
30
+
31
+ elsif !@custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/) and !@custom_log_table_name.match(/^%{((\[[\w_\-@]*\])*)([\w_\-@]*)}$/)
32
+ raise ArgumentError, "custom_log_table_name must be either a static name starting with a letter and consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}."
33
+
34
+ elsif @custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/) and @custom_log_table_name.length > 100
35
+ raise ArgumentError, "custom_log_table_name must not exceed 100 characters"
29
36
 
30
37
  elsif @key_names.length > 500
31
38
  raise ArgumentError, 'Azure Loganalytics limits the amount of columns to 500 in each table.'
@@ -77,6 +84,10 @@ class LogstashLoganalyticsOutputConfiguration
77
84
  @workspace_key
78
85
  end
79
86
 
87
+ def custom_log_table_name
88
+ @custom_log_table_name
89
+ end
90
+
80
91
  def endpoint
81
92
  @endpoint
82
93
  end
@@ -2,8 +2,8 @@
2
2
  require "logstash/outputs/base"
3
3
  require "logstash/namespace"
4
4
  require "stud/buffer"
5
- require "logstash/logAnalyticsClient/logStashAutoResizeBuffer"
6
- require "logstash/logAnalyticsClient/logstashLoganalyticsConfiguration"
5
+ require "logstash/azureLAClasses/logAnalyticsAutoResizeBuffer"
6
+ require "logstash/azureLAClasses/logAnalyticsConfiguration"
7
7
 
8
8
  class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
9
9
 
@@ -70,7 +70,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
70
70
  # Initialize the logstash resizable buffer
71
71
  # This buffer will increase and decrease size according to the amount of messages inserted.
72
72
  # If the buffer reached the max amount of messages the amount will be increased until the limit
73
- # @logstash_resizable_event_buffer=LogStashAutoResizeBuffer::new(@logstash_configuration)
73
+ # @logstash_resizable_event_buffer=LogAnalyticsAutoResizeBuffer::new(@logstash_configuration)
74
74
 
75
75
  end # def register
76
76
 
@@ -89,7 +89,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
89
89
  custom_table_name = ""
90
90
 
91
91
  # Check if the table name is static or dynamic
92
- if @custom_log_table_name.match(/^[[:alpha:][:digit:]_]+$/)
92
+ if @custom_log_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/)
93
93
  # Table name is static.
94
94
  custom_table_name = @custom_log_table_name
95
95
 
@@ -100,28 +100,26 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
100
100
 
101
101
  else
102
102
  # Incorrect format
103
- @logger.warn("custom_log_table_name must be either a static name consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}.")
103
+ @logger.error("custom_log_table_name must be either a static name consisting only of numbers, letters, and underscores OR a dynamic table name of the format used by logstash (e.g. %{field_name}, %{[nested][field]}.")
104
104
  break
105
105
 
106
106
  end
107
107
 
108
108
  # Check that the table name is a string, exists, and is les than 100 characters
109
- if !custom_table_name.is_a?(String)
110
- @logger.warn("The custom table name must be a string. If you used a dynamic name from one of the log fields, make sure it is a string.")
111
- break
109
+ if !custom_table_name.match(/^[a-zA-Z][[:alpha:][:digit:]_]*$/)
110
+ @logger.error("The custom table name must start with a letter and only consist of letters, numbers, and/or underscores (_). Also check the field name used. If it doesn't exist, you will also receive this error.")
111
+ next
112
112
 
113
113
  elsif custom_table_name.empty? or custom_table_name.nil?
114
- @logger.warn("The custom table name is empty. If you used a dynamic name from one of the log fields, check that it exists.")
115
- break
114
+ @logger.error("The custom table name is empty. Make sure the field you used always returns a table name.")
115
+ next
116
116
 
117
117
  elsif custom_table_name.length > 100
118
- @logger.warn("The custom table name must not exceed 100 characters")
119
- break
118
+ @logger.error("The custom table name must not exceed 100 characters")
119
+ next
120
120
 
121
121
  end
122
122
 
123
- @logger.info("Custom table name #{custom_table_name} is valid")
124
-
125
123
  # Determine if there is a buffer for the given table
126
124
  if buffers.keys.include?(custom_table_name)
127
125
  @logger.trace("Adding event document - " + event.to_s)
@@ -129,7 +127,7 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
129
127
 
130
128
  else
131
129
  # If the buffer doesn't exist for the table, create one and add the document
132
- buffers[custom_table_name] = LogStashAutoResizeBuffer::new(@logstash_configuration,custom_table_name)
130
+ buffers[custom_table_name] = LogAnalyticsAutoResizeBuffer::new(@logstash_configuration,custom_table_name)
133
131
  @logger.trace("Adding event document - " + event.to_s)
134
132
  buffers[custom_table_name].add_event_document(document)
135
133
 
@@ -165,9 +163,9 @@ class LogStash::Outputs::AzureLogAnalytics < LogStash::Outputs::Base
165
163
  end # def create_event_document
166
164
 
167
165
  # Building the logstash object configuration from the output configuration provided by the user
168
- # Return LogstashLoganalyticsOutputConfiguration populated with the configuration values
166
+ # Return LogAnalyticsConfiguration populated with the configuration values
169
167
  def build_logstash_configuration()
170
- logstash_configuration= LogstashLoganalyticsOutputConfiguration::new(@workspace_id, @workspace_key, @logger)
168
+ logstash_configuration= LogAnalyticsConfiguration::new(@workspace_id, @workspace_key, @custom_log_table_name, @logger)
171
169
  logstash_configuration.endpoint = @endpoint
172
170
  logstash_configuration.time_generated_field = @time_generated_field
173
171
  logstash_configuration.key_names = @key_names
@@ -6,7 +6,7 @@ Gem::Specification.new do |s|
6
6
  s.summary = %q{Sentinel Blue provides a plugin outputing to Azure Sentinel for Logstash. Using this output plugin, you will be able to send any log you want using Logstash to the Azure Sentinel/Log Analytics workspace. You can utilize a dynamic table name during output to simplify complex table schemes.}
7
7
  s.description = s.summary
8
8
  s.homepage = "https://github.com/sentinelblue/sentinelblue-logstash-output-azure-loganalytics"
9
- s.licenses = ['Apache License (2.0)']
9
+ s.licenses = ['Apache-2.0']
10
10
  s.require_paths = ["lib"]
11
11
 
12
12
  # Files
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sentinelblue-logstash-output-azure-loganalytics
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.1.1
4
+ version: 1.1.3.rc1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Sentinel Blue
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-10-20 00:00:00.000000000 Z
11
+ date: 2022-11-04 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rest-client
@@ -86,15 +86,15 @@ files:
86
86
  - LICENSE
87
87
  - README.md
88
88
  - VERSION
89
- - lib/logstash/logAnalyticsClient/logAnalyticsClient.rb
90
- - lib/logstash/logAnalyticsClient/logStashAutoResizeBuffer.rb
91
- - lib/logstash/logAnalyticsClient/logstashLoganalyticsConfiguration.rb
89
+ - lib/logstash/azureLAClasses/azureLAClient.rb
90
+ - lib/logstash/azureLAClasses/logAnalyticsAutoResizeBuffer.rb
91
+ - lib/logstash/azureLAClasses/logAnalyticsConfiguration.rb
92
92
  - lib/logstash/outputs/sentinelblue-logstash-output-azure-loganalytics.rb
93
93
  - sentinelblue-logstash-output-azure-loganalytics.gemspec
94
94
  - spec/outputs/azure_loganalytics_spec.rb
95
95
  homepage: https://github.com/sentinelblue/sentinelblue-logstash-output-azure-loganalytics
96
96
  licenses:
97
- - Apache License (2.0)
97
+ - Apache-2.0
98
98
  metadata:
99
99
  logstash_plugin: 'true'
100
100
  logstash_group: output
@@ -109,9 +109,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
109
109
  version: '0'
110
110
  required_rubygems_version: !ruby/object:Gem::Requirement
111
111
  requirements:
112
- - - ">="
112
+ - - ">"
113
113
  - !ruby/object:Gem::Version
114
- version: '0'
114
+ version: 1.3.1
115
115
  requirements: []
116
116
  rubygems_version: 3.3.7
117
117
  signing_key: