Class: LogStash::Filters::Elasticsearch

Inherits:
Base
  • Object
show all
Includes:
PluginMixins::CATrustedFingerprintSupport, PluginMixins::ECSCompatibilitySupport, PluginMixins::ECSCompatibilitySupport::TargetCheck, MonitorMixin
Defined in:
lib/logstash/filters/elasticsearch/dsl_executor.rb,
lib/logstash/filters/elasticsearch/esql_executor.rb,
lib/logstash/filters/elasticsearch.rb

Defined Under Namespace

Classes: ColumnSpec, DslExecutor, EsqlExecutor

Constant Summary collapse

LS_ESQL_SUPPORT_VERSION =

the version started using elasticsearch-ruby v8

"8.17.4"
ES_ESQL_SUPPORT_VERSION = 
"8.11.0"

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#query_dslObject (readonly)

Returns the value of attribute query_dsl.



186
187
188
 
# File 'lib/logstash/filters/elasticsearch.rb', line 186

def query_dsl
  @query_dsl
end

#shared_clientObject (readonly)

Returns the value of attribute shared_client.



164
165
166
 
# File 'lib/logstash/filters/elasticsearch.rb', line 164

def shared_client
  @shared_client
end

Class Method Details

.validate_value(value, validator) ⇒ Array(true,Object), Array(false,String) 



175
176
177
178
179
180
181
182
183
184
 
# File 'lib/logstash/filters/elasticsearch.rb', line 175

def self.validate_value(value, validator)
  return super unless validator == :uri_or_empty

  value = deep_replace(value)
  value = hash_or_array(value)

  return true, value.first if value.size == 1 && value.first.empty?

  return super(value, :uri)
end

Instance Method Details

#decorate(event) ⇒ Object

def filter



221
222
223
224
 
# File 'lib/logstash/filters/elasticsearch.rb', line 221

def decorate(event)
  # this Elasticsearch class has access to `filter_matched`
  filter_matched(event)
end

#filter(event) ⇒ Object

def register



217
218
219
 
# File 'lib/logstash/filters/elasticsearch.rb', line 217

def filter(event)
  @esql_executor.process(get_client, event)
end

#prepare_user_agentObject

public only to be reused in testing



227
228
229
230
231
232
233
234
235
236
237
 
# File 'lib/logstash/filters/elasticsearch.rb', line 227

def prepare_user_agent
  os_name = java.lang.System.getProperty('os.name')
  os_version = java.lang.System.getProperty('os.version')
  os_arch = java.lang.System.getProperty('os.arch')
  jvm_vendor = java.lang.System.getProperty('java.vendor')
  jvm_version = java.lang.System.getProperty('java.version')

  plugin_version = Gem.loaded_specs['logstash-filter-elasticsearch'].version
  # example: logstash/7.14.1 (OS=Linux-5.4.0-84-generic-amd64; JVM=AdoptOpenJDK-11.0.11) logstash-output-elasticsearch/11.0.1
  "logstash/#{LOGSTASH_VERSION} (OS=#{os_name}-#{os_version}-#{os_arch}; JVM=#{jvm_vendor}-#{jvm_version}) logstash-#{@plugin_type}-#{config_name}/#{plugin_version}"
end

#registerObject 



188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
 
# File 'lib/logstash/filters/elasticsearch.rb', line 188

def register
  case @query_type
  when "esql"
    invalid_params_with_esql = original_params.keys & %w(index query_template sort fields docinfo_fields aggregation_fields enable_sort result_size)
    raise LogStash::ConfigurationError, "Configured #{invalid_params_with_esql} params cannot be used with ES|QL query" if invalid_params_with_esql.any?

    validate_ls_version_for_esql_support!
    validate_esql_query_and_params!
    @esql_executor ||= LogStash::Filters::Elasticsearch::EsqlExecutor.new(self, @logger)
  else # dsl
    validate_dsl_query_settings!
    @esql_executor ||= LogStash::Filters::Elasticsearch::DslExecutor.new(self, @logger)
  end

  fill_hosts_from_cloud_id
  setup_ssl_params!
  validate_authentication
  fill_user_password_from_cloud_auth

  @hosts = Array(@hosts).map { |host| host.to_s } # potential SafeURI#to_s

  test_connection!
  validate_es_for_esql_support! if @query_type == "esql"
  setup_serverless
  if get_client.es_transport_client_type == "elasticsearch_transport"
    require_relative "elasticsearch/patches/_elasticsearch_transport_http_manticore"
  end
end