Class: LogStash::Outputs::MicrosoftSentinelOutputInternal::LogAnalyticsClient

Inherits:

Object

Object
LogStash::Outputs::MicrosoftSentinelOutputInternal::LogAnalyticsClient

show all

Defined in:: lib/logstash/sentinel_la/logAnalyticsClient.rb

Class Method Summary collapse

.is_successfully_posted(response) ⇒ Object

Static function to return if the response is OK or else.

Instance Method Summary collapse

#azcmagent_running? ⇒ Boolean

AZure Connected Machine AGENT is running outside of Azure and onboarded into Azure Arc.
#initialize(logstashLoganalyticsConfiguration) ⇒ LogAnalyticsClient constructor

def azcmagent_running?.
#post_data(body) ⇒ Object

Post the given json to Azure Loganalytics.

Constructor Details

#initialize(logstashLoganalyticsConfiguration) ⇒ `LogAnalyticsClient`

def azcmagent_running?

# File 'lib/logstash/sentinel_la/logAnalyticsClient.rb', line 22

def initialize(logstashLoganalyticsConfiguration)
  @logstashLoganalyticsConfiguration = logstashLoganalyticsConfiguration
  @logger = @logstashLoganalyticsConfiguration.logger

  la_api_version = "2023-01-01"
  @uri = sprintf("%s/dataCollectionRules/%s/streams/%s?api-version=%s",@logstashLoganalyticsConfiguration.data_collection_endpoint, @logstashLoganalyticsConfiguration.dcr_immutable_id, logstashLoganalyticsConfiguration.dcr_stream_name, la_api_version)

  if @logstashLoganalyticsConfiguration.managed_identity
    if azcmagent_running?
      @logger.info("Machine is Azure Arc-enabled server. Retrieving bearer token via azcmagent...")
      @aadTokenProvider=LogAnalyticsArcTokenProvider::new(logstashLoganalyticsConfiguration)
    else
      @logger.info("Using Managed Identity configuration. Retrieving bearer token for Managed Identity...")
      @aadTokenProvider=LogAnalyticsMiTokenProvider::new(logstashLoganalyticsConfiguration)
    end
  else
    @aadTokenProvider=LogAnalyticsAadTokenProvider::new(logstashLoganalyticsConfiguration)
  end

  @userAgent = getUserAgent()
end

Class Method Details

.is_successfully_posted(response) ⇒ `Object`

Static function to return if the response is OK or else



57
58
59

# File 'lib/logstash/sentinel_la/logAnalyticsClient.rb', line 57

def self.is_successfully_posted(response)
  return (response.code >= 200 && response.code < 300 ) ? true : false
end

Instance Method Details

#azcmagent_running? ⇒ `Boolean`

AZure Connected Machine AGENT is running outside of Azure and onboarded into Azure Arc

Returns:

(Boolean)



18
19
20

# File 'lib/logstash/sentinel_la/logAnalyticsClient.rb', line 18

def azcmagent_running? # AZure Connected Machine AGENT is running outside of Azure and onboarded into Azure Arc

  system('azcmagent > /dev/null', [:out, :err] => IO::NULL)
end

#post_data(body) ⇒ `Object`

Post the given json to Azure Loganalytics

Raises:

(ConfigError)

# File 'lib/logstash/sentinel_la/logAnalyticsClient.rb', line 45

def post_data(body)
  raise ConfigError, 'no json_records' if body.empty?

  # Create REST request header

  headers = get_header()

  # Post REST request

  return RestClient::Request.execute(method: :post, url: @uri, payload: body, headers: headers,
                                      proxy: @logstashLoganalyticsConfiguration.proxy_endpoint, timeout: 240)
end