Rye Biesemeyer yaauie
yaauie
/ ecs-complaint-host-geoip.conf
Created
July 22, 2020 15:50
Example remapping the fields output by GeoIP filter for a host ip to ECS's host geo fields, as identified in the ECS compatibility mode issue https://github.com/logstash-plugins/logstash-filter-geoip/issues/163#issuecomment-592177677
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| geoip { | |
| source => "[host][ip]" | |
| target => "[@metadata][host_geoip]" | |
| } | |
| if [@metadata][host_geoip] { | |
| mutate { | |
| copy => { | |
| "[@metadata][host_geoip][city_name]" => "[host][geo][city_name]" | |
| "[@metadata][host_geoip][country_name]" => "[host][geo][country_name]" |
yaauie
/ tag-when-fields-over-threshold.logstash-filter-ruby.rb
Last active
June 1, 2020 18:40
Logstash: tag when field count over threshold
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # tag-when-fields-over-threshold.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to tag an event when it has "too many" | |
| # fields, with a configurable threshold. | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
yaauie
/ replace-subset.logstash-filter-ruby.rb
Created
May 11, 2020 17:03
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # replace-subset.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to replace an event's contents with a | |
| # subset that exists as an object in a field. | |
| ############################################################################### | |
| # | |
| # Copyright 2020 Ry Biesemeyer | |
| # | |
| # Permission is hereby granted, free of charge, to any person obtaining a copy |
yaauie
/ delete-emtpy-nodes.logstash-filter-ruby.rb
Last active
July 19, 2021 09:46
A script for a Logstash Ruby Filter to delete empty nodes from an event; by default, crawls the entire event recursively, but it can be configured to limit the scope.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ############################################################################### | |
| # delete-emtpy-nodes.logstash-filter-ruby.rb | |
| # --------------------------------- | |
| # A script for a Logstash Ruby Filter to delete empty nodes from an event; by | |
| # default, crawls the entire event recursively, but it can be configured to | |
| # limit the scope. | |
| ############################################################################### | |
| # | |
| # Copyright 2018 Ry Biesemeyer | |
| # |
yaauie
/ back_pressure_provider.rb
Created
April 29, 2019 21:15
proof-of-concept generic back-pressure provider, enables blocking back-pressure to be controlled outside the code that is performing the actions.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The BackPressureProvider allows back-pressure to be applied to non-blocking APIs when those APIs also | |
| # provide hooks for identifying when they _should_ block. | |
| class BackPressureProvider | |
| def initialize(desc, logger) | |
| @desc = desc | |
| @logger = logger | |
| @mutex = Mutex.new | |
| @cond = ConditionVariable.new | |
| @back_pressure_engaged = false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env zsh | |
| # | |
| # Utility that allows you to cd into a local checkout of a Logstash Plugin's | |
| # source code, whether or not you have previously cloned the repository. | |
| # | |
| # Usage: | |
| # cdlp <type> <qualifier> | |
| # | |
| # Example: | |
| # cdlp output elasticsearch |
yaauie
/ processor-hostname.logstash-filter-ruby.rb
Last active
May 28, 2019 22:51
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| ruby { | |
| path => "${PWD}/processor-hostname.logstash-filter-ruby.rb" | |
| script_params => { | |
| "target" => "@processed-by" | |
| } | |
| } | |
| } |
yaauie
/ pipeline.conf
Last active
May 6, 2019 13:47
A script for a Logstash Ruby Filter to transpose an array of two-element objects representing key/value tuples into a single hash/map
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| filter { | |
| # to convert an array of key/value objects into a single unordered | |
| # key/value map, use the included `transpose` script: | |
| ruby { | |
| path => "${PWD}/transpose.logstash-filter-ruby.rb" | |
| script_params => { | |
| source => "[proplist]" | |
| } | |
| } |
yaauie
/ jdbc-informix-windowing.diff
Created
September 18, 2018 17:44
Logstash JDBC Input Plugin: Informix DB Windowing Support Proof-of-Concept
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/lib/logstash/plugin_mixins/jdbc.rb b/lib/logstash/plugin_mixins/jdbc.rb | |
| index c9bc547..934a4f1 100644 | |
| --- a/lib/logstash/plugin_mixins/jdbc.rb | |
| +++ b/lib/logstash/plugin_mixins/jdbc.rb | |
| @@ -162,6 +162,7 @@ module LogStash::PluginMixins::Jdbc | |
| raise LogStash::ConfigurationError, "#{e}. #{message}" | |
| end | |
| @database = jdbc_connect() | |
| + @database.extension(:informix_windowing) | |
| @database.extension(:pagination) |
yaauie
/ lucene-list-fields-from-elasticsearch-index-mappings.rb
Created
September 11, 2018 18:02
A quick and very dirty script to list the effective lucene field list from an elasticsearch index mapping
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env ruby | |
| # A quick and very dirty script to list the effective lucene schema from an elasticsearch index mapping | |
| # | |
| # USAGE: | |
| # cat index_mappings.json | lucene-list-fields-from-elasticsearch-index-mappings.rb | |
| # cat cluster_mappings.json | jq '.["index_name"].mappings' | lucene-list-fields-from-elasticsearch-index-mappings.rb | |
| # | |
| # | |
| # Copyright 2018 Ry Biesemeyer (@yaauie) |