Merge pull request #68 from yaauie/ecs-v8

ecs: add v8 alias to v1 implementation
logstash-plugins · Nov 11, 2021 · 7a54456 · 7a54456
2 parents 3de814d + 752d433
commit 7a54456
Show file tree

Hide file tree

Showing 5 changed files with 15 additions and 11 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,6 @@
+## 3.6.0
+  - Add support for ECS v8 as alias to v1 implementation [#68](https://github.com/logstash-plugins/logstash-input-syslog/pull/68)
+
 ## 3.5.0
   - Feat: ECS compatibility support [#63](https://github.com/logstash-plugins/logstash-input-syslog/pull/63)
 

diff --git a/docs/index.asciidoc b/docs/index.asciidoc
@@ -71,7 +71,7 @@ input plugins.
   * Value type is <<string,string>>
   * Supported values are:
     ** `disabled`: does not use ECS-compatible field names (for example, `priority` for syslog priority)
-    ** `v1`: uses fields that are compatible with Elastic Common Schema (for example, `[log][syslog][priority]`)
+    ** `v1`,`v8`: uses fields that are compatible with Elastic Common Schema (for example, `[log][syslog][priority]`)
   * Default value depends on which version of Logstash is running:
     ** When Logstash provides a `pipeline.ecs_compatibility` setting, its value is used as the default
     ** Otherwise, the default value is `disabled`.

diff --git a/lib/logstash/inputs/syslog.rb b/lib/logstash/inputs/syslog.rb
@@ -26,7 +26,7 @@
 # Note: This input will start listeners on both TCP and UDP.
 #
 class LogStash::Inputs::Syslog < LogStash::Inputs::Base
-  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1)
+  include LogStash::PluginMixins::ECSCompatibilitySupport(:disabled, :v1, :v8 => :v1)
 
   config_name "syslog"
 

diff --git a/logstash-input-syslog.gemspec b/logstash-input-syslog.gemspec
@@ -1,7 +1,7 @@
 Gem::Specification.new do |s|
 
   s.name            = 'logstash-input-syslog'
-  s.version         = '3.5.0'
+  s.version         = '3.6.0'
   s.licenses        = ['Apache License (2.0)']
   s.summary         = "Reads syslog messages as events"
   s.description     = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
@@ -21,16 +21,16 @@ Gem::Specification.new do |s|
 
   # Gem dependencies
   s.add_runtime_dependency "logstash-core-plugin-api", ">= 1.60", "<= 2.99"
-  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.1'
+  s.add_runtime_dependency 'logstash-mixin-ecs_compatibility_support', '~> 1.2'
 
   s.add_runtime_dependency 'concurrent-ruby'
   s.add_runtime_dependency 'stud', '>= 0.0.22', '< 0.1.0'
 
   s.add_runtime_dependency 'logstash-codec-plain'
-  s.add_runtime_dependency 'logstash-filter-grok', '>= 4.4.0'
+  s.add_runtime_dependency 'logstash-filter-grok', '>= 4.4.1'
   s.add_runtime_dependency 'logstash-filter-date'
 
-  s.add_development_dependency 'logstash-devutils'
+  s.add_development_dependency 'logstash-devutils', '~> 2.3'
   s.add_development_dependency 'logstash-codec-cef'
 end
 
diff --git a/spec/inputs/syslog_spec.rb b/spec/inputs/syslog_spec.rb
@@ -100,7 +100,7 @@ def pattern_path(path)
   end
 
   context 'tag', :ecs_compatibility_support do
-    ecs_compatibility_matrix(:disabled, :v1) do
+    ecs_compatibility_matrix(:disabled, :v1, :v8 => :v1) do
 
       before(:each) do
         allow_any_instance_of(described_class).to receive(:ecs_compatibility).and_return(ecs_compatibility)
@@ -172,7 +172,7 @@ def pattern_path(path)
 
         expect( events.length ).to eql event_count
         events.each do |event|
-          expect( event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T15:19:25.000Z"
+          expect( event.get("@timestamp") ).to be_a_logstash_timestamp_equivalent_to("#{Time.now.year}-10-26T15:19:25Z")
         end
       end
 
@@ -196,8 +196,9 @@ def pattern_path(path)
           queue.pop
         end
 
-        # chances platform timezone is not UTC so ignore the hours
-        expect( event.get("@timestamp").to_iso8601 ).to match /#{Time.now.year}-10-26T\d\d:19:25.000Z/
+        # chances platform timezone is not UTC, so parse without offset to create expectation
+        equivalent_time = Time.parse("#{Time.now.year}-10-26T15:19:25")
+        expect( event.get("@timestamp") ).to be_a_logstash_timestamp_equivalent_to(equivalent_time)
       end
 
       it "should support non UTC timezone" do
@@ -209,7 +210,7 @@ def pattern_path(path)
         syslog_event = LogStash::Event.new({ "message" => "<164>Oct 26 15:19:25 1.2.3.4 %ASA-4-106023: Deny udp src DRAC:10.1.2.3/43434" })
         input.syslog_relay(syslog_event)
 
-        expect( syslog_event.get("@timestamp").to_iso8601 ).to eql "#{Time.now.year}-10-26T20:19:25.000Z"
+        expect( syslog_event.get("@timestamp") ).to be_a_logstash_timestamp_equivalent_to("#{Time.now.year}-10-26T20:19:25Z")
 
         input.close
       end