Project

logstash-filter-weblookup

0.0
No commit activity in last 3 years
No release in over 3 years
logstash-filter-weblookupjanmg/logstash-filter-weblookupHomepageDocumentationSource CodeBug TrackerWiki
This gem is a Logstash plugin. During filter it takes one or more fields and uses that as input to query additional information. The original purpose is to enrich IP addresses with matching subnet, netname and hostname, but it is generic so that any field can be looked up. The function is similar to the translate filter's dictionary lookup, which supports files and regex. The jdbc_streaming filter plugin is also very useful if the data resides in a database. This plugins features are web based lookups and redis caching, for fast lookups.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
9,792
Stars
0
Forks
0
Watchers
2
 Releases
Current version
0.1.4
Total releases
5
First release
2019-05-13
Latest release
2021-05-21
 Issues
Open Issues
1
Closed Issues
0
Total Issues
1
Issue Closure Rate
0%
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2019-08-21
Reverse Dependencies
0

 Dependencies

Development

logstash-devutils
~> 0

Runtime

connection_pool
~> 2.2
logstash-core-plugin-api
~> 2.1
 Project Readme

Logstash Plugin

This gem is a plugin for Logstash. During filter it takes one or more fields and uses that as input to query additional information. The original purpose is to enrich IP addresses with matching subnet, netname and hostname, but it is generic so that any field can be looked up. The function is similar to the translate filter's dictionary lookup, which supports files and regex. The jdbc_streaming filter plugin is also very useful if the data resides in a database. This plugins features are web based lookups and redis caching, for fast lookups.

Documentation

weblookup { fields => ['[client][ip]'] destinations => ['net'] url => "http://localhost/ripe.php?ip=" use_redis => true redis_path => "/var/run/redis/redis-server.sock" normalize => true newroot => "[records][properties]" roottostrip => "[records]" }

Where will be replaced by the value of client.ip

The first three components are needed for the plugin, the others are optional. use_redis and redis_path are for caching the response, this speedsup the requists. It's also possible to hardcode values here, but I'm not using it myself yet. normalize, newroot and roottostrip probably would be better in a separte plugin, but for now weblookup can move the json objects inside the roottostrip into it's own root, by default elasticsearch uses _source as invisible root.

Need Help?

Need help? Raise an issue on https://github.com/janmg/logstash-filter-weblookup