logstash-filter-javascript
Advanced tools
This is a plugin for Logstash, compatible with LS versions >= 6.8, that allows you to interact with pipeline events using scripts written in Javascript. It works in a similar way as Logstash's (official) Ruby filter.
Only Java 8 - 13 is supported, running LS on Java 15 or later won't work due the removal of the Nashorn Javascript engine.
DISCLAIMER: Plugin is considered a (working) experiment and is no way as battle tested as (official) Logstash plugins supported by Elastic.
In general, performance wise, you can expect the same throughput as with the Ruby filter. Also, performance of the Nashorn Javascript engine might vary between Java versions.
To inline Javascript in your filter, place all code in the code option. This code will be executed for every event the
filter receives. For example, to cancel 90% of events, you can do this:
filter {
javascript {
code => "if (java.lang.Math.random() <= 0.9) event.cancel()"
}
}
You can also place JS code in the init option - it will be executed only once during the plugin's initialization phase.
This is a great place to "feature validate" the Javascript engine:
filter {
javascript {
init => "if (Number.MIN_VALUE <= 0) throw new Error(0); if (parseInt('f*ck', 16) !== 15) throw 'f*ck'"
code => 'event.setField("message", "b" + "a" + +"a" + "a")'
}
}
$LS_HOME/bin/logstash-plugin install logstash-filter-javascript
TO-BE-CONTINUED...
Unlike the Ruby filter, which allows you to hook into the LS execution runtime, the Javascript filter starts an isolated JS engine on every filter use.
There's no new_event_block callback hook implemented in the Javascript filter, this one (if requested) deserves more
thought as it just felt a bit "hacky" to copy what the Ruby filter does.
The Javascript filter does not expose a register function (with script_params), instead you can use init_parameters
to set variables in the global scope which will than be accessible from within the filter function.
Nashorn defaults to ECMAScript 5.1 by default which lacks the compact arrow arg => ... syntax or the let keyword.
There's (incomplete) support for ECMA 6 but requires setting a system properly, navigate to config/jvm.options and add :
-Dnashorn.args=--language=es6
Be aware of scripting Java types with Nashorn as not all native Javascript APIs will handle those seamlessly and might lead to surprising results e.g.
var json = JSON.stringify(event.toMap()); // undefined
// as JSON does not handle a java.util.Map returned from the LS event
// one can instead convert Java types to native JS objects e.g.
var map = event.toMap()
var obj = {}
for each (var key in map.keySet()) obj[key] = map.get(key) // Nashorn for-each extension for Java arrays/collections
You can set plain-old Javascript objects as values on the event, LS will see them as maps and convert them accordingly:
var obj = { foo: "bar", truthy: true, aNull: null, number: 11.1 }
event.setField('js.values', obj)
// be aware when JS values contain function types as they might lead to issues
// using JS types with a Java type system might lead to issues e.g. setting it on an event e.g.
event.setField('unexpected-value', undefined); // LS will complain not being able to handle :
// Missing Converter handling for full class name=jdk.nashorn.internal.runtime.Undefined
There's no console.log with Nashorn, however you could use Java's system output for debugging purposes :
function puts(msg) {
java.lang.System.out.println(msg)
}
puts('event: ' + event.toMap());
// or simply the built-in print method :
print('event: ', event)
NOTE: be aware to remove such debugging statements in production to not fill up LS' standard output!
To get started, you'll need JRuby (>= 9.1) with the Bundler gem installed.
Install dependencies
jruby -S bundle
jruby -rbundler/setup -S rspec
Gemfile and add the local plugin path e.g.:gem "logstash-filter-javascript", :path => "path/to/local/logstash-filter-javascript"
bin/logstash-plugin install --no-verify
bin/logstash -e "filter { javascript { code => \"print('Hello from JS: ' + event.getField('message'))\" } }"
At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
You can use the same 2.1 method to run your plugin in an installed Logstash by editing its Gemfile and pointing the :path to your local plugin development directory or you can build the gem and install it using:
gem build logstash-filter-awesome.gemspec
# Logstash 2.3 and higher
bin/logstash-plugin install --no-verify
# Prior to Logstash 2.3
bin/plugin install --no-verify
(c) 2020 Karol Bucek. See LICENSE (http://www.apache.org/licenses/LICENSE-2.0) for details.
FAQs
Unknown package
We found that logstash-filter-javascript demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.