feat: add elasticsearch-logger

apisix/plugins/elasticsearch-logging.lua

@@ -0,0 +1,154 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements.  See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License.  You may obtain a copy of the License at
+--
+--     http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+local ngx             = ngx
+local core            = require("apisix.core")
+local ngx_now         = ngx.now
+local http            = require("resty.http")
+local log_util        = require("apisix.utils.log-util")
+local bp_manager_mod  = require("apisix.utils.batch-processor-manager")
+
+local DEFAULT_ELASTICSEARCH_SOURCE = "apache-apisix-elasticsearch-logging"
+
+local plugin_name = "elasticsearch-logging"
+local batch_processor_manager = bp_manager_mod.new(plugin_name)
+local str_format = core.string.format
+local str_sub = string.sub
+
+
+local schema = {
+    type = "object",
+    properties = {
+        endpoint = {
+            type = "object",
+            properties = {
+                uri = core.schema.uri_def,
+                index = { type = "string"},
+                type = { type = "string"},
+                username = { type = "string"},
+                password = { type = "string"},
+                timeout = {
+                    type = "integer",
+                    minimum = 1,
+                    default = 10
+                },
+                ssl_verify = {
+                    type = "boolean",
+                    default = true
+                }
+            },
+            required = { "uri", "index" }
+        },
+    },
+    required = { "endpoint" },
+}
+
+
+local _M = {
+    version = 0.1,
+    priority = 413,
+    name = plugin_name,
+    schema = batch_processor_manager:wrap_schema(schema),
+}
+
+
+function _M.check_schema(conf)
+    return core.schema.check(schema, conf)
+end
+
+
+local function get_logger_entry(conf)
+    local entry = log_util.get_full_log(ngx, conf)
+    return core.json.encode({
+            create = {
+                _index = conf.endpoint.index,
+                _type = conf.endpoint.type
+            }
+        }) .. "\n" ..
+        core.json.encode({
+            time = ngx_now(),
+            host = entry.server.hostname,
+            source = DEFAULT_ELASTICSEARCH_SOURCE,
+            request_url = entry.request.url,
+            request_method = entry.request.method,
+            request_headers = entry.request.headers,
+            request_query = entry.request.querystring,
+            request_size = entry.request.size,
+            response_headers = entry.response.headers,
+            response_status = entry.response.status,
+            response_size = entry.response.size,
+            latency = entry.latency,
+            upstream = entry.upstream,
+        }) .. "\n"
+end
+
+
+local function send_to_elasticsearch(conf, entries)
+    local httpc, err = http.new()
+    if not httpc then
+        return false, str_format("create http error: %s", err)
+    end
+
+    local uri = conf.endpoint.uri ..
+        (str_sub(conf.endpoint.uri, -1) == "/" and "_bulk" or "/_bulk")
+    local body = core.table.concat(entries, "")
+    local headers = {["Content-Type"] = "application/json"}
+    if conf.endpoint.username and conf.endpoint.password then
+        local authorization = "Basic " .. ngx.encode_base64(
+            conf.endpoint.username .. ":" .. conf.endpoint.password
+        )
+        headers["Authorization"] = authorization
+    end
+
+    core.log.info("uri: ", uri, ", body: ", body, ", headers: ", core.json.encode(headers))
+
+    httpc:set_timeout(conf.endpoint.timeout * 1000)
+    local resp, err = httpc:request_uri(uri, {
+        ssl_verify = conf.endpoint.ssl_verify,
+        method = "POST",
+        headers = headers,
+        body = body
+    })
+    if not resp then
+        return false,  str_format("RequestError: %s", err or "")
+    end
+
+    if resp.status ~= 200 then
+        return false, str_format("response status: %d, response body: %s",
+        resp.status, resp.body or "")
+    end
+
+    return true
+end
+
+
+function _M.log(conf, ctx)
+    local entry = get_logger_entry(conf)
+
+    if batch_processor_manager:add_entry(conf, entry) then
+        return
+    end
+
+    local process = function(entries)
+        return send_to_elasticsearch(conf, entries)
+    end
+
+    batch_processor_manager:add_entry_to_new_processor(conf, entry, ctx, process)
+end
+
+
+return _M

ci/pod/docker-compose.plugin.yml

@@ -197,6 +197,33 @@ services:
       SPLUNK_HEC_TOKEN: "BD274822-96AA-4DA6-90EC-18940FB2414C"
       SPLUNK_HEC_SSL: "False"
 
+  # Elasticsearch Logging Service
+  elasticsearch-noauth:
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.1
+    restart: unless-stopped
+    ports:
+      - "9200:9200"
+      - "9300:9300"
+    environment:
+      ES_JAVA_OPTS: -Xms512m -Xmx512m
+      discovery.type: single-node
+      xpack.security.enabled: 'false'
+
+  elasticsearch-auth:
+    image: docker.elastic.co/elasticsearch/elasticsearch:7.17.1
+    restart: unless-stopped
+    ports:
+      - "9201:9201"
+      - "9301:9301"
+    environment:
+      ES_JAVA_OPTS: -Xms512m -Xmx512m
+      discovery.type: single-node
+      ELASTIC_USERNAME: elastic
+      ELASTIC_PASSWORD: 123456
+      http.port: 9201
+      transport.tcp.port: 9301
+      xpack.security.enabled: 'true'
+
 
 networks:
   apisix_net:

conf/config-default.yaml

@@ -451,6 +451,7 @@ plugins:                          # plugin list (sorted by priority)
   - public-api                     # priority: 501
   - prometheus                     # priority: 500
   - datadog                        # priority: 495
+  - elasticsearch-logging          # priority: 413
   - echo                           # priority: 412
   - loggly                         # priority: 411
   - http-logger                    # priority: 410

docs/en/latest/config.json

@@ -153,7 +153,8 @@
                 "plugins/google-cloud-logging",
                 "plugins/splunk-hec-logging",
                 "plugins/file-logger",
-                "plugins/loggly"
+                "plugins/loggly",
+                "plugins/elasticsearch-logging"
               ]
             }
           ]

docs/en/latest/plugins/elasticsearch-logging.md

@@ -0,0 +1,143 @@
+---
+title: elasticsearch-logging
+keywords:
+  - APISIX
+  - Plugin
+  - Elasticsearch-logging
+description: This document contains information about the Apache APISIX elasticsearch-logging Plugin.
+---
+
+<!--
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+-->
+
+## Description
+
+The `elasticsearch-logging` Plugin is used to forward logs to [Elasticsearch](https://www.elastic.co/guide/en/welcome-to-elastic/current/getting-started-general-purpose.html) for analysis and storage.
+
+When the Plugin is enabled, APISIX will serialize the request context information to [Elasticsearch Bulk format](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-bulk.html#docs-bulk) and submit it to the batch queue. When the maximum batch size is exceeded, the data in the queue is pushed to Elasticsearch. See [batch processor](../batch-processor.md) for more details.
+
+## Attributes
+
+| Name                | Required | Default                     | Description                                                  |
+| ------------------- | -------- | --------------------------- | ------------------------------------------------------------ |
+| endpoint            | True     |                             | Elasticsearch endpoint configurations.                       |
+| endpoint.uri        | True     |                             | Elasticsearch API endpoint.                                  |
+| endpoint.index      | True     |                             | Elasticsearch [_index field](https://www.elastic.co/guide/en/elasticsearch/reference/current/mapping-index-field.html#mapping-index-field) |
+| endpoint.type       | False    | Elasticsearch default value | Elasticsearch [_type field](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/mapping-type-field.html#mapping-type-field) |
+| endpoint.username   | False    |                             | Elasticsearch [authentication](https://www.elastic.co/guide/en/elasticsearch/reference/current/setting-up-authentication.html) username |
+| endpoint.password   | False    |                             | Elasticsearch [authentication](https://www.elastic.co/guide/en/elasticsearch/reference/current/setting-up-authentication.html) password |
+| endpoint.ssl_verify | False    | true                        | When set to `true` enables SSL verification as per [OpenResty docs](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake). |
+| endpoint.timeout    | False    | 10                          | Elasticsearch send data timeout in seconds.                  |
+
+This Plugin supports using batch processors to aggregate and process entries (logs/data) in a batch. This avoids the need for frequently submitting the data. The batch processor submits data every `5` seconds or when the data in the queue reaches `1000`. See [Batch Processor](../batch-processor.md#configuration) for more information or setting your custom configuration.
+
+## Enabling the Plugin
+
+### Full configuration
+
+The example below shows a complete configuration of the Plugin on a specific Route:
+
+```shell
+$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "plugins":{
+        "splunk-hec-logging":{
+            "endpoint":{
+                "uri": "http://127.0.0.1:9200",
+                "index": "services",
+                "type": "collector",
+                "timeout": 60,
+                "username": "elastic",
+                "password": "123456",
+                "ssl_verify": false
+            },
+            "buffer_duration":60,
+            "max_retry_count":0,
+            "retry_delay":1,
+            "inactive_timeout":2,
+            "batch_max_size":10
+        }
+    },
+    "upstream":{
+        "type":"roundrobin",
+        "nodes":{
+            "127.0.0.1:1980":1
+        }
+    },
+    "uri":"/elasticsearch.do"
+}'
+```
+
+### Minimal configuration
+
+The example below shows a bare minimum configuration of the Plugin on a Route:
+
+```shell
+$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "plugins":{
+        "splunk-hec-logging":{
+            "endpoint":{
+                "uri": "http://127.0.0.1:9200",
+                "index": "services"
+            }
+        }
+    },
+    "upstream":{
+        "type":"roundrobin",
+        "nodes":{
+            "127.0.0.1:1980":1
+        }
+    },
+    "uri":"/elasticsearch.do"
+}'
+```
+
+## Example usage
+
+Once you have configured the Route to use the Plugin, when you make a request to APISIX, it will be logged in your Elasticsearch server:
+
+```shell
+$ curl -i http://127.0.0.1:9080/elasticsearch.do?q=hello
+HTTP/1.1 200 OK
+...
+hello, world
+```
+
+You should be able to login and search these logs from your Kibana discover:
+
+![kibana search view](../../../assets/images/plugin/elasticsearch-admin-en.png)
+
+## Disable Plugin
+
+To disable the `elasticsearch-logging` Plugin, you can delete the corresponding JSON configuration from the Plugin configuration. APISIX will automatically reload and you do not have to restart for this to take effect.
+
+```shell
+$ curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d '
+{
+    "plugins":{},
+    "upstream":{
+        "type":"roundrobin",
+        "nodes":{
+            "127.0.0.1:1980":1
+        }
+    },
+    "uri":"/elasticsearch.do"
+}'
+```

docs/zh/latest/README.md

@@ -143,7 +143,7 @@ A/B 测试、金丝雀发布（灰度发布）、蓝绿部署、限流限速、
     - 高性能：在单核上 QPS 可以达到 18k，同时延迟只有 0.2 毫秒。
     - [故障注入](plugins/fault-injection.md)
     - [REST Admin API](admin-api.md)：使用 REST Admin API 来控制 Apache APISIX，默认只允许 127.0.0.1 访问，你可以修改 `conf/config.yaml` 中的 `allow_admin` 字段，指定允许调用 Admin API 的 IP 列表。同时需要注意的是，Admin API 使用 key auth 来校验调用者身份，**在部署前需要修改 `conf/config.yaml` 中的 `admin_key` 字段，来保证安全。**
-    - 外部日志记录器：将访问日志导出到外部日志管理工具。（[HTTP Logger](plugins/http-logger.md)、[TCP Logger](plugins/tcp-logger.md)、[Kafka Logger](plugins/kafka-logger.md)、[UDP Logger](plugins/udp-logger.md)、[RocketMQ Logger](plugins/rocketmq-logger.md)、[SkyWalking Logger](plugins/skywalking-logger.md)、[Alibaba Cloud Logging(SLS)](plugins/sls-logger.md)、[Google Cloud Logging](plugins/google-cloud-logging.md)、[Splunk HEC Logging](plugins/splunk-hec-logging.md)、[File Logger](plugins/file-logger.md)）
+    - 外部日志记录器：将访问日志导出到外部日志管理工具。（[HTTP Logger](plugins/http-logger.md)、[TCP Logger](plugins/tcp-logger.md)、[Kafka Logger](plugins/kafka-logger.md)、[UDP Logger](plugins/udp-logger.md)、[RocketMQ Logger](plugins/rocketmq-logger.md)、[SkyWalking Logger](plugins/skywalking-logger.md)、[Alibaba Cloud Logging(SLS)](plugins/sls-logger.md)、[Google Cloud Logging](plugins/google-cloud-logging.md)、[Splunk HEC Logging](plugins/splunk-hec-logging.md)、[File Logger](plugins/file-logger.md)、[Elasticsearch Logging](plugins/elasticsearch-logging.md)）
     - [Helm charts](https://github.com/apache/apisix-helm-chart)
 
 - **高度可扩展**

docs/zh/latest/config.json

@@ -152,7 +152,8 @@
                 "plugins/sls-logger",
                 "plugins/google-cloud-logging",
                 "plugins/splunk-hec-logging",
-                "plugins/file-logger"
+                "plugins/file-logger",
+                "plugins/elasticsearch-logging"
               ]
             }
           ]