Merge branch '8.11' into testing-logstash-chainguard

* 8.11:
  [ci] Add testing phase to exhaustive tests suite (#15711) (#15717)
  [ci] Reusable unit + IT test steps for Buildkite (#15708) (#15714)
  Remove temporary dependencies in logstash-core.gemspec (#15694)
  Release notes for 8.11.3 (#15681)
  bump version to 8.11.4 (#15682)
  Doc: Add docs for extending integrations with filter-elastic_integrations (#15518) (#15675)
  Update JRuby to 9.4.5.0 (#15531) (#15670)
  bump to 8.11.3 (#15669)
  Release notes for 8.11.2 (#15660)
  Doc: Update Logstash intro and security overview for serverless (#15313) (#15664)
  Shutdown DLQ segments flusher only if it has been started (#15649) (#15656)

.buildkite/pull_request_pipeline.yml

@@ -38,9 +38,14 @@ steps:
       ephemeralStorage: "100Gi"
     command: |
       set -euo pipefail
+      if [[ $BUILDKITE_PULL_REQUEST == "false" ]]; then
+        # https://github.com/elastic/logstash/pull/15486 for background
+        export ENABLE_SONARQUBE="false"
+      else
+        source .buildkite/scripts/pull-requests/sonar-env.sh
+      fi
 
       source .buildkite/scripts/common/container-agent.sh
-      source .buildkite/scripts/pull-requests/sonar-env.sh
       ci/unit_tests.sh java
 
   - label: ":lab_coat: Integration Tests / part 1"

.buildkite/scripts/exhaustive-tests/generate-steps.py

@@ -9,6 +9,7 @@
 
 VM_IMAGES_FILE = ".buildkite/scripts/common/vm-images.json"
 VM_IMAGE_PREFIX = "platform-ingest-logstash-multi-jdk-"
+CUR_PATH = os.path.dirname(os.path.abspath(__file__))
 
 def slugify_bk_key(key: str) -> str:
     """
@@ -20,6 +21,10 @@ def slugify_bk_key(key: str) -> str:
 
     return key.translate(mapping_table)
 
+def testing_phase_steps() -> typing.Dict[str, typing.List[typing.Any]]:
+    with open(os.path.join(CUR_PATH, "..", "..", "pull_request_pipeline.yml")) as fp:
+        return YAML().load(fp)
+
 def compat_linux_step(imagesuffix: str) -> dict[str, typing.Any]:
     linux_command = LiteralScalarString("""#!/usr/bin/env bash
 set -eo pipefail
@@ -89,15 +94,23 @@ def randomized_windows_os() -> str:
 
     structure = {"steps": []}
 
+    structure["steps"].append({
+        "group": "Testing Phase",
+        "key": "testing-phase",
+        **testing_phase_steps(),
+    })
+
     structure["steps"].append({
             "group": "Compatibility / Linux",
             "key": "compatibility-linux",
+            "depends_on": "testing-phase",
             "steps": compat_linux_steps,
     })
 
     structure["steps"].append({
             "group": "Compatibility / Windows",
             "key": "compatibility-windows",
+            "depends_on": "testing-phase",
             "steps": [compat_windows_step(imagesuffix=windows_test_os)],
     })
 

Gemfile.jruby-3.1.lock.release

@@ -2,48 +2,38 @@ PATH
   remote: logstash-core-plugin-api
   specs:
     logstash-core-plugin-api (2.1.16-java)
-      logstash-core (= 8.11.2)
+      logstash-core (= 8.11.4)
 
 PATH
   remote: logstash-core
   specs:
-    logstash-core (8.11.2-java)
-      cgi (~> 0.3.6)
+    logstash-core (8.11.4-java)
       clamp (~> 1)
       concurrent-ruby (~> 1, < 1.1.10)
-      date (~> 3.3.3)
       down (~> 5.2.0)
       elasticsearch (~> 7)
-      ffi (~> 1.15.5)
-      ffi-binary-libfixposix (~> 0.5.1.1)
       filesize (~> 0.2)
       gems (~> 1)
       i18n (~> 1)
       jrjackson (= 0.4.18)
       jruby-openssl (~> 0.14.1)
       manticore (~> 0.6)
       minitar (~> 0.8)
-      net-http (~> 0.3.0)
-      net-protocol (~> 0.1.2)
       pry (~> 0.12)
       puma (~> 6.3, >= 6.3.1)
       rack (~> 2)
-      reline (~> 0.3.5)
       rubyzip (~> 1)
       sinatra (~> 2)
       stud (~> 0.0.19)
       thread_safe (~> 0.3.6)
       thwait
-      time (~> 0.2.2)
-      timeout (~> 0.3.2)
       treetop (~> 1)
       tzinfo-data
-      uri (~> 0.12.1)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.8.5)
+    addressable (2.8.6)
       public_suffix (>= 2.0.2, < 6.0)
     amazing_print (1.5.0)
     arr-pm (0.0.12)
@@ -89,12 +79,11 @@ GEM
     belzebuth (0.2.3)
       childprocess
     benchmark-ips (2.12.0)
-    bigdecimal (3.1.4-java)
+    bigdecimal (3.1.5-java)
     bindata (2.4.15)
     buftok (0.2.0)
     builder (3.2.4)
     cabin (0.9.0)
-    cgi (0.3.6-java)
     childprocess (4.1.0)
     ci_reporter (2.1.0)
       builder (>= 2.1.2)
@@ -157,9 +146,7 @@ GEM
     faraday-patron (1.0.0)
     faraday-rack (1.0.0)
     faraday-retry (1.0.3)
-    ffi (1.15.5-java)
-    ffi-binary-libfixposix (0.5.1.1-java)
-      ffi (~> 1.0)
+    ffi (1.16.3-java)
     filesize (0.2.0)
     fivemat (1.3.7)
     flores (0.0.8)
@@ -193,7 +180,6 @@ GEM
     i18n (1.14.1)
       concurrent-ruby (~> 1.0)
     insist (1.0.0)
-    io-console (0.6.0-java)
     jar-dependencies (0.4.1)
     jls-grok (0.11.5)
       cabin (>= 0.6.0)
@@ -281,7 +267,7 @@ GEM
       logstash-mixin-ecs_compatibility_support (~> 1.3)
       logstash-mixin-event_support (~> 1.0)
       logstash-patterns-core
-    logstash-codec-netflow (4.3.0)
+    logstash-codec-netflow (4.3.1)
       bindata (>= 1.5.0)
       logstash-core-plugin-api (~> 2.0)
       logstash-mixin-event_support (~> 1.0)
@@ -458,7 +444,7 @@ GEM
       logstash-mixin-ecs_compatibility_support (~> 1.3)
       logstash-mixin-scheduler (~> 1.0)
       stud (~> 0.0.22)
-    logstash-input-file (4.4.5)
+    logstash-input-file (4.4.6)
       addressable
       concurrent-ruby (~> 1.0)
       logstash-codec-multiline (~> 3.0)
@@ -565,13 +551,13 @@ GEM
       logstash-core-plugin-api (>= 1.60, <= 2.99)
       logstash-mixin-ecs_compatibility_support (~> 1.2)
       logstash-mixin-normalize_config_support (~> 1.0)
-    logstash-input-twitter (4.1.0)
+    logstash-input-twitter (4.1.1)
       http-form_data (~> 2)
       logstash-core-plugin-api (>= 1.60, <= 2.99)
       logstash-mixin-ecs_compatibility_support (~> 1.3)
       logstash-mixin-event_support (~> 1.0)
       logstash-mixin-validator_support (~> 1.0)
-      public_suffix (~> 3)
+      public_suffix (> 4, < 6)
       stud (>= 0.0.22, < 0.1)
       twitter (= 6.2.0)
     logstash-input-udp (3.5.0)
@@ -747,9 +733,7 @@ GEM
     mustermann (2.0.2)
       ruby2_keywords (~> 0.0.1)
     naught (1.1.0)
-    net-http (0.3.2)
-      uri
-    net-imap (0.4.6)
+    net-imap (0.4.8)
       date
       net-protocol
     net-pop (0.1.2)
@@ -784,7 +768,7 @@ GEM
       spoon (~> 0.0)
     psych (5.1.1.1-java)
       jar-dependencies (>= 0.1.7)
-    public_suffix (3.1.1)
+    public_suffix (5.0.4)
     puma (6.4.0-java)
       nio4r (~> 2.0)
     raabro (1.4.0)
@@ -797,9 +781,7 @@ GEM
     rainbow (3.1.1)
     rake (13.0.6)
     redis (4.8.1)
-    regexp_parser (2.8.2)
-    reline (0.3.9)
-      io-console (~> 0.5)
+    regexp_parser (2.8.3)
     rexml (3.2.6)
     rspec (3.12.0)
       rspec-core (~> 3.12.0)
@@ -855,8 +837,6 @@ GEM
     thwait (0.2.0)
       e2mmap
     tilt (2.3.0)
-    time (0.2.2)
-      date
     timeout (0.3.2)
     treetop (1.6.12)
       polyglot (~> 0.3)
@@ -877,7 +857,6 @@ GEM
       tzinfo (>= 1.0.0)
     unf (0.1.4-java)
     unicode-display_width (2.5.0)
-    uri (0.12.2)
     webhdfs (0.10.2)
       addressable
     webmock (3.19.1)
@@ -1019,4 +998,4 @@ DEPENDENCIES
   webmock (~> 3)
 
 BUNDLED WITH
-   2.3.25
+   2.3.26

docs/index.asciidoc

@@ -34,6 +34,26 @@ type of event can be enriched and transformed with a broad array of input, filte
 native codecs further simplifying the ingestion process. Logstash accelerates your insights by harnessing a greater
 volume and variety of data.
 
+
+[serverless]
+.Logstash to {serverless-full}
+****
+You'll use the {ls} <<plugins-outputs-elasticsearch,{es} output plugin>> to send data to {serverless-full}.
+Note these differences between {es-serverless} and both {ess} and self-managed {es}:
+
+* Use *API keys* to access {serverless-full} from {ls}. 
+Any user-based security settings in your in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
+* {serverless-full} uses *data streams* and {ref}/data-stream-lifecycle.html[{dlm} ({dlm-init})] instead of {ilm} ({ilm-init}). 
+Any {ilm-init} settings in your <<plugins-outputs-elasticsearch,{es} output plugin>> configuration are ignored and may cause errors.
+* *{ls} monitoring* is available through the https://github.com/elastic/integrations/blob/main/packages/logstash/_dev/build/docs/README.md[{ls} Integration] in {serverless-docs}/observability/what-is-observability-serverless[Elastic Observability] on {serverless-full}.
+
+
+.Known issue for {ls} to {es-serverless}.
+
+The logstash-output-elasticsearch `hosts` setting defaults to port :9200. Set the value to port :443 instead.
+****
+
+
 // The pass blocks here point to the correct repository for the edit links in the guide.
 
 // Introduction
@@ -113,6 +133,10 @@ include::static/config-management.asciidoc[]
 
 include::static/management/configuring-centralized-pipelines.asciidoc[]
 
+// EA Integrations to Logstash 
+// (Planting near module content for now. Will likely move it up in info architecture.)
+include::static/ea-integrations.asciidoc[]
+
 // Working with Logstash Modules
 include::static/modules.asciidoc[]
 

docs/static/ea-integrations.asciidoc

@@ -0,0 +1,79 @@
+[[ea-integrations]]
+== Using {ls} with Elastic {integrations} (Beta)
+
+You can take advantage of the extensive, built-in capabilities of Elastic {integrations}--such as managing data collection, transformation, and visualization--and then use {ls} for additional data processing and output options. 
+{ls} can further expand capabilities for use cases where you need additional processing, or if you need your data delivered to multiple destinations. 
+
+[discrete]
+[[integrations-value]]
+=== Elastic {integrations}: ingesting to visualizing 
+
+https://docs.elastic.co/integrations[Elastic {integrations}] provide quick, end-to-end solutions for:
+
+* ingesting data from a variety of data sources
+* getting the data into the {stack}, and 
+* visualizing it with purpose-built dashboards.
+
+{integrations} are available for https://docs.elastic.co/integrations/all_integrations[popular services and platforms], such as Nginx, AWS, and MongoDB, as well as many generic input types like log files.
+Each integration includes pre-packaged assets to help reduce the time between ingest and insights. 
+
+To see available integrations, go to the {kib} home page, and click **Add {integrations}**. 
+You can use the query bar to search for integrations you may want to use. 
+When you find an integration for your data source, the UI walks you through adding and configuring it. 
+
+[discrete]
+[[integrations-and-ls]]
+=== Extend {integrations} with {ls} (Beta)
+
+Logstash can run the ingest pipeline component of your integration when you use the Logstash filter-elastic_integration plugin. 
+
+.How to
+
+****
+Create a {ls} pipeline that uses the <<plugins-inputs-elastic_agent,elastic_agent input>> plugin, and the https://github.com/elastic/logstash-filter-elastic_integration[logstash-filter-elastic_integration] plugin as the _first_ filter in your {ls} pipeline.
+You can add more filters for additional processing, but they must come after the `logstash-filter-elastic_integration` plugin in your configuration. 
+Add an output plugin to complete your pipeline. 
+**** 
+
+
+**Sample pipeline configuration**
+
+[source,ruby]
+-----
+input {
+  elastic_agent { 
+    port => 5044
+  }
+}
+
+filter {
+  elastic_integration{ <1>
+    cloud_id => "<cloud id>"
+    cloud_auth => "<your_cloud-auth"    
+  }
+
+  translate { <2>
+    source => "[http][host]"
+    target => "[@metadata][tenant]"
+    dictionary_path => "/etc/conf.d/logstash/tenants.yml"
+  }
+}
+
+output { <3>
+  if [@metadata][tenant] == "tenant01" {
+    elasticsearch {
+      cloud_id => "<cloud id>"
+      api_key => "<api key>"
+    }
+  } else if [@metadata][tenant] == "tenant02" {
+    elasticsearch {
+      cloud_id => "<cloud id>"
+      api_key => "<api key>"
+    }
+  }
+}
+-----
+
+<1> Use `filter-elastic_agent` as the first filter in your pipeline 
+<2> You can use additional filters as long as they follow `filter-elastic_agent`
+<3> Sample config to output data to multiple destinations