fluent-plugin-azureeventhubs_splunk 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: b26b2a5309570c664ba85890015ece297d430b878c57d863245c80b0b2105734
+  data.tar.gz: ce9cfe9ce9515cc2f10b87c478ba70be27ac70fe76b9079ae84aacf1fe02b7d8
+SHA512:
+  metadata.gz: 3a1bf4937c3e9e1ceccb13993d8f1696893f89e94a37438d6bba23271897e37ab73060d3f1034187699eb1759b429075ab9468ae5d7d45009ea53c0a6d4804a3
+  data.tar.gz: f86de1be539821695fbd5187ddd0e29ec4280f22a86ea9698a7c1abb226c42d6949c30aee1f86c9abab20a51cb88c0f6bba8fa35ee76520f5f2825d06485c22a

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-azureeventhubs_splunk.gemspec
+gemspec

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Hidemasa Togashi
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,48 @@
+# Fluent::Plugin::AzureeventhubsSplunk
+
+Azure Event Hubs buffered output plugin for Fluentd in Splunk format.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'fluent-plugin-azureeventhubs_splunk'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install fluent-plugin-azureeventhubs_splunk
+
+## Configuration
+
+```
+<match pattern>
+  type azureeventhubs_splunk
+
+  connection_string <Paste SAS connection string from Azure Management Potal>
+  hub_name          <Name of Event Hubs>
+  include_tag       (true|false) # true: Include tag into record [Optional: default => false]
+  include_time      (true|false) # true: Include time into record [Optional: default => false]
+  tag_time_name     record_time  # record tag for time when include_time sets true. [Optional: default => 'time']
+  type              (https|amqps) # Connection type. [Optional: default => https]. Note that amqps is not implementated.
+  expiry_interval   <Integer number> # Signature expiration time interval in seconds. [Optional: default => 3600 (60min)]
+  proxy_addr       <Host or IP> # Address of the proxy [Optional]
+  proxy_port	   <Integer>   # Proxy port. [Optional: default => 3128]
+  read_timeout     <Integer>   # HTTP Read timeout in seconds[Optional: default => 60]
+  open_timeout     <Integer>   # HTTP Open timeout in seconds[Optional: default => 60]
+  message_properties <Json Object> # A json object of key/value pairs to add Properties to the events being sent to EventHubs [Optional: default => nil]
+</match>
+```
+
+## Contributing
+
+1. Fork it ( https://github.com/[my-github-username]/fluent-plugin-azureeventhubs_splunk/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,2 @@
+require "bundler/gem_tasks"
+

data/fluent-plugin-azureeventhubs-splunk.gemspec

@@ -0,0 +1,22 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+Gem::Specification.new do |spec|
+  spec.name          = "fluent-plugin-azureeventhubs_splunk"
+  spec.version       = "0.0.1"
+  spec.authors       = ["James Peet"]
+  spec.email         = ["james.peet@amido.com"]
+  spec.summary       = "Forwards Fluentd output to Azure EventHubs in Splunk format"
+  spec.description   = "Forwards Fluentd output to Azure EventHubs in Splunk format. Forked from https://github.com/htgc/fluent-plugin-azureeventhubs"
+  spec.homepage      = "https://github.com/peet-j/fluent-plugin-azureeventhubs_splunk"
+  spec.license       = "MIT"
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.7"
+  spec.add_development_dependency "rake", "~> 10.0"
+  spec.add_dependency "fluentd", [">= 0.14.15", "< 2"]
+end

data/lib/fluent/plugin/azureeventhubsplunk/http.rb

@@ -0,0 +1,78 @@
+
+class AzureEventHubsSplunkHttpSender
+  def initialize(plugin, connection_string, hub_name, expiry=3600, proxy_addr='', proxy_port=3128, open_timeout=60, read_timeout=60)
+    require 'openssl'
+    require 'base64'
+    require 'net/http'
+    require 'json'
+    require 'cgi'
+    require 'time'
+    @plugin = plugin
+    @connection_string = connection_string
+    @hub_name = hub_name
+    @expiry_interval = expiry
+    @proxy_addr = proxy_addr
+    @proxy_port = proxy_port
+    @open_timeout = open_timeout
+    @read_timeout = read_timeout
+
+    if @connection_string.count(';') != 2
+      raise "Connection String format is not correct"
+    end
+
+    @connection_string.split(';').each do |part|
+      if ( part.index('Endpoint') == 0 )
+        @endpoint = 'https' + part[11..-1]
+      elsif ( part.index('SharedAccessKeyName') == 0 )
+        @sas_key_name = part[20..-1]
+      elsif ( part.index('SharedAccessKey') == 0 )
+        @sas_key_value = part[16..-1]
+      end
+    end
+    @uri = URI.parse("#{@endpoint}#{@hub_name}/messages")
+    @plugin.log.info "Initialized AzureEventHubsSplunkHttpSender. uri: #{@uri}"
+  end
+
+  def generate_sas_token(uri)
+    target_uri = CGI.escape(uri.downcase).downcase
+    expiry = Time.now.to_i + @expiry_interval
+    to_sign = "#{target_uri}\n#{expiry}";
+    signature = CGI.escape(Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest.new('sha256'), @sas_key_value, to_sign)).strip())
+    token = "SharedAccessSignature sr=#{target_uri}&sig=#{signature}&se=#{expiry}&skn=#{@sas_key_name}"
+    return token
+  end
+
+  private :generate_sas_token
+
+  def send(payload)
+    send_w_properties(payload, nil)
+  end
+
+  def send_w_properties(payload, properties)
+    token = generate_sas_token(@uri.to_s)
+    headers = {
+      'Content-Type' => 'application/json;type=entry;charset=utf-8',
+      'Authorization' => token
+    }
+    if not properties.nil?
+      headers = headers.merge(properties)
+    end
+    if (@proxy_addr.to_s.empty?)
+    	https = Net::HTTP.new(@uri.host, @uri.port)
+        https.open_timeout = @open_timeout
+        https.read_timeout = @read_timeout
+    else
+    	https = Net::HTTP.new(@uri.host, @uri.port,@proxy_addr,@proxy_port)
+        https.open_timeout = @open_timeout
+        https.read_timeout = @read_timeout
+    end
+    https.use_ssl = true
+    req = Net::HTTP::Post.new(@uri.request_uri, headers)
+    req.body = payload.to_json
+    @plugin.log.info "Sending payload to EventHub: #{req.body}"
+    res = https.request(req)
+    @plugin.log.info "Response code from EventHub: #{res.code}"
+    @plugin.log.info "Response body from EventHub: #{res.body}"
+  rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ETIMEDOUT, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e
+  end
+end

data/lib/fluent/plugin/out_azureeventhubs_splunk.rb

@@ -0,0 +1,79 @@
+module Fluent::Plugin
+
+  class AzureEventHubsOutputSplunk < Output
+    Fluent::Plugin.register_output('azureeventhubs_splunk', self)
+
+    helpers :compat_parameters, :inject
+
+    DEFAULT_BUFFER_TYPE = "memory"
+
+    config_param :connection_string, :string
+    config_param :hub_name, :string
+    config_param :include_tag, :bool, :default => false
+    config_param :include_time, :bool, :default => false
+    config_param :tag_time_name, :string, :default => 'time'
+    config_param :expiry_interval, :integer, :default => 3600 # 60min
+    config_param :type, :string, :default => 'https' # https / amqps (Not Implemented)
+    config_param :proxy_addr, :string, :default => ''
+    config_param :proxy_port, :integer,:default => 3128
+    config_param :open_timeout, :integer,:default => 60
+    config_param :read_timeout, :integer,:default => 60
+    config_param :message_properties, :hash, :default => nil
+    config_param :max_events_per_send, :integer, :default => 100
+
+    config_section :buffer do
+      config_set_default :@type, DEFAULT_BUFFER_TYPE
+      config_set_default :chunk_keys, ['tag']
+    end
+
+    def configure(conf)
+      compat_parameters_convert(conf, :buffer, :inject)
+      super
+      case @type
+      when 'amqps'
+        raise NotImplementedError
+      else
+        require_relative 'azureeventhubsplunk/http'
+        @sender = AzureEventHubsSplunkHttpSender.new(self, @connection_string, @hub_name, @expiry_interval, @proxy_addr, @proxy_port, @open_timeout, @read_timeout)
+      end
+      raise Fluent::ConfigError, "'tag' in chunk_keys is required." if not @chunk_key_tag
+    end
+
+    def format(tag, time, record)
+      record = inject_values_to_record(tag, time, record)
+      [tag, time, record].to_msgpack
+    end
+
+    def formatted_to_msgpack_binary?
+      true
+    end
+
+    def write(chunk)
+      log.info "Have EventHub chunk to write..."
+      chunk.msgpack_each { |tag, time, record|
+        records ||= []
+        p record.to_s
+        if @include_tag
+          record['tag'] = tag
+        end
+        if @include_time
+          record[@tag_time_name] = time
+        end
+        records << record
+      }
+      log.info "Processed batch of #{records.size()}. Forwarding to EventHub..."
+      process_in_batches(records)
+    end
+
+    # This will need tuning dependent on eventhub/splunk payload limits
+    # Also ought to have some error handling
+    def process_in_batches(records)
+      records.each_slice(@max_events_per_send).each { |batch|
+        payload = { "records" => batch }
+        log.info "Sending batch of #{batch.size()} records to EventHub..."
+        @sender.send_w_properties(payload, @message_properties)
+      }
+    end
+
+  end
+end

metadata

@@ -0,0 +1,100 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-azureeventhubs_splunk
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- James Peet
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2018-01-24 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.7'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.15
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.15
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '2'
+description: Forwards Fluentd output to Azure EventHubs in Splunk format. Forked from
+  https://github.com/htgc/fluent-plugin-azureeventhubs
+email:
+- james.peet@amido.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- fluent-plugin-azureeventhubs-splunk.gemspec
+- lib/fluent/plugin/azureeventhubsplunk/http.rb
+- lib/fluent/plugin/out_azureeventhubs_splunk.rb
+homepage: https://github.com/peet-j/fluent-plugin-azureeventhubs_splunk
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.7.4
+signing_key: 
+specification_version: 4
+summary: Forwards Fluentd output to Azure EventHubs in Splunk format
+test_files: []