fluent-plugin-in-http-splunk-hec 0.1.0.rc1 → 0.1.0.rc2
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b026a18f2c30a139c8718e3669993e0ccf885f04ecde1447399943d4b2b876ab
|
|
4
|
+
data.tar.gz: c85f866af026a2629301bd1d3a6af6f69df58b3a00c5eb0c2e472bdea9afc869
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 5e6802be2857560aa6e06a58ec8d7a53132bfac6fb25eadee5a1d7009d85c3219bcf57ae6dfc8c0e85decf0e37e13baeedba22a62b6078d04e96ac8ba0afb5e3
|
|
7
|
+
data.tar.gz: c61be912ec432173f1d9a394197366de879462f8bd186ffd0d07f4e3484c2f1c6d87cebdcd32843ec093ae347025fb5fad682cec6deb194cf9a1b2de3cc16d70
|
data/README.md
CHANGED
|
@@ -118,6 +118,70 @@ This plugin can handle Splunk HEC HTTP requests with the following configuration
|
|
|
118
118
|
# And other data pipeline
|
|
119
119
|
```
|
|
120
120
|
|
|
121
|
+
### Advanced Usage
|
|
122
|
+
|
|
123
|
+
`in_http_splunk_hec` can be combined `fluent-plugin-cmetrics` to forward ingested Splunk metric records from mimicking Splunk HTTP HEC endpoint.
|
|
124
|
+
|
|
125
|
+
When you want to use the below Splunk HTTP HEC aggregator, you have to install `fluent-plugin-cmetrics` before you use that.
|
|
126
|
+
|
|
127
|
+
This plugin also can aggregate and the latter data pipeline can forward Splunk metric events with the following configuration:
|
|
128
|
+
|
|
129
|
+
```aconf
|
|
130
|
+
<source>
|
|
131
|
+
@type http_splunk_hec
|
|
132
|
+
bind 0.0.0.0
|
|
133
|
+
port 8089
|
|
134
|
+
body_size_limit 32MB
|
|
135
|
+
keepalive_timeout 10
|
|
136
|
+
# backlog 0
|
|
137
|
+
add_http_headers false
|
|
138
|
+
# Use the actual Splunk HTTP HEC endpoint token
|
|
139
|
+
splunk_token <<YOUR_SPLUNK_HEC_TOKEN>>
|
|
140
|
+
<parse>
|
|
141
|
+
@type none
|
|
142
|
+
</parse>
|
|
143
|
+
</source>
|
|
144
|
+
|
|
145
|
+
<filter services.collector>
|
|
146
|
+
@type concatenated_splunk_json
|
|
147
|
+
</filter>
|
|
148
|
+
|
|
149
|
+
<match services.collector>
|
|
150
|
+
@type copy
|
|
151
|
+
<store>
|
|
152
|
+
@type rdkafka2
|
|
153
|
+
brokers <<BROKER_URL:BROKER_PORT>>
|
|
154
|
+
topic services.collector
|
|
155
|
+
default_topic services.collector
|
|
156
|
+
use_event_time true
|
|
157
|
+
required_acks 1
|
|
158
|
+
<format>
|
|
159
|
+
# This plugin is included in `fluent-plugin-cmetrics`.
|
|
160
|
+
@type cmetrics_splunk_metric_payload
|
|
161
|
+
host_key host
|
|
162
|
+
cmetrics_name_key $.fields.metric_name
|
|
163
|
+
cmetrics_value_key $.fields._value
|
|
164
|
+
# Specifying the below parameter and `$.fields` in `<fields>` plugin custom directive,
|
|
165
|
+
# out_rdkafka2 can send Splunk metrics style records into Kafka.
|
|
166
|
+
#
|
|
167
|
+
# To remove the `$.fields` prefix from Splunk dimensions,
|
|
168
|
+
# This parameter should be true.
|
|
169
|
+
only_use_last_field_keys true
|
|
170
|
+
<fields>
|
|
171
|
+
$.fields
|
|
172
|
+
</fields>
|
|
173
|
+
</format>
|
|
174
|
+
<buffer>
|
|
175
|
+
@type memory
|
|
176
|
+
flush_interval 10s
|
|
177
|
+
</buffer>
|
|
178
|
+
</store>
|
|
179
|
+
<store>
|
|
180
|
+
@type stdout
|
|
181
|
+
</store>
|
|
182
|
+
</match>
|
|
183
|
+
```
|
|
184
|
+
|
|
121
185
|
## Copyright
|
|
122
186
|
|
|
123
187
|
* Copyright(c) 2021- Calyptia Inc.
|
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = "fluent-plugin-in-http-splunk-hec"
|
|
6
|
-
spec.version = "0.1.0.
|
|
6
|
+
spec.version = "0.1.0.rc2"
|
|
7
7
|
spec.authors = ["Hiroshi Hatake"]
|
|
8
8
|
spec.email = ["cosmo0920.oucc@gmail.com"]
|
|
9
9
|
|
|
@@ -37,8 +37,12 @@ module Fluent
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def parse_splunk_timestamp(timestamp)
|
|
40
|
-
|
|
41
|
-
|
|
40
|
+
if !timestamp.nil?
|
|
41
|
+
timestamp = Float(timestamp)
|
|
42
|
+
Fluent::EventTime.from_time(Time.at(timestamp.to_r))
|
|
43
|
+
else
|
|
44
|
+
Fluent::EventTime.now
|
|
45
|
+
end
|
|
42
46
|
end
|
|
43
47
|
|
|
44
48
|
def filter_stream(tag, es)
|
|
@@ -19,6 +19,16 @@ class ConcatenatedSplunkJSONFilterTest < Test::Unit::TestCase
|
|
|
19
19
|
time_key time
|
|
20
20
|
]
|
|
21
21
|
|
|
22
|
+
test "parsing simple body w/o time_key" do
|
|
23
|
+
d = create_driver
|
|
24
|
+
d.run(default_tag: "test") do
|
|
25
|
+
d.feed(Fluent::EventTime.now, {"message" => '{"event":"Hello, world!", "sourcetype":"manual"}'})
|
|
26
|
+
end
|
|
27
|
+
assert do
|
|
28
|
+
d.filtered.size >= 1
|
|
29
|
+
end
|
|
30
|
+
end
|
|
31
|
+
|
|
22
32
|
test "parsing condensed body" do
|
|
23
33
|
d = create_driver
|
|
24
34
|
d.run(default_tag: "test") do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-in-http-splunk-hec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.0.
|
|
4
|
+
version: 0.1.0.rc2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Hiroshi Hatake
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-01-14 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|