fluent-plugin-splunk-enterprise 0.9.2 → 0.9.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +4 -0
- data/README.hec.md +16 -1
- data/fluent-plugin-splunk-enterprise.gemspec +1 -1
- data/lib/fluent/plugin/out_splunk_hec.rb +12 -3
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: '0886391d8c5ddfbb4ef05d609f65e9ab617cd6750c551915bf2d93c32f54c202'
|
|
4
|
+
data.tar.gz: aa6bb4b4b3e009952bc5419dfe79f8e8a9532b9a5af12081ad596b0d33705261
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc6d04e3c6f06c1dd1efb9f8ce64cde333da4fe34ab14e26f83c852e98c8f01fb66fe83eb820f28d2d5d79eb9bf7226c201e737202d6ca3f7b9b1aebc9a2cf42
|
|
7
|
+
data.tar.gz: e966dd045eb323d19c6bca91bd64ccd4866665f06d5f8b6a20b68974602d61d1f7743a718d7670158167455264dabc2396eec664cba66630a2a725f41165056c
|
data/CHANGELOG.md
CHANGED
data/README.hec.md
CHANGED
|
@@ -14,7 +14,10 @@
|
|
|
14
14
|
* [source_key](#source_key)
|
|
15
15
|
* [default_index](#default_index)
|
|
16
16
|
* [index_key](#index_key)
|
|
17
|
+
* [default_sourcetype](#default_sourcetype)
|
|
17
18
|
* [sourcetype](#sourcetype)
|
|
19
|
+
* [sourcetype_key](#sourcetype_key)
|
|
20
|
+
* [remove_sourcetype_key](#remove_sourcetype_key)
|
|
18
21
|
* [use_fluentd_time](#use_fluentd_time)
|
|
19
22
|
* [use_ack](#use_ack)
|
|
20
23
|
* [channel](#channel)
|
|
@@ -110,9 +113,21 @@ If you set this, the value associated with this key in each record is used as in
|
|
|
110
113
|
|
|
111
114
|
If you set this, the field specified by the `index_key` will be removed
|
|
112
115
|
|
|
116
|
+
### default_sourcetype
|
|
117
|
+
|
|
118
|
+
If you set this, the value is set as sourcetype metadata if `sourcetype_key` is not set or not found in the record.
|
|
119
|
+
|
|
113
120
|
### sourcetype
|
|
114
121
|
|
|
115
|
-
|
|
122
|
+
Deprecated. Same as `default_sourcetype`, kept for backwards compability.
|
|
123
|
+
|
|
124
|
+
### sourcetype_key
|
|
125
|
+
|
|
126
|
+
If you set this, the value associated with this key in each record is used as sourcetype metadata. When the key is missing, `default_sourcetype` is used.
|
|
127
|
+
|
|
128
|
+
### remove_sourcetype_key
|
|
129
|
+
|
|
130
|
+
If you set this, the field specified by the `sourcetype_key` will be removed
|
|
116
131
|
|
|
117
132
|
### use_fluentd_time
|
|
118
133
|
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-splunk-enterprise"
|
|
7
|
-
spec.version = "0.9.
|
|
7
|
+
spec.version = "0.9.3"
|
|
8
8
|
spec.authors = ["Yuki Ito", "Masahiro Nakagawa"]
|
|
9
9
|
spec.email = ["yito@treasure-data.com", "repeatedly@gmail.com"]
|
|
10
10
|
|
|
@@ -22,7 +22,10 @@ module Fluent
|
|
|
22
22
|
config_param :default_index, :string, default: nil
|
|
23
23
|
config_param :index_key, :string, default: nil
|
|
24
24
|
config_param :remove_index_key, :bool, default: false
|
|
25
|
-
config_param :sourcetype, :string, default: nil
|
|
25
|
+
config_param :sourcetype, :string, default: nil, deprecated: "Use default_sourcetype instead"
|
|
26
|
+
config_param :default_sourcetype, :string, default: nil
|
|
27
|
+
config_param :sourcetype_key, :string, default: nil
|
|
28
|
+
config_param :remove_sourcetype_key, :bool, default: false
|
|
26
29
|
config_param :use_fluentd_time, :bool, default: true
|
|
27
30
|
|
|
28
31
|
# for Indexer acknowledgement
|
|
@@ -52,6 +55,8 @@ module Fluent
|
|
|
52
55
|
raise ConfigError, "'ack_interval' parameter must be a non negative integer" if @use_ack && @ack_interval < 0
|
|
53
56
|
raise ConfigError, "'event_key' parameter is required when 'raw' is true" if @raw && !@event_key
|
|
54
57
|
raise ConfigError, "'channel' parameter is required when 'raw' is true" if @raw && !@channel
|
|
58
|
+
|
|
59
|
+
@default_sourcetype = @sourcetype if @sourcetype && !@default_sourcetype
|
|
55
60
|
|
|
56
61
|
# build hash for query string
|
|
57
62
|
if @raw
|
|
@@ -59,7 +64,7 @@ module Fluent
|
|
|
59
64
|
@query['host'] = @default_host if @default_host
|
|
60
65
|
@query['source'] = @default_source if @default_source
|
|
61
66
|
@query['index'] = @default_index if @default_index
|
|
62
|
-
@query['sourcetype'] = @
|
|
67
|
+
@query['sourcetype'] = @default_sourcetype if @default_sourcetype
|
|
63
68
|
end
|
|
64
69
|
end
|
|
65
70
|
|
|
@@ -103,7 +108,11 @@ module Fluent
|
|
|
103
108
|
msg['time'] = time if @use_fluentd_time
|
|
104
109
|
|
|
105
110
|
# metadata
|
|
106
|
-
|
|
111
|
+
if record[@sourcetype_key]
|
|
112
|
+
msg['sourcetype'] = @remove_sourcetype_key ? record.delete(@sourcetype_key) : record[@sourcetype_key]
|
|
113
|
+
elsif @default_sourcetype
|
|
114
|
+
msg['sourcetype'] = @default_sourcetype
|
|
115
|
+
end
|
|
107
116
|
|
|
108
117
|
if record[@host_key]
|
|
109
118
|
msg['host'] = @remove_host_key ? record.delete(@host_key) : record[@host_key]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Ito
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2019-
|
|
12
|
+
date: 2019-06-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fluentd
|
|
@@ -135,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
135
135
|
- !ruby/object:Gem::Version
|
|
136
136
|
version: '0'
|
|
137
137
|
requirements: []
|
|
138
|
-
|
|
139
|
-
rubygems_version: 2.6.14.1
|
|
138
|
+
rubygems_version: 3.0.3
|
|
140
139
|
signing_key:
|
|
141
140
|
specification_version: 4
|
|
142
141
|
summary: Splunk output plugin for Fluentd
|