fluent-plugin-splunk-enterprise 0.9.2 → 0.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- data/CHANGELOG.md +4 -0
- data/README.hec.md +16 -1
- data/fluent-plugin-splunk-enterprise.gemspec +1 -1
- data/lib/fluent/plugin/out_splunk_hec.rb +12 -3
- metadata +3 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
|
-
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
2
|
+
SHA256:
|
|
3
|
+
metadata.gz: '0886391d8c5ddfbb4ef05d609f65e9ab617cd6750c551915bf2d93c32f54c202'
|
|
4
|
+
data.tar.gz: aa6bb4b4b3e009952bc5419dfe79f8e8a9532b9a5af12081ad596b0d33705261
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: fc6d04e3c6f06c1dd1efb9f8ce64cde333da4fe34ab14e26f83c852e98c8f01fb66fe83eb820f28d2d5d79eb9bf7226c201e737202d6ca3f7b9b1aebc9a2cf42
|
|
7
|
+
data.tar.gz: e966dd045eb323d19c6bca91bd64ccd4866665f06d5f8b6a20b68974602d61d1f7743a718d7670158167455264dabc2396eec664cba66630a2a725f41165056c
|
data/CHANGELOG.md
CHANGED
data/README.hec.md
CHANGED
|
@@ -14,7 +14,10 @@
|
|
|
14
14
|
* [source_key](#source_key)
|
|
15
15
|
* [default_index](#default_index)
|
|
16
16
|
* [index_key](#index_key)
|
|
17
|
+
* [default_sourcetype](#default_sourcetype)
|
|
17
18
|
* [sourcetype](#sourcetype)
|
|
19
|
+
* [sourcetype_key](#sourcetype_key)
|
|
20
|
+
* [remove_sourcetype_key](#remove_sourcetype_key)
|
|
18
21
|
* [use_fluentd_time](#use_fluentd_time)
|
|
19
22
|
* [use_ack](#use_ack)
|
|
20
23
|
* [channel](#channel)
|
|
@@ -110,9 +113,21 @@ If you set this, the value associated with this key in each record is used as in
|
|
|
110
113
|
|
|
111
114
|
If you set this, the field specified by the `index_key` will be removed
|
|
112
115
|
|
|
116
|
+
### default_sourcetype
|
|
117
|
+
|
|
118
|
+
If you set this, the value is set as sourcetype metadata if `sourcetype_key` is not set or not found in the record.
|
|
119
|
+
|
|
113
120
|
### sourcetype
|
|
114
121
|
|
|
115
|
-
|
|
122
|
+
Deprecated. Same as `default_sourcetype`, kept for backwards compability.
|
|
123
|
+
|
|
124
|
+
### sourcetype_key
|
|
125
|
+
|
|
126
|
+
If you set this, the value associated with this key in each record is used as sourcetype metadata. When the key is missing, `default_sourcetype` is used.
|
|
127
|
+
|
|
128
|
+
### remove_sourcetype_key
|
|
129
|
+
|
|
130
|
+
If you set this, the field specified by the `sourcetype_key` will be removed
|
|
116
131
|
|
|
117
132
|
### use_fluentd_time
|
|
118
133
|
|
|
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
4
4
|
|
|
5
5
|
Gem::Specification.new do |spec|
|
|
6
6
|
spec.name = "fluent-plugin-splunk-enterprise"
|
|
7
|
-
spec.version = "0.9.
|
|
7
|
+
spec.version = "0.9.3"
|
|
8
8
|
spec.authors = ["Yuki Ito", "Masahiro Nakagawa"]
|
|
9
9
|
spec.email = ["yito@treasure-data.com", "repeatedly@gmail.com"]
|
|
10
10
|
|
|
@@ -22,7 +22,10 @@ module Fluent
|
|
|
22
22
|
config_param :default_index, :string, default: nil
|
|
23
23
|
config_param :index_key, :string, default: nil
|
|
24
24
|
config_param :remove_index_key, :bool, default: false
|
|
25
|
-
config_param :sourcetype, :string, default: nil
|
|
25
|
+
config_param :sourcetype, :string, default: nil, deprecated: "Use default_sourcetype instead"
|
|
26
|
+
config_param :default_sourcetype, :string, default: nil
|
|
27
|
+
config_param :sourcetype_key, :string, default: nil
|
|
28
|
+
config_param :remove_sourcetype_key, :bool, default: false
|
|
26
29
|
config_param :use_fluentd_time, :bool, default: true
|
|
27
30
|
|
|
28
31
|
# for Indexer acknowledgement
|
|
@@ -52,6 +55,8 @@ module Fluent
|
|
|
52
55
|
raise ConfigError, "'ack_interval' parameter must be a non negative integer" if @use_ack && @ack_interval < 0
|
|
53
56
|
raise ConfigError, "'event_key' parameter is required when 'raw' is true" if @raw && !@event_key
|
|
54
57
|
raise ConfigError, "'channel' parameter is required when 'raw' is true" if @raw && !@channel
|
|
58
|
+
|
|
59
|
+
@default_sourcetype = @sourcetype if @sourcetype && !@default_sourcetype
|
|
55
60
|
|
|
56
61
|
# build hash for query string
|
|
57
62
|
if @raw
|
|
@@ -59,7 +64,7 @@ module Fluent
|
|
|
59
64
|
@query['host'] = @default_host if @default_host
|
|
60
65
|
@query['source'] = @default_source if @default_source
|
|
61
66
|
@query['index'] = @default_index if @default_index
|
|
62
|
-
@query['sourcetype'] = @
|
|
67
|
+
@query['sourcetype'] = @default_sourcetype if @default_sourcetype
|
|
63
68
|
end
|
|
64
69
|
end
|
|
65
70
|
|
|
@@ -103,7 +108,11 @@ module Fluent
|
|
|
103
108
|
msg['time'] = time if @use_fluentd_time
|
|
104
109
|
|
|
105
110
|
# metadata
|
|
106
|
-
|
|
111
|
+
if record[@sourcetype_key]
|
|
112
|
+
msg['sourcetype'] = @remove_sourcetype_key ? record.delete(@sourcetype_key) : record[@sourcetype_key]
|
|
113
|
+
elsif @default_sourcetype
|
|
114
|
+
msg['sourcetype'] = @default_sourcetype
|
|
115
|
+
end
|
|
107
116
|
|
|
108
117
|
if record[@host_key]
|
|
109
118
|
msg['host'] = @remove_host_key ? record.delete(@host_key) : record[@host_key]
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-enterprise
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Yuki Ito
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: exe
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2019-
|
|
12
|
+
date: 2019-06-07 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: fluentd
|
|
@@ -135,8 +135,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
135
135
|
- !ruby/object:Gem::Version
|
|
136
136
|
version: '0'
|
|
137
137
|
requirements: []
|
|
138
|
-
|
|
139
|
-
rubygems_version: 2.6.14.1
|
|
138
|
+
rubygems_version: 3.0.3
|
|
140
139
|
signing_key:
|
|
141
140
|
specification_version: 4
|
|
142
141
|
summary: Splunk output plugin for Fluentd
|