fluent-plugin-splunk-enterprise 0.9.3 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '0886391d8c5ddfbb4ef05d609f65e9ab617cd6750c551915bf2d93c32f54c202'
-  data.tar.gz: aa6bb4b4b3e009952bc5419dfe79f8e8a9532b9a5af12081ad596b0d33705261
+  metadata.gz: 84b5e1f44dd742cfb10e81abbaefcc040baef0eccabfbc245a8f9e81640004e3
+  data.tar.gz: fb0198207841ef4ad8d8b169b1b35546a88c2b867df95a5da67fc56a686be678
 SHA512:
-  metadata.gz: fc6d04e3c6f06c1dd1efb9f8ce64cde333da4fe34ab14e26f83c852e98c8f01fb66fe83eb820f28d2d5d79eb9bf7226c201e737202d6ca3f7b9b1aebc9a2cf42
-  data.tar.gz: e966dd045eb323d19c6bca91bd64ccd4866665f06d5f8b6a20b68974602d61d1f7743a718d7670158167455264dabc2396eec664cba66630a2a725f41165056c
+  metadata.gz: aac19ad4c0e43281abae744ffc81fc6f5d351b182454a04d4c19b227b2cbb28a8b616c7a98441aea136effaf3cb607f3d6be0c0b42ef3556585a556b0104f24c
+  data.tar.gz: 89b54ce906d24f44d87f2370fea910533895b36a8c47cb43ea63289b13ad6f7698890c18ce473441adf077a62548d55f9ea9689ae2751d42c322fd7c5bc19619

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+# Release v0.10.0 - 2019/06/13
+
+* out_splunk_hec: Send time with nano seconds if possible when `use_fluentd_time` is set to true
+
 # Release v0.9.3 - 2019/06/06
 
 * out_splunk_hec: Improve sourcetype usage by adding `default_sourcetype`, `sourcetype_key` and `remove_sourcetype_key`

data/README.hec.md

@@ -19,6 +19,7 @@
    * [sourcetype_key](#sourcetype_key)
    * [remove_sourcetype_key](#remove_sourcetype_key)
    * [use_fluentd_time](#use_fluentd_time)
+   * [time_as_integer](#time_as_integer) 
    * [use_ack](#use_ack)
    * [channel](#channel)
    * [ack_interval](#ack_interval)
@@ -135,6 +136,12 @@ The default: `true`
 
 If set true, fluentd's timestamp is used as time metadata. If the record already has its own time value, this options should be `false`.
 
+### time_as_integer
+
+The default: `true`
+
+Only used when `use_fluentd_time` is `true`. If set to `true` (default), time will be sent as integer seconds to Splunk, whereas if set to `false`, it will be sent with nano seconds.
+
 ### use_ack
 
 Enable/Disable [Indexer acknowledgement](https://www.google.co.jp/search?q=splunk+http+ack&oq=splunk+http+ack&aqs=chrome..69i57j69i60l2.2725j0j9&sourceid=chrome&ie=UTF-8). When this is set `true`, `channel` parameter is required.

data/README.md

@@ -32,8 +32,8 @@ Available Splunk versions in tests are `6.5.2`, `6.4.6`, `6.3.9`, `6,2.12`, `6.1
 Start a docker instance Splunk.
 
 ```
-$ ./docker.sh login
-$ ./docker.sh debug_run <splunk_version>
+$ ./docker.sh build <splunk_version>
+$ ./docker.sh run <splunk_version>
 ```
 
 Run tests.

data/docker.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+COMMAND=$1
+VERSION=$2
+IMAGE_LOCAL=splunk-for-test:${VERSION}
+
+PORTS="-p 8000:8000 -p 8089:8089 -p 8191:8191 -p 12300:12300 -p 12301:12301 -p 12302:12302 -p 12303:12303 -p 12304:12304 -p 12305:12305 -p 1514:1514 -p 8088:8088 \
+       -p 8200:8200 -p 8289:8289 -p 8391:8391 -p 12500:12500 -p 12501:12501 -p 12502:12502 -p 12503:12503 -p 12504:12504 -p 12505:12505 -p 1714:1714 -p 8288:8288"
+
+VOLUME="-v ${PWD}/test/config/props.conf:/opt/splunk_tcp/etc/system/local/props.conf \
+        -v ${PWD}/test/config/props.conf:/opt/splunk_ssl/etc/system/local/props.conf \
+        -v ${PWD}/test/config/inputs.tcp.conf:/opt/splunk_tcp/etc/apps/search/local/inputs.conf \
+        -v ${PWD}/test/config/inputs.ssl.conf:/opt/splunk_ssl/etc/apps/search/local/inputs.conf"
+
+if [ "$VERSION" = "6.3.9" ]; then
+  VOLUME="${VOLUME} \
+          -v ${PWD}/test/config/server.conf.6.3:/opt/splunk_ssl/etc/system/local/server.conf.original \
+          -v ${PWD}/test/config/entrypoint.sh.6.3:/sbin/entrypoint.sh"
+
+fi
+
+case "$COMMAND" in
+  run)
+    docker run -d --entrypoint=/bin/bash ${PORTS} ${VOLUME} ${IMAGE_LOCAL} /sbin/entrypoint.sh
+    ;;
+  stop)
+    docker stop $(docker ps -q --filter ancestor=${IMAGE_LOCAL})
+    ;;
+  build)
+    docker build -t ${IMAGE_LOCAL} test/Dockerfiles/enterprise/${VERSION}
+    ;;
+  force_build)
+    docker build --no-cache=true -t ${IMAGE_LOCAL} test/Dockerfiles/enterprise/${VERSION}
+    ;;
+  *)
+    echo "Unkowon command"
+    exit 1
+    ;;
+esac

data/fluent-plugin-splunk-enterprise.gemspec

@@ -4,14 +4,13 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 
 Gem::Specification.new do |spec|
   spec.name          = "fluent-plugin-splunk-enterprise"
-  spec.version       = "0.9.3"
+  spec.version       = "0.10.0"
   spec.authors       = ["Yuki Ito", "Masahiro Nakagawa"]
   spec.email         = ["yito@treasure-data.com", "repeatedly@gmail.com"]
 
   spec.summary       = %q{Splunk output plugin for Fluentd}
   spec.description   = spec.summary
   spec.homepage      = ""
-  spec.has_rdoc      = false
   spec.license       = "Apache-2.0"
 
   spec.files         = `git ls-files -z`.split("\x0").reject do |f|

data/lib/fluent/plugin/out_splunk_hec.rb

@@ -105,7 +105,9 @@ module Fluent
 
     def format_event(time, record)
       msg = {'event' => record}
-      msg['time'] = time if @use_fluentd_time
+      if @use_fluentd_time
+        msg['time'] = time.respond_to?('to_f') ? time.to_f : time
+      end
 
       # metadata
       if record[@sourcetype_key]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-splunk-enterprise
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.10.0
 platform: ruby
 authors:
 - Yuki Ito
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-07 00:00:00.000000000 Z
+date: 2019-06-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -113,6 +113,7 @@ files:
 - Rakefile
 - bin/console
 - bin/setup
+- docker.sh
 - fluent-plugin-splunk-enterprise.gemspec
 - lib/fluent/plugin/out_splunk_hec.rb
 - lib/fluent/plugin/out_splunk_tcp.rb