fluent-plugin-splunk-hec 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_splunk_hec.rb +27 -40
- data/test/fluent/plugin/out_splunk_hec_test.rb +9 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a5e33a0b115b4d515ce94f1bf904bddf192994ff1b54fb624f5ea9d470bb4cd
|
|
4
|
+
data.tar.gz: 306d2647c27a63e98d3f530eacf2abd0fd16cd5f7f23213291ff061a11d4fb92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a813d1d0ef4e157c95c49a0f75641e51af2a18d56c02020ec702a06a4d48fad02cb7e60f044637adfc261d8ec6fce21775ef38aa6215e8dea5cdb850c2faa74c
|
|
7
|
+
data.tar.gz: 584ffa55837e358d705780cdd01f86bcd3245fe3ebcc4f3f0f999ae03fa5634443db531cb1a51ac806402399cac7d1f6d9ed43f612b4c331de445a9df6376172
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.1
|
|
@@ -121,7 +121,6 @@ module Fluent::Plugin
|
|
|
121
121
|
def initialize
|
|
122
122
|
super
|
|
123
123
|
@default_host = Socket.gethostname
|
|
124
|
-
@chunk_queue = SizedQueue.new 1
|
|
125
124
|
@extra_fields = nil
|
|
126
125
|
end
|
|
127
126
|
|
|
@@ -143,21 +142,17 @@ module Fluent::Plugin
|
|
|
143
142
|
|
|
144
143
|
def start
|
|
145
144
|
super
|
|
146
|
-
|
|
145
|
+
|
|
146
|
+
@hec_conn = new_connection
|
|
147
147
|
end
|
|
148
148
|
|
|
149
149
|
def format(tag, time, record)
|
|
150
150
|
# this method will be replaced in `configure`
|
|
151
151
|
end
|
|
152
152
|
|
|
153
|
-
def
|
|
153
|
+
def write(chunk)
|
|
154
154
|
log.debug { "Received new chunk, size=#{chunk.read.bytesize}" }
|
|
155
|
-
|
|
156
|
-
end
|
|
157
|
-
|
|
158
|
-
def close
|
|
159
|
-
@chunk_queue.close
|
|
160
|
-
super
|
|
155
|
+
send_to_hec chunk
|
|
161
156
|
end
|
|
162
157
|
|
|
163
158
|
def multi_workers_ready?
|
|
@@ -239,7 +234,11 @@ module Fluent::Plugin
|
|
|
239
234
|
def format_event(tag, time, record)
|
|
240
235
|
MultiJson.dump({
|
|
241
236
|
host: @host ? @host.(tag, record) : @default_host,
|
|
242
|
-
|
|
237
|
+
# From the API reference
|
|
238
|
+
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
|
239
|
+
# `time` should be a string or unsigned integer.
|
|
240
|
+
# That's why we use `to_s` here.
|
|
241
|
+
time: time.to_f.to_s
|
|
243
242
|
}.tap { |payload|
|
|
244
243
|
payload[:index] = @index.(tag, record) if @index
|
|
245
244
|
payload[:source] = @source.(tag, record) if @source
|
|
@@ -264,7 +263,11 @@ module Fluent::Plugin
|
|
|
264
263
|
def format_metric(tag, time, record)
|
|
265
264
|
payload = {
|
|
266
265
|
host: @host ? @host.(tag, record) : @default_host,
|
|
267
|
-
|
|
266
|
+
# From the API reference
|
|
267
|
+
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
|
268
|
+
# `time` should be a string or unsigned integer.
|
|
269
|
+
# That's why we use `to_s` here.
|
|
270
|
+
time: time.to_f.to_s,
|
|
268
271
|
event: 'metric'
|
|
269
272
|
}
|
|
270
273
|
payload[:index] = @index.(tag, record) if @index
|
|
@@ -304,51 +307,35 @@ module Fluent::Plugin
|
|
|
304
307
|
raise Fluent::ConfigError, "hec_host (#{@hec_host}) and/or hec_port (#{@hec_port}) are invalid."
|
|
305
308
|
end
|
|
306
309
|
|
|
307
|
-
def start_worker_threads
|
|
308
|
-
thread_create :"hec_worker_#{@hec_api}" do
|
|
309
|
-
http = new_connection
|
|
310
|
-
while chunk = get_next_chunk
|
|
311
|
-
send_to_hec http, chunk
|
|
312
|
-
end
|
|
313
|
-
end
|
|
314
|
-
end
|
|
315
|
-
|
|
316
|
-
def get_next_chunk
|
|
317
|
-
@chunk_queue.pop @chunk_queue.closed?
|
|
318
|
-
rescue ThreadError # see SizedQueue#pop doc
|
|
319
|
-
nil
|
|
320
|
-
end
|
|
321
|
-
|
|
322
310
|
def new_connection
|
|
323
311
|
Net::HTTP::Persistent.new.tap do |c|
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
312
|
+
c.verify_mode = @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
|
|
313
|
+
c.cert = OpenSSL::X509::Certificate.new File.read(@client_cert) if @client_cert
|
|
314
|
+
c.key = OpenSSL::PKey::RSA.new File.read(@client_key) if @client_key
|
|
315
|
+
c.ca_file = @ca_file
|
|
316
|
+
c.ca_path = @ca_path
|
|
317
|
+
c.ciphers = @ssl_ciphers
|
|
318
|
+
|
|
319
|
+
c.override_headers['Content-Type'] = 'application/json'
|
|
320
|
+
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
|
321
|
+
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
|
334
322
|
end
|
|
335
323
|
end
|
|
336
324
|
|
|
337
|
-
def send_to_hec(
|
|
325
|
+
def send_to_hec(chunk)
|
|
338
326
|
post = Net::HTTP::Post.new @hec_api.request_uri
|
|
339
327
|
post.body = chunk.read
|
|
340
328
|
log.debug { "Sending #{post.body.bytesize} bytes to Splunk." }
|
|
341
329
|
|
|
342
330
|
log.trace { "POST #{@hec_api} body=#{post.body}" }
|
|
343
|
-
response =
|
|
331
|
+
response = @hec_conn.request @hec_api, post
|
|
344
332
|
log.debug { "[Response] POST #{@hec_api}: #{response.inspect}" }
|
|
345
333
|
|
|
346
334
|
# raise Exception to utilize Fluentd output plugin retry machanism
|
|
347
|
-
raise "Server error for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
|
|
335
|
+
raise "Server error (#{response.code}) for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
|
|
348
336
|
|
|
349
337
|
# For both success response (2xx) and client errors (4xx), we will consume the chunk.
|
|
350
338
|
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
|
351
|
-
commit_write(chunk.unique_id)
|
|
352
339
|
if not response.code.start_with?('2')
|
|
353
340
|
log.error "Failed POST to #{@hec_api}, response: #{response.body}"
|
|
354
341
|
log.debug { "Failed request body: #{post.body}" }
|
|
@@ -31,6 +31,15 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
31
31
|
expect(req).must_be_requested times: 1
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
it "should use string for event time, and the value of the string should be a float" do
|
|
35
|
+
verify_sent_events { |batch|
|
|
36
|
+
batch.each do |item|
|
|
37
|
+
expect(item['time']).must_be_instance_of String
|
|
38
|
+
expect(item['time']).must_match /^\d+\.\d+$/
|
|
39
|
+
end
|
|
40
|
+
}
|
|
41
|
+
end
|
|
42
|
+
|
|
34
43
|
it "should use host machine's hostname for event host by default" do
|
|
35
44
|
verify_sent_events { |batch|
|
|
36
45
|
batch.each do |item|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-hec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zhimin (Gimi) Liang
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|