fluent-plugin-splunk-hec 1.1.2 → 1.2.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22a452a5a8d26e0d4d3c747a7a5697b0eb65cc0d765ab002670bf0e4a486605b
-  data.tar.gz: 38ba434b4e7d8a18f95c60b8078de11ac8d07f454157651ffdfc49988ff6cbe3
+  metadata.gz: 057e56b761d497efa241a04003ffabe88f22c52f04eb7388538044c829548736
+  data.tar.gz: 50a5bcbed257411be793337e52ce45b49c723782134b4ff9000e74af28c59965
 SHA512:
-  metadata.gz: d607f9195904ade6028405372116d529af7a295cfacf9f46a96ac145aa52637aa008d3f9e7c8b9b43cc415e99c7595b20a64ee2b4e3bf5bb96b74c4984857e9a
-  data.tar.gz: 2d76734a944ff176515f15fb530dbbd08579fb6be1b33554ee10ece7fa7419ff86d562b5145a201a6ae2dda8f3aaf860ae5c22495ed275154206f2105c2cc9ae
+  metadata.gz: e036e50f81d0f607145b57111031fcee43072915c4619c98d33126df237e3c4afbfde859d7babfd94bdddc849c09d881d0383fc7863688f4db7f0f2e8c5e7cfd
+  data.tar.gz: 78246497f0735f9b54d80cce7b19831d75c623c31a90adfd8a717dc4a9a347f9b2288202566532d89c5b0526c2b04e1e34041fdce5e0de9cc790ac8d67b27a02

data/Gemfile

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 source 'https://rubygems.org'
 
 group :test do

data/Gemfile.lock

@@ -1,46 +1,103 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-splunk-hec (1.1.1)
-      fluentd (~> 1.4)
+    fluent-plugin-splunk-hec (1.2.4)
+      fluentd (>= 1.4)
       multi_json (~> 1.13)
-      net-http-persistent (~> 3.0)
+      net-http-persistent (~> 3.1)
+      openid_connect (~> 1.1.8)
+      prometheus-client (< 0.10.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
+    activemodel (5.2.4.3)
+      activesupport (= 5.2.4.3)
+    activesupport (5.2.4.3)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
+      i18n (>= 0.7, < 2)
+      minitest (~> 5.1)
+      tzinfo (~> 1.1)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    aes_key_wrap (1.0.1)
+    ast (2.4.0)
+    attr_required (1.0.1)
+    bindata (2.4.4)
+    concurrent-ruby (1.1.6)
     connection_pool (2.2.2)
-    cool.io (1.5.3)
+    cool.io (1.6.0)
     crack (0.4.3)
       safe_yaml (~> 1.0.0)
-    dig_rb (1.0.1)
-    docile (1.3.1)
-    fluentd (1.4.0)
+    docile (1.3.2)
+    fluentd (1.9.2)
       cool.io (>= 1.4.5, < 2.0.0)
-      dig_rb (~> 1.0.0)
       http_parser.rb (>= 0.5.1, < 0.7.0)
-      msgpack (>= 0.7.0, < 2.0.0)
+      msgpack (>= 1.3.1, < 2.0.0)
       serverengine (>= 2.0.4, < 3.0.0)
       sigdump (~> 0.2.2)
       strptime (>= 0.2.2, < 1.0.0)
-      tzinfo (~> 1.0)
+      tzinfo (>= 1.0, < 3.0)
       tzinfo-data (~> 1.0)
       yajl-ruby (~> 1.0)
-    hashdiff (0.3.8)
-    http_parser.rb (0.6.0)
-    json (2.1.0)
-    minitest (5.11.3)
-    msgpack (1.2.7)
-    multi_json (1.13.1)
-    net-http-persistent (3.0.0)
+    hashdiff (1.0.0)
+    http_parser.rb (0.5.3)
+    httpclient (2.8.3)
+    i18n (1.8.2)
+      concurrent-ruby (~> 1.0)
+    jaro_winkler (1.5.4)
+    json (2.3.0)
+    json-jwt (1.11.0)
+      activesupport (>= 4.2)
+      aes_key_wrap
+      bindata
+    mail (2.7.1)
+      mini_mime (>= 0.1.1)
+    mini_mime (1.0.2)
+    minitest (5.14.0)
+    msgpack (1.3.3)
+    multi_json (1.14.1)
+    net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
-    power_assert (1.1.3)
-    public_suffix (3.0.3)
-    rake (12.3.2)
-    safe_yaml (1.0.4)
-    serverengine (2.1.0)
+    openid_connect (1.1.8)
+      activemodel
+      attr_required (>= 1.0.0)
+      json-jwt (>= 1.5.0)
+      rack-oauth2 (>= 1.6.1)
+      swd (>= 1.0.0)
+      tzinfo
+      validate_email
+      validate_url
+      webfinger (>= 1.0.1)
+    parallel (1.19.1)
+    parser (2.7.0.2)
+      ast (~> 2.4.0)
+    power_assert (1.1.5)
+    powerpack (0.1.2)
+    prometheus-client (0.9.0)
+      quantile (~> 0.2.1)
+    public_suffix (4.0.3)
+    quantile (0.2.1)
+    rack (2.2.3)
+    rack-oauth2 (1.10.1)
+      activesupport
+      attr_required
+      httpclient
+      json-jwt (>= 1.11.0)
+      rack
+    rainbow (3.0.0)
+    rake (12.3.3)
+    rubocop (0.63.1)
+      jaro_winkler (~> 1.5.1)
+      parallel (~> 1.10)
+      parser (>= 2.5, != 2.5.1.1)
+      powerpack (~> 0.1)
+      rainbow (>= 2.2.2, < 4.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (~> 1.4.0)
+    ruby-progressbar (1.10.1)
+    safe_yaml (1.0.5)
+    serverengine (2.2.1)
       sigdump (~> 0.2.2)
     sigdump (0.2.4)
     simplecov (0.16.1)
@@ -49,13 +106,27 @@ GEM
       simplecov-html (~> 0.10.0)
     simplecov-html (0.10.2)
     strptime (0.2.3)
-    test-unit (3.3.0)
+    swd (1.1.2)
+      activesupport (>= 3)
+      attr_required (>= 0.0.5)
+      httpclient (>= 2.4)
+    test-unit (3.3.5)
       power_assert
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    tzinfo (1.2.6)
       thread_safe (~> 0.1)
-    tzinfo-data (1.2018.9)
+    tzinfo-data (1.2019.3)
       tzinfo (>= 1.0.0)
+    unicode-display_width (1.4.1)
+    validate_email (0.1.6)
+      activemodel (>= 3.0)
+      mail (>= 2.2.5)
+    validate_url (1.0.8)
+      activemodel (>= 3.0.0)
+      public_suffix
+    webfinger (1.1.0)
+      activesupport
+      httpclient (>= 2.4)
     webmock (3.5.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
@@ -69,10 +140,11 @@ DEPENDENCIES
   bundler (~> 2.0)
   fluent-plugin-splunk-hec!
   minitest (~> 5.0)
-  rake (~> 12.0)
+  rake (>= 12.0)
+  rubocop (~> 0.63.1)
   simplecov
   test-unit (~> 3.0)
   webmock (~> 3.5.0)
 
 BUNDLED WITH
-   2.0.1
+   2.1.4

data/LICENSE

@@ -214,21 +214,89 @@ Apache License 2.0
 The following components are provided under the Apache License 2.0. See project link for details.
 
     (Apache License 2.0) fluentd (https://github.com/fluent/fluentd/blob/master/LICENSE)
+    (Apache License 2.0) ffi-compiler (https://github.com/ffi/ffi-compiler/blob/master/LICENSE)
+    (Apache License 2.0) msgpack (https://github.com/msgpack/msgpack-ruby/blob/master/LICENSE)
+    (Apache License 2.0) prometheus-client (https://github.com/prometheus/client_ruby/blob/master/LICENSE)
+    (Apache License 2.0) quantile (https://github.com/matttproud/ruby_quantile_estimation/blob/master/LICENSE)
+    (Apache License 2.0) serverengine (https://github.com/treasure-data/serverengine/blob/master/LICENSE)
+    (Apache License 2.0) addressable (https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt)
+    (Apache License 2.0) fluent-plugin-kubernetes_metadata_filter (https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/LICENSE.txt)
+    (Apache License 2.0) thread_safe (https://github.com/ruby-concurrency/thread_safe/blob/master/LICENSE)
 
 ========================================================================
 MIT licenses
 ========================================================================
 The following components are provided under the MIT License. See project link for details.
 
-    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
-    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent/blob/master/README.rdoc#license)
+    (MIT License) activemodel (https://github.com/rails/rails/blob/v6.0.2.1/activemodel/MIT-LICENSE)
+    (MIT License) activesupport (https://github.com/rails/rails/blob/v6.0.2.1/activesupport/MIT-LICENSE)
+    (MIT License) aes_key_wrap (https://github.com/tomdalling/aes_key_wrap/blob/master/LICENSE.txt)
+    (MIT License) ast (https://github.com/whitequark/ast/blob/master/LICENSE.MIT)
+    (MIT License) attr_required (https://github.com/nov/attr_required/blob/master/LICENSE)
     (MIT License) bundler (https://github.com/bundler/bundler/blob/master/LICENSE.md)
+    (MIT License) concurrent-ruby (https://github.com/ruby-concurrency/concurrent-ruby/blob/master/LICENSE.md)
+    (MIT License) connection_pool (https://github.com/mperham/connection_pool/blob/master/LICENSE)
+    (MIT License) cool.io (https://github.com/tarcieri/cool.io/blob/master/LICENSE)
+    (MIT License) crack (https://github.com/jnunemaker/crack/blob/master/LICENSE)
+    (MIT License) docile (https://github.com/ms-ati/docile/blob/master/LICENSE)
+    (MIT License) hashdiff (https://github.com/liufengyun/hashdiff/blob/master/LICENSE)
+    (MIT License) http (https://github.com/httprb/http/blob/master/LICENSE.txt)
+    (MIT License) http_parser.rb (https://github.com/tmm1/http_parser.rb/blob/master/LICENSE-MIT)
+    (MIT License) http-accept (https://github.com/socketry/http-accept#license)
+    (MIT License) http-cookie (https://github.com/sparklemotion/http-cookie/blob/master/LICENSE.txt)
+    (MIT License) http-form_data (https://github.com/httprb/form_data/blob/master/LICENSE.txt)
+    (MIT License) http-parser (https://github.com/cotag/http-parser/blob/master/LICENSE)
+    (MIT License) i18n (https://github.com/ruby-i18n/i18n/blob/master/MIT-LICENSE)
+    (MIT License) jaro_winkler (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) json-jwt (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) kubeclient (https://github.com/abonas/kubeclient/blob/master/LICENSE.txt)
+    (MIT License) lru_redux (https://github.com/SamSaffron/lru_redux/blob/master/LICENSE.txt)
+    (MIT License) mail (https://github.com/mikel/mail/blob/master/MIT-LICENSE)
+    (MIT License) mime-types (https://github.com/mime-types/ruby-mime-types/blob/master/Licence.md)
+    (MIT License) mime-types-data (https://github.com/mime-types/mime-types-data/blob/master/Licence.md)
+    (MIT License) mini_mime (https://github.com/discourse/mini_mime/blob/master/LICENSE.txt)
+    (MIT License) minitest (https://github.com/seattlerb/minitest)
+    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
+    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent)
+    (MIT License) netrc (https://github.com/heroku/netrc/blob/master/LICENSE.md)
+    (MIT License) openid_connect (https://github.com/nov/openid_connect/blob/master/LICENSE)
+    (MIT License) parallel (https://github.com/grosser/parallel/blob/master/MIT-LICENSE.txt)
+    (MIT License) parser (https://github.com/whitequark/parser/blob/master/LICENSE.txt)
+    (MIT License) powerpack (https://github.com/bbatsov/powerpack/blob/master/LICENSE.txt)
+    (MIT License) public_suffix (https://github.com/weppos/publicsuffix-ruby/blob/master/LICENSE.txt)
+    (MIT License) rack (https://github.com/rack/rack/blob/master/MIT-LICENSE)
+    (MIT License) rack-oauth2 (https://github.com/nov/rack-oauth2/blob/master/LICENSE)
+    (MIT License) rainbow (https://github.com/sickill/rainbow/blob/master/LICENSE)
     (MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
+    (MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
+    (MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
+    (MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
+    (MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
+    (MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
+    (MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)
+    (MIT License) simplecov (https://github.com/colszowka/simplecov/blob/master/LICENSE)
+    (MIT License) simplecov-html (https://github.com/colszowka/simplecov-html/blob/master/LICENSE)
+    (MIT License) swd (https://github.com/nov/SWD/blob/master/LICENSE)
+    (MIT License) tzinfo (https://github.com/tzinfo/tzinfo/blob/master/LICENSE)
+    (MIT License) tzinfo-data (https://github.com/tzinfo/tzinfo-data/blob/master/LICENSE)
+    (MIT License) unf_ext (https://github.com/knu/ruby-unf_ext/blob/master/LICENSE.txt)
+    (MIT License) unicode-display_width (https://github.com/janlelis/unicode-display_width/blob/master/MIT-LICENSE.txt)
+    (MIT License) validate_email (https://github.com/perfectline/validates_email/blob/master/MIT-LICENSE)
+    (MIT License) validate_url (https://github.com/perfectline/validates_url/blob/master/LICENSE.md)
+    (MIT License) webfinger (https://github.com/nov/webfinger/blob/master/LICENSE.txt)
     (MIT License) webmock (https://github.com/bblimke/webmock/blob/master/LICENSE)
-    (MIT License) minitest (https://github.com/seattlerb/minitest/blob/master/README.rdoc#license)
+    (MIT License) yajl-ruby (https://github.com/brianmario/yajl-ruby/blob/master/LICENSE)
 
 ========================================================================
-For test-unit:
+For the rest:
 ========================================================================
 
-See https://github.com/test-unit/test-unit/blob/master/COPYING
+     bindata (https://github.com/dmendel/bindata/blob/master/COPYING)
+     httpclient (https://github.com/nahi/httpclient/#license)
+     json (https://www.ruby-lang.org/en/about/license.txt)
+     test-unit (https://github.com/test-unit/test-unit)
+     unf (https://github.com/knu/ruby-unf/blob/master/LICENSE)
+     power_assert (https://github.com/k-tsj/power_assert/blob/master/BSDL)
+     strptime (https://github.com/nurse/strptime/blob/master/LICENSE.txt)
+     domain_name (https://github.com/knu/ruby-domain_name/blob/master/LICENSE.txt)
+     ffi (https://github.com/ffi/ffi/blob/master/LICENSE)

data/README.md

@@ -1,7 +1,9 @@
 [![CircleCI](https://circleci.com/gh/git-lfs/git-lfs.svg?style=shield&circle-token=856152c2b02bfd236f54d21e1f581f3e4ebf47ad)](https://circleci.com/gh/splunk/fluent-plugin-splunk-hec)
 # fluent-plugin-splunk-hec
 
-[Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) over the HEC (HTTP Event Collector) API.
+[Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
+1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/> 
+2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
 
 ## Installation
 
@@ -27,9 +29,7 @@ $ bundle
 
 * See also: [Output Plugin Overview](https://docs.fluentd.org/v1.0/articles/output-plugin-overview)
 
-### Examples
-
-#### Example 1: Minimum Configs
+#### Example 1: Minimum HEC Configuration
 
 ```
 <match **>
@@ -42,7 +42,26 @@ $ bundle
 
 This example is very basic, it just tells the plugin to send events to Splunk HEC on `https://12.34.56.78:8088` (https is the default protocol), using the HEC token `00000000-0000-0000-0000-000000000000`. It will use whatever index, source, sourcetype are configured in HEC. And the `host` of each event is the hostname of the machine which running fluentd.
 
-#### Example 2: Overwrite HEC defaults
+
+#### Example 2: SCS Ingest Configuration example
+
+```
+<match **>
+@type splunk_ingest_api
+service_client_identifier xxxxxxxx
+service_client_secret_key xxxx-xxxxx
+token_endpoint /token
+ingest_auth_host auth.scp.splunk.com
+ingest_api_host api.scp.splunk.com
+ingest_api_tenant <mytenant>
+ingest_api_events_endpoint /<mytenant>/ingest/v1beta2/events
+debug_http false
+</match>
+```
+
+This example shows the configuration to be used for sending events to ingest API. This configuration shows how to use `service_client_identifier`, `service_client_secret_key` to get token from `token_endpoint` and send events to `ingest_api_host` for the tenant `ingest_api_tenant` at the endpoint `ingest_api_events_endpoint`. The `debug_http` flag indicates whether the user wants to print debug logs to stdout.
+
+#### Example 3: Overwrite HEC defaults
 
 ```
 <match **>
@@ -72,21 +91,21 @@ Sometimes you want to use the values from the input event for these parameters,
 </match>
 ```
 
-In the second example (in order to keep it concise, we just omitted the repeating parameters, and we will keep doing so in the following examples), it uses the `source_key` config to set the source of event to the value of the event's `file_path` field. Given an input event like
+In this example (in order to keep it concise, we just omitted the repeating parameters, and we will keep doing so in the following examples), it uses the `source_key` config to set the source of event to the value of the event's `file_path` field. Given an input event like
 ```javascript
 {"file_path": "/var/log/splunk.log", "message": "This is an exmaple.", "level": "info"}
 ```
-Then the source for this event will be "/var/log/splunk.log". And the "file\_path" field will be removed from the input event, so what you will eventually get ingested in Splunk is
+Then the source for this event will be "/var/log/splunk.log". And the "file\_path" field will be removed from the input event, so what you will eventually get ingested in Splunk is:
 ```javascript
-{"message": "This is an exmaple.", "level": "info"}
+{"message": "This is an example.", "level": "info"}
 ```
 If you want to keep "file\_path" in the event, you can use `keep_keys`.
 
 Besides `source_key` there are also other `*_key` parameters, check the parameters details below.
 
-#### Example 3: Sending metrics
+#### Example 4: Sending metrics
 
-[Metrics](https://docs.splunk.com/Documentation/Splunk/latest/Metrics/Overview) is avaialble since Splunk 7.0.0, you can use this output plugin to send events as metrics to a Splunk metric index by setting `data_type` to "metric".
+[Metrics](https://docs.splunk.com/Documentation/Splunk/latest/Metrics/Overview) is available since Splunk 7.0.0, you can use this output plugin to send events as metrics to a Splunk metric index by setting `data_type` to "metric".
 
 ```
 <match **>
@@ -98,7 +117,7 @@ Besides `source_key` there are also other `*_key` parameters, check the paramete
 </match>
 ```
 
-With this configuration, the plugin will treat each input event as a collection of metrics, i.e. each key-varlue pair in the event is a metric name-value pair. For example, given an input event like
+With this configuration, the plugin will treat each input event as a collection of metrics, i.e. each key-value pair in the event is a metric name-value pair. For example, given an input event like
 
 ```javascript
 {"cpu/usage": 0.5, "cpu/rate": 10, "memory/usage": 100, "memory/rss": 90}
@@ -129,107 +148,142 @@ You should change the configuration to
 
 All other properties of the input (in this example, "app"), will be sent as dimensions of the metric. You can use the `<fields>` section to customize the dimensions.
 
-### Parameters
+### Type of plugin
 
 #### @type
 
-This value must be `splunk_hec`.
-
-#### protocol (enum) (optional)
+This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_api` when using the ingest API. Only one type either `splunk_hec` or `splunk_ingest_api` is expected to be used when configuring this plugin.
 
-Protocol to use to call HEC API.
+### Parameters for `splunk_hec`
 
-Available values: http, https
+#### protocol (enum) (optional)
 
-Default value: `https`.
+This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is 
+set to `https` by default.
 
 ### hec_host (string) (required)
 
-The hostname/IP to HEC, or HEC load balancer.
+The hostname/IP for the HEC token or the HEC load balancer.
 
 ### hec_port (integer) (optional)
 
-The port number to HEC, or HEC load balancer.
-
-Default value: `8088`.
+The port number for the HEC token or the HEC load balancer. The default value is `8088`.
 
 ### hec_token (string) (required)
 
-The HEC token.
+Identifier for the HEC token.
 
-### index (string) (optional)
+### metrics_from_event (bool) (optional)
 
-The Splunk index to index events. When not set, will be decided by HEC. This is exclusive with `index_key`.
+When `data_type` is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics. The default value is `true`.
 
-### index_key (string) (optional)
+### metric_name_key (string) (optional)
 
-Field name to contain Splunk index name. This is exclusive with `index`.
+Field name that contains the metric name. This parameter only works in conjunction with the `metrics_from_event` paramter. When this prameter is set, the `metrics_from_event` parameter is automatically set to `false`.
 
-### host (string) (optional)
+### metric_value_key (string) (optional)
 
-The host field for events. This is exclusive with `host_key`.
+Field name that contains the metric value, this parameter is required when `metric_name_key` is configured.
 
-Default value: the hostname of the host machine.
+### coerce_to_utf8 (bool) (optional)
 
-### host_key (string) (optional)
+Indicates whether to allow non-UTF-8 characters in user logs. If set to `true`, any non-UTF-8 character is replaced by the string specified in `non_utf8_replacement_string`. If set to `false`, the Ingest API errors out any non-UTF-8 characters. This parameter is set to `true` by default.
 
-Field name to contain host. This is exclusive with `host`.
+### non_utf8_replacement_string (string) (optional)
 
-### source (string) (optional)
+If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the string you specify in this parameter. The parameter is set to `' '` by default.
 
-The source field for events, when not set, will be decided by HEC. This is exclusive with `source_key`.
+### Parameters for `splunk_ingest_api`
 
-### source_key (string) (optional)
+### service_client_identifier: (optional) (string) 
 
-Field name to contain source. This is exclusive with `source`.
+Splunk uses the client identifier to make authorized requests to the ingest API.
 
-### sourcetype (string) (optional)
+### service_client_secret_key: (string) 
 
-The sourcetype field for events, when not set, will be decided by HEC. This is exclusive with `sourcetype_key`.
+The client identifier uses this authorization to make requests to the ingest API.
 
-### sourcetype_key (string) (optional)
+### token_endpoint: (string) 
 
-Field name to contain sourcetype. This is exclusive with `sourcetype`.
+This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
 
-### metrics_from_event (bool) (optional)
+### ingest_api_host: (string) 
 
-When `data_type` is set to "metric", by default it will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics.
+Indicates which url/hostname to use for requests to the ingest API.
 
-Default value: `true`.
+### ingest_api_tenant: (string) 
 
-### metric_name_key (string) (optional)
+Indicates which tenant Splunk should use for requests to the ingest API.
 
-Field name to contain metric name. This is exclusive with `metrics_from_event`, when this is set, `metrics_from_event` will be set to `false`.
+### ingest_api_events_endpoint: (string) 
 
-### metric_value_key (string) (optional)
+Indicates which endpoint to use for requests to the ingest API.
 
-Field name to contain metric value, this is required when `metric_name_key` is set.
+### debug_http: (bool) 
+Set to True if you want to debug requests and responses to ingest API. Default is false.
 
-### keep_keys (bool) (optional)
+### Parameters for both `splunk_hec` and `splunk_ingest_api`
 
-By default, all the fields used by the `*_key` parameters will be removed from the original input events. To change this behavior, set this parameter to `true`.
+### index (string) (optional)
 
-Default value: `true`.
+Identifier for the Splunk index to be used for indexing events. If this parameter is not set,  
+the indexer is chosen by HEC. Cannot set both `index` and `index_key` parameters at the same time.
 
-### coerce_to_utf8 (bool) (optional)
+### index_key (string) (optional)
+
+The field name that contains the Splunk index name. Cannot set both `index` and `index_key` parameters at the same time.
 
-Whether to allow non-UTF-8 characters in user logs. If set to true, any non-UTF-8 character would be replaced by the string specified by `non_utf8_replacement_string`. If set to false, any non-UTF-8 character would trigger the plugin to error out.
+### host (string) (optional)
 
-Default value: `true`.
+The host location for events. Cannot set both `host` and `host_key` parameters at the same time.  
+If the parameter is not set, the default value is the hostname of the machine runnning fluentd.
 
-### non_utf8_replacement_string (string) (optional)
+### host_key (string) (optional)
+
+Key for the host location. Cannot set both `host` and `host_key` parameters at the same time.  
 
-If `coerce_to_utf8` is set to true, any non-UTF-8 character would be replaced by the string specified here.
+### source (string) (optional)
+
+The source field for events. If this parameter is not set, the source will be decided by HEC.  
+Cannot set both `source` and `source_key` parameters at the same time.  
+
+### source_key (string) (optional)
+
+Field name to contain source. Cannot set both `source` and `source_key` parameters at the same time.
+
+### sourcetype (string) (optional)
 
-Default value: `' '`.
+The sourcetype field for events. When not set, the sourcetype is decided by HEC.  
+Cannot set both `source` and `source_key` parameters at the same time.  
+
+### sourcetype_key (string) (optional)
+
+Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
+
+### fields (init) (optional)
+
+Lets you specify the index-time fields for the event data type, or metric dimensions for the metric data type. Null value fields are removed.
+
+### keep_keys (boolean) (Optional)
+
+By default, all the fields used by the `*_key` parameters are removed from the original input events. To change this behavior, set this parameter to `true`. This parameter is set to `false` by default.
+When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, and `metric_value_key` are saved in the original event.
 
 ### &lt;fields&gt; section (optional) (single)
 
-Depending on the value of `data_type` parameter, the parameters inside `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
+Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
+
+### app_name (string) (Optional)
+
+Splunk app name using this plugin (default to `hec_plugin_gem`)
+
+### app_version (string) (Optional)
+
+The version of Splunk app using this this plugin (default to plugin version)
 
 #### When `data_type` is `event`
 
-In this case, parameters inside `<fields>` will be used as indexed fields. And these fields will be removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
+In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
 
 ```
 <match **>
@@ -273,7 +327,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
 
 #### When `data_type` is `metric`
 
-For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension will be sent. For example, given configuration like
+For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration: 
 
 ```
 <match **>
@@ -291,22 +345,22 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
 </match>
 ```
 
-and an input event like
+and the following input event:
 
 ```javascript
 {"application": "webServer", "file": "server.rb", "value": 100, "status": "OK", "message": "Normal", "name": "CPU Usage"}
 ```
 
-Then, a metric of "CPU Usage" with value=100, along with 3 dimensions file="server.rb", status="OK", and app="webServer" will be sent to Splunk.
+Then, a metric of "CPU Usage" with value=100, along with 3 dimensions file="server.rb", status="OK", and app="webServer" are sent to Splunk.
 
 ### &lt;format&gt; section (optional) (multiple)
 
-The `<format>` section let us define which formatter to use to format events.
+The `<format>` section let you define which formatter to use to format events.
 By default, it uses [the `json` formatter](https://docs.fluentd.org/v1.0/articles/formatter_jso://docs.fluentd.org/v1.0/articles/formatter_json).
 
-Besides the `@type` parameter, you should define all other parameters for the formatter inside this section.
+Besides the `@type` parameter, you should define the other parameters for the formatter inside this section.
 
-Multiple `<format>` sections can be defined to use different formatters for different tags. Each `<format>` section accepts an argument just like the `<match>` section does, to define tag matching. But default, every event will be formatted with `json`. For example:
+Multiple `<format>` sections can be defined to use different formatters for different tags. Each `<format>` section accepts an argument just like the `<match>` section does to define tag matching. By default, every event is formatted with `json`. For example:
 
 ```
 <match **>
@@ -324,34 +378,35 @@ Multiple `<format>` sections can be defined to use different formatters for diff
   </format>
 ```
 
-In this example, it will format events with tags which start with `sometag.` with the `single_value` formatter, and format events with tags `some.othertag` with the `csv` formatter, and format all other events with the `json` formatter (the default formatter).
+This example: 
+- Formats events with tags that start with `sometag.` with the `single_value` formatter
+- Formats events with tags `some.othertag` with the `csv` formatter
+- Formats all other events with the `json` formatter (the default formatter)
 
 If you want to use a different default formatter, you can add a `<format **>` (or `<format>`) section.
 
 #### @type (string) (required)
 
-Defines which formatter to use.
+Specifies which formatter to use.
 
 ### Net::HTTP::Persistent parameters (optional)
 
-The following parameters can be used for tuning HTTP connections
+The following parameters can be used for tuning HTTP connections:
 
 #### idle_timeout (integer)
 
-The default is 5 seconds. If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection; nil means no timeout. 
+The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts. 
 
 #### read_timeout (integer)
-
-The default is nil. The amount of time allowed between reading two chunks from the socket.
+The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout. 
 
 #### open_timeout (integer)
 
-The default is nil. The amount of time to wait for a connection to be opened.
+The amount of time to wait for a connection to be opened. The default is `nil`, which means no timeout.
 
 ### SSL parameters
 
-There are quite some parameters you can use to configure SSL (for HTTPS protocol).
-All these parameters are optional.
+The following optional parameters let you configure SSL for HTTPS protocol.
 
 #### client_cert (string)
 
@@ -375,9 +430,7 @@ List of SSl ciphers allowed.
 
 #### insecure_ssl (bool)
 
-Indicates if insecure SSL connection is allowed, i.e. do not verify the server's certificate.
-
-Default value: `false`.
+Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
 
 ## About Buffer
 
@@ -392,4 +445,4 @@ Here are some hints:
 
 ## License
 
-Please see [LICENSE](LICENSE). 
+Please see [LICENSE](LICENSE).