fluent-plugin-splunk-hec 1.2.0 → 1.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5d3a2f11d9a4a81af516b66534c533a87ac2333deb62db605d3600ae3d4c6138
-  data.tar.gz: 4d62b7be1185257cea93eba96cb2ca8f5c4a7b6ad9f2f04bc8355cd9039f1c6e
+  metadata.gz: 964d0f2e9840a7fa66a70dafb6918b3a54b7586e0ed550a9651ac5e150b817a2
+  data.tar.gz: 97ef4f8a6f602bdfc359b4119800837c40571d0b717ba3a358aa1a66fd8ca64e
 SHA512:
-  metadata.gz: 47c0f04fa3c7040c3f1f02f5555e4dbb6cdf15a8d62bbb709058b8f641a8e6c304f3294cd2349dbac288c0bcd2723338d33b5e6424f57076106b87bc82e7281c
-  data.tar.gz: 0f59b7a77013c4aaca16693e8852bffc990be1cb2be088ebdb03f639bfec1e3277d5e402ed4809a6b965355dba97df99e62fcf828857946de89afb58a0ef7734
+  metadata.gz: b74c2408af64d38611627af3e16a5723c32bbce47002e030ddc09b7793d4f72a42a933330554e5b5e4092d66f45564d7038bb96f1ae75131f70a1fa9c9a86acf
+  data.tar.gz: 324f4e82f7b3d8792798f44ec5647f56845590fd3bf317ad6737f19788c9483112464635417389b7cb024dc34c23edab0bf854ae086c54404a368c902d5eb420

data/Gemfile.lock

@@ -1,93 +1,65 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-splunk-hec (1.2.0)
-      fluent-plugin-kubernetes_metadata_filter (= 2.1.2)
-      fluentd (= 1.4)
+    fluent-plugin-splunk-hec (1.2.5)
+      fluentd (>= 1.4)
       multi_json (~> 1.13)
-      net-http-persistent (~> 3.0)
-      openid_connect (~> 1.1.6)
-      prometheus-client (~> 0.9.0)
+      net-http-persistent (~> 3.1)
+      openid_connect (~> 1.1.8)
+      prometheus-client (< 0.10.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (6.0.0)
-      activesupport (= 6.0.0)
-    activesupport (6.0.0)
+    activemodel (6.1.3)
+      activesupport (= 6.1.3)
+    activesupport (6.1.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-      zeitwerk (~> 2.1, >= 2.1.8)
-    addressable (2.6.0)
-      public_suffix (>= 2.0.2, < 4.0)
-    aes_key_wrap (1.0.1)
-    ast (2.4.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.7.0)
+      public_suffix (>= 2.0.2, < 5.0)
+    aes_key_wrap (1.1.0)
+    ast (2.4.2)
     attr_required (1.0.1)
-    bindata (2.4.4)
-    concurrent-ruby (1.1.5)
-    connection_pool (2.2.2)
-    cool.io (1.5.4)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    dig_rb (1.0.1)
-    docile (1.3.1)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    fluent-plugin-kubernetes_metadata_filter (2.1.2)
-      fluentd (>= 0.14.0, < 2)
-      kubeclient (~> 1.1.4)
-      lru_redux
-    fluentd (1.4.0)
+    bindata (2.4.8)
+    concurrent-ruby (1.1.8)
+    connection_pool (2.2.3)
+    cool.io (1.7.1)
+    crack (0.4.5)
+      rexml
+    docile (1.3.5)
+    fluentd (1.12.1)
+      bundler
       cool.io (>= 1.4.5, < 2.0.0)
-      dig_rb (~> 1.0.0)
       http_parser.rb (>= 0.5.1, < 0.7.0)
-      msgpack (>= 0.7.0, < 2.0.0)
-      serverengine (>= 2.0.4, < 3.0.0)
+      msgpack (>= 1.3.1, < 2.0.0)
+      serverengine (>= 2.2.2, < 3.0.0)
       sigdump (~> 0.2.2)
       strptime (>= 0.2.2, < 1.0.0)
-      tzinfo (~> 1.0)
+      tzinfo (>= 1.0, < 3.0)
       tzinfo-data (~> 1.0)
       yajl-ruby (~> 1.0)
-    hashdiff (0.4.0)
-    http (0.9.8)
-      addressable (~> 2.3)
-      http-cookie (~> 1.0)
-      http-form_data (~> 1.0.1)
-      http_parser.rb (~> 0.6.0)
-    http-accept (1.7.0)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
-    http-form_data (1.0.3)
+    hashdiff (1.0.1)
     http_parser.rb (0.6.0)
     httpclient (2.8.3)
-    i18n (1.7.0)
+    i18n (1.8.9)
       concurrent-ruby (~> 1.0)
-    jaro_winkler (1.5.2)
-    json (2.1.0)
-    json-jwt (1.10.2)
+    jaro_winkler (1.5.4)
+    json-jwt (1.13.0)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
-    kubeclient (1.1.4)
-      activesupport
-      http (= 0.9.8)
-      recursive-open-struct (= 1.0.0)
-      rest-client
-    lru_redux (1.1.0)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    mime-types (3.3)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
     mini_mime (1.0.2)
-    minitest (5.11.3)
-    msgpack (1.3.1)
-    multi_json (1.14.1)
+    minitest (5.14.4)
+    msgpack (1.4.2)
+    multi_json (1.15.0)
     net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
-    netrc (0.11.0)
     openid_connect (1.1.8)
       activemodel
       attr_required (>= 1.0.0)
@@ -98,30 +70,25 @@ GEM
       validate_email
       validate_url
       webfinger (>= 1.0.1)
-    parallel (1.13.0)
-    parser (2.6.0.0)
-      ast (~> 2.4.0)
-    power_assert (1.1.4)
-    powerpack (0.1.2)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    power_assert (2.0.0)
+    powerpack (0.1.3)
     prometheus-client (0.9.0)
       quantile (~> 0.2.1)
-    public_suffix (3.1.1)
+    public_suffix (4.0.6)
     quantile (0.2.1)
-    rack (2.0.7)
-    rack-oauth2 (1.10.0)
+    rack (2.2.3)
+    rack-oauth2 (1.16.0)
       activesupport
       attr_required
       httpclient
-      json-jwt (>= 1.9.0)
-      rack
+      json-jwt (>= 1.11.0)
+      rack (>= 2.1.0)
     rainbow (3.0.0)
-    rake (12.3.2)
-    recursive-open-struct (1.0.0)
-    rest-client (2.1.0)
-      http-accept (>= 1.7.0, < 2.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
+    rake (13.0.3)
+    rexml (3.2.4)
     rubocop (0.63.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -130,36 +97,32 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.4.0)
-    ruby-progressbar (1.10.0)
-    safe_yaml (1.0.5)
-    serverengine (2.1.1)
+    ruby-progressbar (1.11.0)
+    serverengine (2.2.3)
       sigdump (~> 0.2.2)
     sigdump (0.2.4)
-    simplecov (0.16.1)
+    simplecov (0.21.2)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    strptime (0.2.3)
-    swd (1.1.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
+    strptime (0.2.5)
+    swd (1.2.0)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
-    test-unit (3.3.3)
+    test-unit (3.4.0)
       power_assert
-    thread_safe (0.3.6)
-    tzinfo (1.2.5)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.3)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    tzinfo-data (1.2021.1)
       tzinfo (>= 1.0.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.6)
     unicode-display_width (1.4.1)
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
-    validate_url (1.0.8)
+    validate_url (1.0.13)
       activemodel (>= 3.0.0)
       public_suffix
     webfinger (1.1.0)
@@ -170,7 +133,7 @@ GEM
       crack (>= 0.3.2)
       hashdiff
     yajl-ruby (1.4.1)
-    zeitwerk (2.2.0)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby
@@ -179,11 +142,11 @@ DEPENDENCIES
   bundler (~> 2.0)
   fluent-plugin-splunk-hec!
   minitest (~> 5.0)
-  rake (~> 12.0)
+  rake (>= 12.0)
   rubocop (~> 0.63.1)
   simplecov
   test-unit (~> 3.0)
   webmock (~> 3.5.0)
 
 BUNDLED WITH
-   2.0.2
+   2.2.15

data/LICENSE

@@ -214,21 +214,89 @@ Apache License 2.0
 The following components are provided under the Apache License 2.0. See project link for details.
 
     (Apache License 2.0) fluentd (https://github.com/fluent/fluentd/blob/master/LICENSE)
+    (Apache License 2.0) ffi-compiler (https://github.com/ffi/ffi-compiler/blob/master/LICENSE)
+    (Apache License 2.0) msgpack (https://github.com/msgpack/msgpack-ruby/blob/master/LICENSE)
+    (Apache License 2.0) prometheus-client (https://github.com/prometheus/client_ruby/blob/master/LICENSE)
+    (Apache License 2.0) quantile (https://github.com/matttproud/ruby_quantile_estimation/blob/master/LICENSE)
+    (Apache License 2.0) serverengine (https://github.com/treasure-data/serverengine/blob/master/LICENSE)
+    (Apache License 2.0) addressable (https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt)
+    (Apache License 2.0) fluent-plugin-kubernetes_metadata_filter (https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/LICENSE.txt)
+    (Apache License 2.0) thread_safe (https://github.com/ruby-concurrency/thread_safe/blob/master/LICENSE)
 
 ========================================================================
 MIT licenses
 ========================================================================
 The following components are provided under the MIT License. See project link for details.
 
-    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
-    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent/blob/master/README.rdoc#license)
+    (MIT License) activemodel (https://github.com/rails/rails/blob/v6.0.2.1/activemodel/MIT-LICENSE)
+    (MIT License) activesupport (https://github.com/rails/rails/blob/v6.0.2.1/activesupport/MIT-LICENSE)
+    (MIT License) aes_key_wrap (https://github.com/tomdalling/aes_key_wrap/blob/master/LICENSE.txt)
+    (MIT License) ast (https://github.com/whitequark/ast/blob/master/LICENSE.MIT)
+    (MIT License) attr_required (https://github.com/nov/attr_required/blob/master/LICENSE)
     (MIT License) bundler (https://github.com/bundler/bundler/blob/master/LICENSE.md)
+    (MIT License) concurrent-ruby (https://github.com/ruby-concurrency/concurrent-ruby/blob/master/LICENSE.md)
+    (MIT License) connection_pool (https://github.com/mperham/connection_pool/blob/master/LICENSE)
+    (MIT License) cool.io (https://github.com/tarcieri/cool.io/blob/master/LICENSE)
+    (MIT License) crack (https://github.com/jnunemaker/crack/blob/master/LICENSE)
+    (MIT License) docile (https://github.com/ms-ati/docile/blob/master/LICENSE)
+    (MIT License) hashdiff (https://github.com/liufengyun/hashdiff/blob/master/LICENSE)
+    (MIT License) http (https://github.com/httprb/http/blob/master/LICENSE.txt)
+    (MIT License) http_parser.rb (https://github.com/tmm1/http_parser.rb/blob/master/LICENSE-MIT)
+    (MIT License) http-accept (https://github.com/socketry/http-accept#license)
+    (MIT License) http-cookie (https://github.com/sparklemotion/http-cookie/blob/master/LICENSE.txt)
+    (MIT License) http-form_data (https://github.com/httprb/form_data/blob/master/LICENSE.txt)
+    (MIT License) http-parser (https://github.com/cotag/http-parser/blob/master/LICENSE)
+    (MIT License) i18n (https://github.com/ruby-i18n/i18n/blob/master/MIT-LICENSE)
+    (MIT License) jaro_winkler (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) json-jwt (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) kubeclient (https://github.com/abonas/kubeclient/blob/master/LICENSE.txt)
+    (MIT License) lru_redux (https://github.com/SamSaffron/lru_redux/blob/master/LICENSE.txt)
+    (MIT License) mail (https://github.com/mikel/mail/blob/master/MIT-LICENSE)
+    (MIT License) mime-types (https://github.com/mime-types/ruby-mime-types/blob/master/Licence.md)
+    (MIT License) mime-types-data (https://github.com/mime-types/mime-types-data/blob/master/Licence.md)
+    (MIT License) mini_mime (https://github.com/discourse/mini_mime/blob/master/LICENSE.txt)
+    (MIT License) minitest (https://github.com/seattlerb/minitest)
+    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
+    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent)
+    (MIT License) netrc (https://github.com/heroku/netrc/blob/master/LICENSE.md)
+    (MIT License) openid_connect (https://github.com/nov/openid_connect/blob/master/LICENSE)
+    (MIT License) parallel (https://github.com/grosser/parallel/blob/master/MIT-LICENSE.txt)
+    (MIT License) parser (https://github.com/whitequark/parser/blob/master/LICENSE.txt)
+    (MIT License) powerpack (https://github.com/bbatsov/powerpack/blob/master/LICENSE.txt)
+    (MIT License) public_suffix (https://github.com/weppos/publicsuffix-ruby/blob/master/LICENSE.txt)
+    (MIT License) rack (https://github.com/rack/rack/blob/master/MIT-LICENSE)
+    (MIT License) rack-oauth2 (https://github.com/nov/rack-oauth2/blob/master/LICENSE)
+    (MIT License) rainbow (https://github.com/sickill/rainbow/blob/master/LICENSE)
     (MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
+    (MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
+    (MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
+    (MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
+    (MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
+    (MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
+    (MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)
+    (MIT License) simplecov (https://github.com/colszowka/simplecov/blob/master/LICENSE)
+    (MIT License) simplecov-html (https://github.com/colszowka/simplecov-html/blob/master/LICENSE)
+    (MIT License) swd (https://github.com/nov/SWD/blob/master/LICENSE)
+    (MIT License) tzinfo (https://github.com/tzinfo/tzinfo/blob/master/LICENSE)
+    (MIT License) tzinfo-data (https://github.com/tzinfo/tzinfo-data/blob/master/LICENSE)
+    (MIT License) unf_ext (https://github.com/knu/ruby-unf_ext/blob/master/LICENSE.txt)
+    (MIT License) unicode-display_width (https://github.com/janlelis/unicode-display_width/blob/master/MIT-LICENSE.txt)
+    (MIT License) validate_email (https://github.com/perfectline/validates_email/blob/master/MIT-LICENSE)
+    (MIT License) validate_url (https://github.com/perfectline/validates_url/blob/master/LICENSE.md)
+    (MIT License) webfinger (https://github.com/nov/webfinger/blob/master/LICENSE.txt)
     (MIT License) webmock (https://github.com/bblimke/webmock/blob/master/LICENSE)
-    (MIT License) minitest (https://github.com/seattlerb/minitest/blob/master/README.rdoc#license)
+    (MIT License) yajl-ruby (https://github.com/brianmario/yajl-ruby/blob/master/LICENSE)
 
 ========================================================================
-For test-unit:
+For the rest:
 ========================================================================
 
-See https://github.com/test-unit/test-unit/blob/master/COPYING
+     bindata (https://github.com/dmendel/bindata/blob/master/COPYING)
+     httpclient (https://github.com/nahi/httpclient/#license)
+     json (https://www.ruby-lang.org/en/about/license.txt)
+     test-unit (https://github.com/test-unit/test-unit)
+     unf (https://github.com/knu/ruby-unf/blob/master/LICENSE)
+     power_assert (https://github.com/k-tsj/power_assert/blob/master/BSDL)
+     strptime (https://github.com/nurse/strptime/blob/master/LICENSE.txt)
+     domain_name (https://github.com/knu/ruby-domain_name/blob/master/LICENSE.txt)
+     ffi (https://github.com/ffi/ffi/blob/master/LICENSE)

data/README.md

@@ -2,13 +2,13 @@
 # fluent-plugin-splunk-hec
 
 [Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
-1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
-2) Via the [Splunk Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
+1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/> 
+2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
 
 ## Installation
 
 ### RubyGems
-```
+``` 
 $ gem install fluent-plugin-splunk-hec
 ```
 ### Bundler
@@ -29,7 +29,7 @@ $ bundle
 
 * See also: [Output Plugin Overview](https://docs.fluentd.org/v1.0/articles/output-plugin-overview)
 
-#### Example 1: Minimum Configuration
+#### Example 1: Minimum HEC Configuration
 
 ```
 <match **>
@@ -43,17 +43,18 @@ $ bundle
 This example is very basic, it just tells the plugin to send events to Splunk HEC on `https://12.34.56.78:8088` (https is the default protocol), using the HEC token `00000000-0000-0000-0000-000000000000`. It will use whatever index, source, sourcetype are configured in HEC. And the `host` of each event is the hostname of the machine which running fluentd.
 
 
-#### Example 2: Configuration example
+#### Example 2: SCS Ingest Configuration example
 
 ```
 <match **>
 @type splunk_ingest_api
 service_client_identifier xxxxxxxx
 service_client_secret_key xxxx-xxxxx
-token_endpoint /system/identity/v2beta1/token
-ingest_api_host api.url.splunk.com
-ingest_api_tenant mytenant
-ingest_api_events_endpoint /ingest/mybuild/events
+token_endpoint /token
+ingest_auth_host auth.scp.splunk.com
+ingest_api_host api.scp.splunk.com
+ingest_api_tenant <mytenant>
+ingest_api_events_endpoint /<mytenant>/ingest/v1beta2/events
 debug_http false
 </match>
 ```
@@ -157,7 +158,7 @@ This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_
 
 #### protocol (enum) (optional)
 
-This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
+This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is 
 set to `https` by default.
 
 ### hec_host (string) (required)
@@ -194,72 +195,74 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the
 
 ### Parameters for `splunk_ingest_api`
 
-### service_client_identifier: (optional) (string)
+### service_client_identifier: (optional) (string) 
 
 Splunk uses the client identifier to make authorized requests to the ingest API.
 
-### service_client_secret_key: (string)
+### service_client_secret_key: (string) 
 
 The client identifier uses this authorization to make requests to the ingest API.
 
-### token_endpoint: (string)
+### token_endpoint: (string) 
 
 This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
 
-### ingest_api_host: (string)
+### ingest_api_host: (string) 
 
 Indicates which url/hostname to use for requests to the ingest API.
 
-### ingest_api_tenant: (string)
+### ingest_api_tenant: (string) 
 
 Indicates which tenant Splunk should use for requests to the ingest API.
 
-### ingest_api_events_endpoint: (string)
+### ingest_api_events_endpoint: (string) 
 
 Indicates which endpoint to use for requests to the ingest API.
 
-### debug_http: (bool)
+### debug_http: (bool) 
 Set to True if you want to debug requests and responses to ingest API. Default is false.
 
 ### Parameters for both `splunk_hec` and `splunk_ingest_api`
 
 ### index (string) (optional)
 
-Identifier for the Splunk index to be used for indexing events. If this parameter is not set,
-the indexer is chosen by HEC. This parameter only works in conjunction with the `index_key` parameter.
+Identifier for the Splunk index to be used for indexing events. If this parameter is not set,  
+the indexer is chosen by HEC. Cannot set both `index` and `index_key` parameters at the same time.
 
 ### index_key (string) (optional)
 
-The field name that contains the Splunk index name. This parameter works in conjunction with `index` and will
-not work if the `index` parameter is not set.
+The field name that contains the Splunk index name. Cannot set both `index` and `index_key` parameters at the same time.
 
 ### host (string) (optional)
 
-The host location for events. This parameter only works in conjunction with the `host_key` parameter.
+The host location for events. Cannot set both `host` and `host_key` parameters at the same time.  
 If the parameter is not set, the default value is the hostname of the machine runnning fluentd.
 
 ### host_key (string) (optional)
 
-Key for the host location. This parameter only works in conjunction with the `host` parameter. If the `host`
-parameter is not set, this parameter is ignored.
+Key for the host location. Cannot set both `host` and `host_key` parameters at the same time.  
 
 ### source (string) (optional)
 
-The source field for events. If this parameter is not set, the source will be decided by HEC. This
-parameter only works in conjunction with the `source_key` parameter.
+The source field for events. If this parameter is not set, the source will be decided by HEC.  
+Cannot set both `source` and `source_key` parameters at the same time.  
 
 ### source_key (string) (optional)
 
-Field name to contain source. This parameter only works in conjunction with the `source` parameter.
+Field name to contain source. Cannot set both `source` and `source_key` parameters at the same time.
 
 ### sourcetype (string) (optional)
 
-The sourcetype field for events. When not set, the sourcetype is decided by HEC. This parameter only works in
-conjunction with the `sourcetype_key` parameter.
+The sourcetype field for events. When not set, the sourcetype is decided by HEC.  
+Cannot set both `source` and `source_key` parameters at the same time.  
 
 ### sourcetype_key (string) (optional)
 
-Field name that contains the sourcetype. This parameter only works in conjunction with the `sourcetype` parameter.
+Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
+
+### time_key (string) (optional)
+
+Field name to contain Splunk event time. By default will use fluentd\'d time.
 
 ### fields (init) (optional)
 
@@ -274,6 +277,14 @@ When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `
 
 Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
 
+### app_name (string) (Optional)
+
+Splunk app name using this plugin (default to `hec_plugin_gem`)
+
+### app_version (string) (Optional)
+
+The version of Splunk app using this this plugin (default to plugin version)
+
 #### When `data_type` is `event`
 
 In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
@@ -286,7 +297,7 @@ In this case, parameters inside `<fields>` are used as indexed fields and remove
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -320,7 +331,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
 
 #### When `data_type` is `metric`
 
-For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
+For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration: 
 
 ```
 <match **>
@@ -333,7 +344,7 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -371,7 +382,7 @@ Multiple `<format>` sections can be defined to use different formatters for diff
   </format>
 ```
 
-This example:
+This example: 
 - Formats events with tags that start with `sometag.` with the `single_value` formatter
 - Formats events with tags `some.othertag` with the `csv` formatter
 - Formats all other events with the `json` formatter (the default formatter)
@@ -388,31 +399,15 @@ The following parameters can be used for tuning HTTP connections:
 
 #### idle_timeout (integer)
 
-The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
+The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts. 
 
 #### read_timeout (integer)
-The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout.
+The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout. 
 
 #### open_timeout (integer)
 
 The amount of time to wait for a connection to be opened. The default is `nil`, which means no timeout.
 
-### Net::HTTP::Persistent parameters (optional)
-
-The following parameters can be used for tuning HTTP connections
-
-#### idle_timeout (integer)
-
-The default is 5 seconds. If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection; nil means no timeout.
-
-#### read_timeout (integer)
-
-The default is nil. The amount of time allowed between reading two chunks from the socket.
-
-#### open_timeout (integer)
-
-The default is nil. The amount of time to wait for a connection to be opened.
-
 ### SSL parameters
 
 The following optional parameters let you configure SSL for HTTPS protocol.
@@ -439,7 +434,15 @@ List of SSl ciphers allowed.
 
 #### insecure_ssl (bool)
 
-Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default.
+Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
+
+#### require_ssl_min_version (bool)
+
+When set to true, TLS version 1.1 and above is required.
+
+#### consume_chunk_on_4xx_errors (bool)
+
+Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
 
 ## About Buffer
 
@@ -454,4 +457,4 @@ Here are some hints:
 
 ## License
 
-Please see [LICENSE](LICENSE).
+Please see [LICENSE](LICENSE). 

data/VERSION

@@ -1 +1 @@
-1.2.0
+1.2.5

data/fluent-plugin-splunk-hec.gemspec

@@ -33,15 +33,14 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3.0'
 
-  spec.add_runtime_dependency 'fluent-plugin-kubernetes_metadata_filter', '= 2.1.2'
-  spec.add_runtime_dependency 'fluentd', '= 1.4'
+  spec.add_runtime_dependency 'fluentd', '>= 1.4'
   spec.add_runtime_dependency 'multi_json', '~> 1.13'
-  spec.add_runtime_dependency 'net-http-persistent', '~> 3.0'
-  spec.add_runtime_dependency 'openid_connect', '~> 1.1.6'
-  spec.add_runtime_dependency 'prometheus-client', '~> 0.9.0'
+  spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
+  spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
+  spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
 
   spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'rake', '~> 12.0'
+  spec.add_development_dependency 'rake', '>= 12.0'
   # required by fluent/test.rb
   spec.add_development_dependency 'minitest', '~> 5.0'
   spec.add_development_dependency 'rubocop', '~> 0.63.1'

data/lib/fluent/plugin/out_splunk.rb

@@ -13,7 +13,7 @@ module Fluent::Plugin
     autoload :VERSION, 'fluent/plugin/out_splunk/version'
     autoload :MatchFormatter, 'fluent/plugin/out_splunk/match_formatter'
 
-    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value].freeze
+    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value time].freeze
     TAG_PLACEHOLDER = '${tag}'
 
     desc 'The host field for events, by default it uses the hostname of the machine that runnning fluentd. This is exclusive with `host_key`.'
@@ -51,6 +51,9 @@ module Fluent::Plugin
       # this is blank on purpose
     end
 
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -152,11 +155,12 @@ module Fluent::Plugin
 
       @metrics[:status_counter].increment(metric_labels(status: response.code.to_s))
 
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
+
       # raise Exception to utilize Fluentd output plugin retry mechanism
-      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if response.code.to_s.start_with?('5')
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       unless response.code.to_s.start_with?('2')
         log.error "#{self.class}: Failed POST to #{@api}, response: #{response.body}"
         log.error { "#{self.class}: Failed request body: #{post.body}" }

data/lib/fluent/plugin/out_splunk_hec.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
-
+$LOAD_PATH.unshift(File.expand_path('..', __dir__))
+require 'fluent/env'
 require 'fluent/output'
 require 'fluent/plugin/output'
 require 'fluent/plugin/formatter'
@@ -62,6 +63,9 @@ module Fluent::Plugin
     desc 'List of SSL ciphers allowed.'
     config_param :ssl_ciphers, :array, default: nil
 
+    desc 'When set to true, TLS version 1.1 and above is required.'
+    config_param :require_ssl_min_version, :bool, default: true
+
     desc 'Indicates if insecure SSL connection is allowed.'
     config_param :insecure_ssl, :bool, default: false
 
@@ -71,9 +75,6 @@ module Fluent::Plugin
     desc 'The Splunk index to index events. When not set, will be decided by HEC. This is exclusive with `index_key`'
     config_param :index, :string, default: nil
 
-    desc 'Field name to contain Splunk event time. By default will use fluentd\'d time'
-    config_param :time_key, :string, default: nil
-
     desc 'Field name to contain Splunk index name. This is exclusive with `index`.'
     config_param :index_key, :string, default: nil
 
@@ -89,11 +90,20 @@ module Fluent::Plugin
     desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
     config_param :keep_keys, :bool, default: false
 
+    desc 'App name'
+    config_param :app_name, :string, default: "hec_plugin_gem"
+
+    desc 'App version'
+    config_param :app_version, :string, default: "#{VERSION}"
+
     desc 'Define index-time fields for event data type, or metric dimensions for metric data type. Null value fields will be removed.'
     config_section :fields, init: false, multi: false, required: false do
       # this is blank on purpose
     end
 
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -136,10 +146,15 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
         c.override_headers['Authorization'] = "Splunk #{@hec_token}"
+        c.override_headers['__splunk_app_name'] = "#{@app_name}"
+        c.override_headers['__splunk_app_version'] = "#{@app_version}"
+
       end
     end
 
@@ -172,7 +187,7 @@ module Fluent::Plugin
     end
 
     def format_event(tag, time, record)
-      MultiJson.dump({
+      d = {
         host: @host ? @host.(tag, record) : @default_host,
         # From the API reference
         # http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
@@ -205,7 +220,12 @@ module Fluent::Plugin
             record = formatter.format(tag, time, record)
           end
           payload[:event] = convert_to_utf8 record
-      })
+      }
+      if d[:event] == "{}"
+        log.warn { "Event after formatting was blank, not sending" }
+        return ""
+      end
+      MultiJson.dump(d)
     end
 
     def format_metric(tag, time, record)
@@ -272,13 +292,18 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
         c.idle_timeout = @idle_timeout
         c.read_timeout = @read_timeout
         c.open_timeout = @open_timeout
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
         c.override_headers['Authorization'] = "Splunk #{@hec_token}"
+        c.override_headers['__splunk_app_name'] = "#{@app_name}"
+        c.override_headers['__splunk_app_version'] = "#{@app_version}"
+
       end
     end
 
@@ -292,13 +317,14 @@ module Fluent::Plugin
       response = @conn.request @api, post
       t2 = Time.now
 
-      # raise Exception to utilize Fluentd output plugin retry machanism
-      raise "Server error (#{response.code}) for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
+
+      # raise Exception to utilize Fluentd output plugin retry mechanism
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       if not response.code.start_with?('2')
-        log.error "Failed POST to #{@hec_api}, response: #{response.body}"
+        log.error "Failed POST to #{@api}, response: #{response.body}"
         log.debug { "Failed request body: #{post.body}" }
       end
 
@@ -330,7 +356,7 @@ module Fluent::Plugin
           invalid: :replace,
           undef: :replace,
           replace: @non_utf8_replacement_string)
-            else
+      else
         begin
           input.encode('utf-8')
         rescue EncodingError

data/lib/fluent/plugin/out_splunk_ingest_api.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-
+$LOAD_PATH.unshift(File.expand_path('..', __dir__))
 require 'fluent/plugin/out_splunk'
 require 'openid_connect'
 require 'rack/oauth2'
@@ -16,10 +16,13 @@ module Fluent::Plugin
     config_param :service_client_secret_key, :string, default: nil
 
     desc 'Token Endpoint'
-    config_param :token_endpoint, :string, default: '/system/identity/v1/token'
+    config_param :token_endpoint, :string, default: '/token'
+
+    desc 'Token Auth Hostname'
+    config_param :ingest_auth_host, :string, default: 'auth.scp.splunk.com'
 
     desc 'Ingest Api Hostname'
-    config_param :ingest_api_host, :string, default: 'api.splunkbeta.com'
+    config_param :ingest_api_host, :string, default: 'api.scp.splunk.com'
 
     desc 'Ingest API Tenant Name'
     config_param :ingest_api_tenant, :string
@@ -90,7 +93,7 @@ module Fluent::Plugin
         identifier: @service_client_identifier,
         secret: @service_client_secret_key,
         redirect_uri: 'http://localhost:8080/', # Not used
-        host: @ingest_api_host,
+        host: @ingest_auth_host,
         scheme: 'https'
       )
 

data/test/fluent/plugin/out_splunk_hec_test.rb

@@ -57,6 +57,9 @@ describe Fluent::Plugin::SplunkHecOutput do
       assert_nil(create_hec_output_driver('hec_host hec_token').instance.index_key)
       expect(create_hec_output_driver('hec_host hec_token').instance.index_key).is_a? String
     end
+    it 'should consume chunks on 4xx errors' do
+      expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
+    end
   end
 
   describe 'hec_host validation' do
@@ -100,15 +103,6 @@ describe Fluent::Plugin::SplunkHecOutput do
     assert_nil(test_driver.instance.time_key)
   end
 
-  # it "should contain splunk event time field via fluentd, as nil" do
-  #   expect(create_output_driver('hec_host splunk.com').instance.time_key).must_equal nil
-  # end
-  #
-  it "should contain splunk event time field via fluentd, as nil" do
-        test_driver = create_output_driver('hec_host splunk.com')
-        assert_nil(test_driver.instance.time_key)
-  end
-
   it "should use host machine's hostname for event host by default" do
     verify_sent_events do |batch|
       batch.each do |item|
@@ -148,6 +142,7 @@ describe Fluent::Plugin::SplunkHecOutput do
       host_key       from
       source_key     file
       sourcetype_key agent.name
+      time_key       timestamp
     CONF
       batch.each do |item|
         expect(item['index']).must_equal 'info'
@@ -156,7 +151,7 @@ describe Fluent::Plugin::SplunkHecOutput do
         expect(item['sourcetype']).must_equal 'test'
 
         JSON.load(item['event']).tap do |event|
-          %w[level from file].each { |field| expect(event).wont_include field }
+          %w[level from file timestamp].each { |field| expect(event).wont_include field }
           expect(event['agent']).wont_include 'name'
         end
       end
@@ -229,6 +224,24 @@ describe Fluent::Plugin::SplunkHecOutput do
     end
   end
 
+  it 'should not send blank events' do
+    verify_sent_events(<<~CONF) do |batch|
+      <fields>
+        from
+        logLevel level
+        nonexist
+        log
+        file
+        value
+        id
+        agent
+        timestamp
+      </fields>
+    CONF
+      expect(batch.length).must_equal 0
+    end
+  end
+
   describe 'metric' do
     it 'should check related configs' do
       expect(
@@ -358,7 +371,8 @@ describe Fluent::Plugin::SplunkHecOutput do
       'agent' => {
         'name' => 'test',
         'version' => '1.0.0'
-      }
+      },
+      'timestamp' => 'time'
     }
     events = [
       ['tag.event1', event_time, { 'id' => '1st' }.merge(Marshal.load(Marshal.dump(event)))],

data/test/fluent/plugin/out_splunk_ingest_api_test.rb

@@ -6,8 +6,8 @@ describe Fluent::Plugin::SplunkIngestApiOutput do
   include Fluent::Test::Helpers
   include PluginTestHelper
 
-  INGEST_API_ENDPOINT = 'https://api.splunkbeta.com/tenant_name/ingest/v1beta2/events'
-  AUTH_TOKEN_ENDPOINT = 'https://api.splunkbeta.com/system/identity/v1/token'
+  INGEST_API_ENDPOINT = 'https://api.scp.splunk.com/tenant_name/ingest/v1beta2/events'
+  AUTH_TOKEN_ENDPOINT = 'https://auth.scp.splunk.com/token'
 
   before { Fluent::Test.setup } # setup router and others
 

metadata

@@ -1,41 +1,27 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-splunk-hec
 version: !ruby/object:Gem::Version
-  version: 1.2.0
+  version: 1.2.5
 platform: ruby
 authors:
 - Splunk Inc.
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-10-16 00:00:00.000000000 Z
+date: 2021-03-29 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: fluent-plugin-kubernetes_metadata_filter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.1.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 2.1.2
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.4'
 - !ruby/object:Gem::Dependency
@@ -58,42 +44,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '3.1'
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.6
+        version: 1.1.8
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 1.1.6
+        version: 1.1.8
 - !ruby/object:Gem::Dependency
   name: prometheus-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.10.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<"
       - !ruby/object:Gem::Version
-        version: 0.9.0
+        version: 0.10.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -112,14 +98,14 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '12.0'
 - !ruby/object:Gem::Dependency
@@ -229,7 +215,7 @@ homepage: https://github.com/splunk/fluent-plugin-splunk-hec
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -245,17 +231,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubygems_version: 3.0.6
-signing_key: 
+signing_key:
 specification_version: 4
 summary: Fluentd plugin for Splunk HEC.
 test_files:
+- test/fluent/plugin/out_splunk_hec_test.rb
+- test/fluent/plugin/out_splunk_ingest_api_test.rb
+- test/lib/webmock/http_lib_adapters/patron_adapter.rb
+- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
 - test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
 - test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
-- test/lib/webmock/http_lib_adapters/patron_adapter.rb
 - test/lib/webmock/http_lib_adapters/curb_adapter.rb
-- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
 - test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
 - test/lib/webmock/http_lib_adapters/excon_adapter.rb
-- test/fluent/plugin/out_splunk_ingest_api_test.rb
-- test/fluent/plugin/out_splunk_hec_test.rb
 - test/test_helper.rb