fluent-plugin-splunk-hec 1.2.0 → 1.2.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +64 -101
- data/LICENSE +73 -5
- data/README.md +57 -54
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +5 -6
- data/lib/fluent/plugin/out_splunk.rb +8 -4
- data/lib/fluent/plugin/out_splunk_hec.rb +38 -12
- data/lib/fluent/plugin/out_splunk_ingest_api.rb +7 -4
- data/test/fluent/plugin/out_splunk_hec_test.rb +25 -11
- data/test/fluent/plugin/out_splunk_ingest_api_test.rb +2 -2
- metadata +21 -35
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 964d0f2e9840a7fa66a70dafb6918b3a54b7586e0ed550a9651ac5e150b817a2
|
4
|
+
data.tar.gz: 97ef4f8a6f602bdfc359b4119800837c40571d0b717ba3a358aa1a66fd8ca64e
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b74c2408af64d38611627af3e16a5723c32bbce47002e030ddc09b7793d4f72a42a933330554e5b5e4092d66f45564d7038bb96f1ae75131f70a1fa9c9a86acf
|
7
|
+
data.tar.gz: 324f4e82f7b3d8792798f44ec5647f56845590fd3bf317ad6737f19788c9483112464635417389b7cb024dc34c23edab0bf854ae086c54404a368c902d5eb420
|
data/Gemfile.lock
CHANGED
@@ -1,93 +1,65 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
5
|
-
|
6
|
-
fluentd (= 1.4)
|
4
|
+
fluent-plugin-splunk-hec (1.2.5)
|
5
|
+
fluentd (>= 1.4)
|
7
6
|
multi_json (~> 1.13)
|
8
|
-
net-http-persistent (~> 3.
|
9
|
-
openid_connect (~> 1.1.
|
10
|
-
prometheus-client (
|
7
|
+
net-http-persistent (~> 3.1)
|
8
|
+
openid_connect (~> 1.1.8)
|
9
|
+
prometheus-client (< 0.10.0)
|
11
10
|
|
12
11
|
GEM
|
13
12
|
remote: https://rubygems.org/
|
14
13
|
specs:
|
15
|
-
activemodel (6.
|
16
|
-
activesupport (= 6.
|
17
|
-
activesupport (6.
|
14
|
+
activemodel (6.1.3)
|
15
|
+
activesupport (= 6.1.3)
|
16
|
+
activesupport (6.1.3)
|
18
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
19
|
-
i18n (>=
|
20
|
-
minitest (
|
21
|
-
tzinfo (~>
|
22
|
-
zeitwerk (~> 2.
|
23
|
-
addressable (2.
|
24
|
-
public_suffix (>= 2.0.2, <
|
25
|
-
aes_key_wrap (1.0
|
26
|
-
ast (2.4.
|
18
|
+
i18n (>= 1.6, < 2)
|
19
|
+
minitest (>= 5.1)
|
20
|
+
tzinfo (~> 2.0)
|
21
|
+
zeitwerk (~> 2.3)
|
22
|
+
addressable (2.7.0)
|
23
|
+
public_suffix (>= 2.0.2, < 5.0)
|
24
|
+
aes_key_wrap (1.1.0)
|
25
|
+
ast (2.4.2)
|
27
26
|
attr_required (1.0.1)
|
28
|
-
bindata (2.4.
|
29
|
-
concurrent-ruby (1.1.
|
30
|
-
connection_pool (2.2.
|
31
|
-
cool.io (1.
|
32
|
-
crack (0.4.
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
unf (>= 0.0.5, < 1.0.0)
|
38
|
-
fluent-plugin-kubernetes_metadata_filter (2.1.2)
|
39
|
-
fluentd (>= 0.14.0, < 2)
|
40
|
-
kubeclient (~> 1.1.4)
|
41
|
-
lru_redux
|
42
|
-
fluentd (1.4.0)
|
27
|
+
bindata (2.4.8)
|
28
|
+
concurrent-ruby (1.1.8)
|
29
|
+
connection_pool (2.2.3)
|
30
|
+
cool.io (1.7.1)
|
31
|
+
crack (0.4.5)
|
32
|
+
rexml
|
33
|
+
docile (1.3.5)
|
34
|
+
fluentd (1.12.1)
|
35
|
+
bundler
|
43
36
|
cool.io (>= 1.4.5, < 2.0.0)
|
44
|
-
dig_rb (~> 1.0.0)
|
45
37
|
http_parser.rb (>= 0.5.1, < 0.7.0)
|
46
|
-
msgpack (>=
|
47
|
-
serverengine (>= 2.
|
38
|
+
msgpack (>= 1.3.1, < 2.0.0)
|
39
|
+
serverengine (>= 2.2.2, < 3.0.0)
|
48
40
|
sigdump (~> 0.2.2)
|
49
41
|
strptime (>= 0.2.2, < 1.0.0)
|
50
|
-
tzinfo (
|
42
|
+
tzinfo (>= 1.0, < 3.0)
|
51
43
|
tzinfo-data (~> 1.0)
|
52
44
|
yajl-ruby (~> 1.0)
|
53
|
-
hashdiff (0.
|
54
|
-
http (0.9.8)
|
55
|
-
addressable (~> 2.3)
|
56
|
-
http-cookie (~> 1.0)
|
57
|
-
http-form_data (~> 1.0.1)
|
58
|
-
http_parser.rb (~> 0.6.0)
|
59
|
-
http-accept (1.7.0)
|
60
|
-
http-cookie (1.0.3)
|
61
|
-
domain_name (~> 0.5)
|
62
|
-
http-form_data (1.0.3)
|
45
|
+
hashdiff (1.0.1)
|
63
46
|
http_parser.rb (0.6.0)
|
64
47
|
httpclient (2.8.3)
|
65
|
-
i18n (1.
|
48
|
+
i18n (1.8.9)
|
66
49
|
concurrent-ruby (~> 1.0)
|
67
|
-
jaro_winkler (1.5.
|
68
|
-
json (
|
69
|
-
json-jwt (1.10.2)
|
50
|
+
jaro_winkler (1.5.4)
|
51
|
+
json-jwt (1.13.0)
|
70
52
|
activesupport (>= 4.2)
|
71
53
|
aes_key_wrap
|
72
54
|
bindata
|
73
|
-
kubeclient (1.1.4)
|
74
|
-
activesupport
|
75
|
-
http (= 0.9.8)
|
76
|
-
recursive-open-struct (= 1.0.0)
|
77
|
-
rest-client
|
78
|
-
lru_redux (1.1.0)
|
79
55
|
mail (2.7.1)
|
80
56
|
mini_mime (>= 0.1.1)
|
81
|
-
mime-types (3.3)
|
82
|
-
mime-types-data (~> 3.2015)
|
83
|
-
mime-types-data (3.2019.1009)
|
84
57
|
mini_mime (1.0.2)
|
85
|
-
minitest (5.
|
86
|
-
msgpack (1.
|
87
|
-
multi_json (1.
|
58
|
+
minitest (5.14.4)
|
59
|
+
msgpack (1.4.2)
|
60
|
+
multi_json (1.15.0)
|
88
61
|
net-http-persistent (3.1.0)
|
89
62
|
connection_pool (~> 2.2)
|
90
|
-
netrc (0.11.0)
|
91
63
|
openid_connect (1.1.8)
|
92
64
|
activemodel
|
93
65
|
attr_required (>= 1.0.0)
|
@@ -98,30 +70,25 @@ GEM
|
|
98
70
|
validate_email
|
99
71
|
validate_url
|
100
72
|
webfinger (>= 1.0.1)
|
101
|
-
parallel (1.
|
102
|
-
parser (
|
103
|
-
ast (~> 2.4.
|
104
|
-
power_assert (
|
105
|
-
powerpack (0.1.
|
73
|
+
parallel (1.20.1)
|
74
|
+
parser (3.0.0.0)
|
75
|
+
ast (~> 2.4.1)
|
76
|
+
power_assert (2.0.0)
|
77
|
+
powerpack (0.1.3)
|
106
78
|
prometheus-client (0.9.0)
|
107
79
|
quantile (~> 0.2.1)
|
108
|
-
public_suffix (
|
80
|
+
public_suffix (4.0.6)
|
109
81
|
quantile (0.2.1)
|
110
|
-
rack (2.
|
111
|
-
rack-oauth2 (1.
|
82
|
+
rack (2.2.3)
|
83
|
+
rack-oauth2 (1.16.0)
|
112
84
|
activesupport
|
113
85
|
attr_required
|
114
86
|
httpclient
|
115
|
-
json-jwt (>= 1.
|
116
|
-
rack
|
87
|
+
json-jwt (>= 1.11.0)
|
88
|
+
rack (>= 2.1.0)
|
117
89
|
rainbow (3.0.0)
|
118
|
-
rake (
|
119
|
-
|
120
|
-
rest-client (2.1.0)
|
121
|
-
http-accept (>= 1.7.0, < 2.0)
|
122
|
-
http-cookie (>= 1.0.2, < 2.0)
|
123
|
-
mime-types (>= 1.16, < 4.0)
|
124
|
-
netrc (~> 0.8)
|
90
|
+
rake (13.0.3)
|
91
|
+
rexml (3.2.4)
|
125
92
|
rubocop (0.63.1)
|
126
93
|
jaro_winkler (~> 1.5.1)
|
127
94
|
parallel (~> 1.10)
|
@@ -130,36 +97,32 @@ GEM
|
|
130
97
|
rainbow (>= 2.2.2, < 4.0)
|
131
98
|
ruby-progressbar (~> 1.7)
|
132
99
|
unicode-display_width (~> 1.4.0)
|
133
|
-
ruby-progressbar (1.
|
134
|
-
|
135
|
-
serverengine (2.1.1)
|
100
|
+
ruby-progressbar (1.11.0)
|
101
|
+
serverengine (2.2.3)
|
136
102
|
sigdump (~> 0.2.2)
|
137
103
|
sigdump (0.2.4)
|
138
|
-
simplecov (0.
|
104
|
+
simplecov (0.21.2)
|
139
105
|
docile (~> 1.1)
|
140
|
-
|
141
|
-
|
142
|
-
simplecov-html (0.
|
143
|
-
|
144
|
-
|
106
|
+
simplecov-html (~> 0.11)
|
107
|
+
simplecov_json_formatter (~> 0.1)
|
108
|
+
simplecov-html (0.12.3)
|
109
|
+
simplecov_json_formatter (0.1.2)
|
110
|
+
strptime (0.2.5)
|
111
|
+
swd (1.2.0)
|
145
112
|
activesupport (>= 3)
|
146
113
|
attr_required (>= 0.0.5)
|
147
114
|
httpclient (>= 2.4)
|
148
|
-
test-unit (3.
|
115
|
+
test-unit (3.4.0)
|
149
116
|
power_assert
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
tzinfo-data (1.2019.3)
|
117
|
+
tzinfo (2.0.4)
|
118
|
+
concurrent-ruby (~> 1.0)
|
119
|
+
tzinfo-data (1.2021.1)
|
154
120
|
tzinfo (>= 1.0.0)
|
155
|
-
unf (0.1.4)
|
156
|
-
unf_ext
|
157
|
-
unf_ext (0.0.7.6)
|
158
121
|
unicode-display_width (1.4.1)
|
159
122
|
validate_email (0.1.6)
|
160
123
|
activemodel (>= 3.0)
|
161
124
|
mail (>= 2.2.5)
|
162
|
-
validate_url (1.0.
|
125
|
+
validate_url (1.0.13)
|
163
126
|
activemodel (>= 3.0.0)
|
164
127
|
public_suffix
|
165
128
|
webfinger (1.1.0)
|
@@ -170,7 +133,7 @@ GEM
|
|
170
133
|
crack (>= 0.3.2)
|
171
134
|
hashdiff
|
172
135
|
yajl-ruby (1.4.1)
|
173
|
-
zeitwerk (2.2
|
136
|
+
zeitwerk (2.4.2)
|
174
137
|
|
175
138
|
PLATFORMS
|
176
139
|
ruby
|
@@ -179,11 +142,11 @@ DEPENDENCIES
|
|
179
142
|
bundler (~> 2.0)
|
180
143
|
fluent-plugin-splunk-hec!
|
181
144
|
minitest (~> 5.0)
|
182
|
-
rake (
|
145
|
+
rake (>= 12.0)
|
183
146
|
rubocop (~> 0.63.1)
|
184
147
|
simplecov
|
185
148
|
test-unit (~> 3.0)
|
186
149
|
webmock (~> 3.5.0)
|
187
150
|
|
188
151
|
BUNDLED WITH
|
189
|
-
2.
|
152
|
+
2.2.15
|
data/LICENSE
CHANGED
@@ -214,21 +214,89 @@ Apache License 2.0
|
|
214
214
|
The following components are provided under the Apache License 2.0. See project link for details.
|
215
215
|
|
216
216
|
(Apache License 2.0) fluentd (https://github.com/fluent/fluentd/blob/master/LICENSE)
|
217
|
+
(Apache License 2.0) ffi-compiler (https://github.com/ffi/ffi-compiler/blob/master/LICENSE)
|
218
|
+
(Apache License 2.0) msgpack (https://github.com/msgpack/msgpack-ruby/blob/master/LICENSE)
|
219
|
+
(Apache License 2.0) prometheus-client (https://github.com/prometheus/client_ruby/blob/master/LICENSE)
|
220
|
+
(Apache License 2.0) quantile (https://github.com/matttproud/ruby_quantile_estimation/blob/master/LICENSE)
|
221
|
+
(Apache License 2.0) serverengine (https://github.com/treasure-data/serverengine/blob/master/LICENSE)
|
222
|
+
(Apache License 2.0) addressable (https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt)
|
223
|
+
(Apache License 2.0) fluent-plugin-kubernetes_metadata_filter (https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/LICENSE.txt)
|
224
|
+
(Apache License 2.0) thread_safe (https://github.com/ruby-concurrency/thread_safe/blob/master/LICENSE)
|
217
225
|
|
218
226
|
========================================================================
|
219
227
|
MIT licenses
|
220
228
|
========================================================================
|
221
229
|
The following components are provided under the MIT License. See project link for details.
|
222
230
|
|
223
|
-
(MIT License)
|
224
|
-
(MIT License)
|
231
|
+
(MIT License) activemodel (https://github.com/rails/rails/blob/v6.0.2.1/activemodel/MIT-LICENSE)
|
232
|
+
(MIT License) activesupport (https://github.com/rails/rails/blob/v6.0.2.1/activesupport/MIT-LICENSE)
|
233
|
+
(MIT License) aes_key_wrap (https://github.com/tomdalling/aes_key_wrap/blob/master/LICENSE.txt)
|
234
|
+
(MIT License) ast (https://github.com/whitequark/ast/blob/master/LICENSE.MIT)
|
235
|
+
(MIT License) attr_required (https://github.com/nov/attr_required/blob/master/LICENSE)
|
225
236
|
(MIT License) bundler (https://github.com/bundler/bundler/blob/master/LICENSE.md)
|
237
|
+
(MIT License) concurrent-ruby (https://github.com/ruby-concurrency/concurrent-ruby/blob/master/LICENSE.md)
|
238
|
+
(MIT License) connection_pool (https://github.com/mperham/connection_pool/blob/master/LICENSE)
|
239
|
+
(MIT License) cool.io (https://github.com/tarcieri/cool.io/blob/master/LICENSE)
|
240
|
+
(MIT License) crack (https://github.com/jnunemaker/crack/blob/master/LICENSE)
|
241
|
+
(MIT License) docile (https://github.com/ms-ati/docile/blob/master/LICENSE)
|
242
|
+
(MIT License) hashdiff (https://github.com/liufengyun/hashdiff/blob/master/LICENSE)
|
243
|
+
(MIT License) http (https://github.com/httprb/http/blob/master/LICENSE.txt)
|
244
|
+
(MIT License) http_parser.rb (https://github.com/tmm1/http_parser.rb/blob/master/LICENSE-MIT)
|
245
|
+
(MIT License) http-accept (https://github.com/socketry/http-accept#license)
|
246
|
+
(MIT License) http-cookie (https://github.com/sparklemotion/http-cookie/blob/master/LICENSE.txt)
|
247
|
+
(MIT License) http-form_data (https://github.com/httprb/form_data/blob/master/LICENSE.txt)
|
248
|
+
(MIT License) http-parser (https://github.com/cotag/http-parser/blob/master/LICENSE)
|
249
|
+
(MIT License) i18n (https://github.com/ruby-i18n/i18n/blob/master/MIT-LICENSE)
|
250
|
+
(MIT License) jaro_winkler (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
|
251
|
+
(MIT License) json-jwt (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
|
252
|
+
(MIT License) kubeclient (https://github.com/abonas/kubeclient/blob/master/LICENSE.txt)
|
253
|
+
(MIT License) lru_redux (https://github.com/SamSaffron/lru_redux/blob/master/LICENSE.txt)
|
254
|
+
(MIT License) mail (https://github.com/mikel/mail/blob/master/MIT-LICENSE)
|
255
|
+
(MIT License) mime-types (https://github.com/mime-types/ruby-mime-types/blob/master/Licence.md)
|
256
|
+
(MIT License) mime-types-data (https://github.com/mime-types/mime-types-data/blob/master/Licence.md)
|
257
|
+
(MIT License) mini_mime (https://github.com/discourse/mini_mime/blob/master/LICENSE.txt)
|
258
|
+
(MIT License) minitest (https://github.com/seattlerb/minitest)
|
259
|
+
(MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
|
260
|
+
(MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent)
|
261
|
+
(MIT License) netrc (https://github.com/heroku/netrc/blob/master/LICENSE.md)
|
262
|
+
(MIT License) openid_connect (https://github.com/nov/openid_connect/blob/master/LICENSE)
|
263
|
+
(MIT License) parallel (https://github.com/grosser/parallel/blob/master/MIT-LICENSE.txt)
|
264
|
+
(MIT License) parser (https://github.com/whitequark/parser/blob/master/LICENSE.txt)
|
265
|
+
(MIT License) powerpack (https://github.com/bbatsov/powerpack/blob/master/LICENSE.txt)
|
266
|
+
(MIT License) public_suffix (https://github.com/weppos/publicsuffix-ruby/blob/master/LICENSE.txt)
|
267
|
+
(MIT License) rack (https://github.com/rack/rack/blob/master/MIT-LICENSE)
|
268
|
+
(MIT License) rack-oauth2 (https://github.com/nov/rack-oauth2/blob/master/LICENSE)
|
269
|
+
(MIT License) rainbow (https://github.com/sickill/rainbow/blob/master/LICENSE)
|
226
270
|
(MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
|
271
|
+
(MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
|
272
|
+
(MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
|
273
|
+
(MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
|
274
|
+
(MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
|
275
|
+
(MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
|
276
|
+
(MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)
|
277
|
+
(MIT License) simplecov (https://github.com/colszowka/simplecov/blob/master/LICENSE)
|
278
|
+
(MIT License) simplecov-html (https://github.com/colszowka/simplecov-html/blob/master/LICENSE)
|
279
|
+
(MIT License) swd (https://github.com/nov/SWD/blob/master/LICENSE)
|
280
|
+
(MIT License) tzinfo (https://github.com/tzinfo/tzinfo/blob/master/LICENSE)
|
281
|
+
(MIT License) tzinfo-data (https://github.com/tzinfo/tzinfo-data/blob/master/LICENSE)
|
282
|
+
(MIT License) unf_ext (https://github.com/knu/ruby-unf_ext/blob/master/LICENSE.txt)
|
283
|
+
(MIT License) unicode-display_width (https://github.com/janlelis/unicode-display_width/blob/master/MIT-LICENSE.txt)
|
284
|
+
(MIT License) validate_email (https://github.com/perfectline/validates_email/blob/master/MIT-LICENSE)
|
285
|
+
(MIT License) validate_url (https://github.com/perfectline/validates_url/blob/master/LICENSE.md)
|
286
|
+
(MIT License) webfinger (https://github.com/nov/webfinger/blob/master/LICENSE.txt)
|
227
287
|
(MIT License) webmock (https://github.com/bblimke/webmock/blob/master/LICENSE)
|
228
|
-
(MIT License)
|
288
|
+
(MIT License) yajl-ruby (https://github.com/brianmario/yajl-ruby/blob/master/LICENSE)
|
229
289
|
|
230
290
|
========================================================================
|
231
|
-
For
|
291
|
+
For the rest:
|
232
292
|
========================================================================
|
233
293
|
|
234
|
-
|
294
|
+
bindata (https://github.com/dmendel/bindata/blob/master/COPYING)
|
295
|
+
httpclient (https://github.com/nahi/httpclient/#license)
|
296
|
+
json (https://www.ruby-lang.org/en/about/license.txt)
|
297
|
+
test-unit (https://github.com/test-unit/test-unit)
|
298
|
+
unf (https://github.com/knu/ruby-unf/blob/master/LICENSE)
|
299
|
+
power_assert (https://github.com/k-tsj/power_assert/blob/master/BSDL)
|
300
|
+
strptime (https://github.com/nurse/strptime/blob/master/LICENSE.txt)
|
301
|
+
domain_name (https://github.com/knu/ruby-domain_name/blob/master/LICENSE.txt)
|
302
|
+
ffi (https://github.com/ffi/ffi/blob/master/LICENSE)
|
data/README.md
CHANGED
@@ -2,13 +2,13 @@
|
|
2
2
|
# fluent-plugin-splunk-hec
|
3
3
|
|
4
4
|
[Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
|
5
|
-
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
6
|
-
2) Via the
|
5
|
+
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
6
|
+
2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
|
7
7
|
|
8
8
|
## Installation
|
9
9
|
|
10
10
|
### RubyGems
|
11
|
-
```
|
11
|
+
```
|
12
12
|
$ gem install fluent-plugin-splunk-hec
|
13
13
|
```
|
14
14
|
### Bundler
|
@@ -29,7 +29,7 @@ $ bundle
|
|
29
29
|
|
30
30
|
* See also: [Output Plugin Overview](https://docs.fluentd.org/v1.0/articles/output-plugin-overview)
|
31
31
|
|
32
|
-
#### Example 1: Minimum Configuration
|
32
|
+
#### Example 1: Minimum HEC Configuration
|
33
33
|
|
34
34
|
```
|
35
35
|
<match **>
|
@@ -43,17 +43,18 @@ $ bundle
|
|
43
43
|
This example is very basic, it just tells the plugin to send events to Splunk HEC on `https://12.34.56.78:8088` (https is the default protocol), using the HEC token `00000000-0000-0000-0000-000000000000`. It will use whatever index, source, sourcetype are configured in HEC. And the `host` of each event is the hostname of the machine which running fluentd.
|
44
44
|
|
45
45
|
|
46
|
-
#### Example 2: Configuration example
|
46
|
+
#### Example 2: SCS Ingest Configuration example
|
47
47
|
|
48
48
|
```
|
49
49
|
<match **>
|
50
50
|
@type splunk_ingest_api
|
51
51
|
service_client_identifier xxxxxxxx
|
52
52
|
service_client_secret_key xxxx-xxxxx
|
53
|
-
token_endpoint /
|
54
|
-
|
55
|
-
|
56
|
-
|
53
|
+
token_endpoint /token
|
54
|
+
ingest_auth_host auth.scp.splunk.com
|
55
|
+
ingest_api_host api.scp.splunk.com
|
56
|
+
ingest_api_tenant <mytenant>
|
57
|
+
ingest_api_events_endpoint /<mytenant>/ingest/v1beta2/events
|
57
58
|
debug_http false
|
58
59
|
</match>
|
59
60
|
```
|
@@ -157,7 +158,7 @@ This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_
|
|
157
158
|
|
158
159
|
#### protocol (enum) (optional)
|
159
160
|
|
160
|
-
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
161
|
+
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
161
162
|
set to `https` by default.
|
162
163
|
|
163
164
|
### hec_host (string) (required)
|
@@ -194,72 +195,74 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the
|
|
194
195
|
|
195
196
|
### Parameters for `splunk_ingest_api`
|
196
197
|
|
197
|
-
### service_client_identifier: (optional) (string)
|
198
|
+
### service_client_identifier: (optional) (string)
|
198
199
|
|
199
200
|
Splunk uses the client identifier to make authorized requests to the ingest API.
|
200
201
|
|
201
|
-
### service_client_secret_key: (string)
|
202
|
+
### service_client_secret_key: (string)
|
202
203
|
|
203
204
|
The client identifier uses this authorization to make requests to the ingest API.
|
204
205
|
|
205
|
-
### token_endpoint: (string)
|
206
|
+
### token_endpoint: (string)
|
206
207
|
|
207
208
|
This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
|
208
209
|
|
209
|
-
### ingest_api_host: (string)
|
210
|
+
### ingest_api_host: (string)
|
210
211
|
|
211
212
|
Indicates which url/hostname to use for requests to the ingest API.
|
212
213
|
|
213
|
-
### ingest_api_tenant: (string)
|
214
|
+
### ingest_api_tenant: (string)
|
214
215
|
|
215
216
|
Indicates which tenant Splunk should use for requests to the ingest API.
|
216
217
|
|
217
|
-
### ingest_api_events_endpoint: (string)
|
218
|
+
### ingest_api_events_endpoint: (string)
|
218
219
|
|
219
220
|
Indicates which endpoint to use for requests to the ingest API.
|
220
221
|
|
221
|
-
### debug_http: (bool)
|
222
|
+
### debug_http: (bool)
|
222
223
|
Set to True if you want to debug requests and responses to ingest API. Default is false.
|
223
224
|
|
224
225
|
### Parameters for both `splunk_hec` and `splunk_ingest_api`
|
225
226
|
|
226
227
|
### index (string) (optional)
|
227
228
|
|
228
|
-
Identifier for the Splunk index to be used for indexing events. If this parameter is not set,
|
229
|
-
the indexer is chosen by HEC.
|
229
|
+
Identifier for the Splunk index to be used for indexing events. If this parameter is not set,
|
230
|
+
the indexer is chosen by HEC. Cannot set both `index` and `index_key` parameters at the same time.
|
230
231
|
|
231
232
|
### index_key (string) (optional)
|
232
233
|
|
233
|
-
The field name that contains the Splunk index name.
|
234
|
-
not work if the `index` parameter is not set.
|
234
|
+
The field name that contains the Splunk index name. Cannot set both `index` and `index_key` parameters at the same time.
|
235
235
|
|
236
236
|
### host (string) (optional)
|
237
237
|
|
238
|
-
The host location for events.
|
238
|
+
The host location for events. Cannot set both `host` and `host_key` parameters at the same time.
|
239
239
|
If the parameter is not set, the default value is the hostname of the machine runnning fluentd.
|
240
240
|
|
241
241
|
### host_key (string) (optional)
|
242
242
|
|
243
|
-
Key for the host location.
|
244
|
-
parameter is not set, this parameter is ignored.
|
243
|
+
Key for the host location. Cannot set both `host` and `host_key` parameters at the same time.
|
245
244
|
|
246
245
|
### source (string) (optional)
|
247
246
|
|
248
|
-
The source field for events. If this parameter is not set, the source will be decided by HEC.
|
249
|
-
|
247
|
+
The source field for events. If this parameter is not set, the source will be decided by HEC.
|
248
|
+
Cannot set both `source` and `source_key` parameters at the same time.
|
250
249
|
|
251
250
|
### source_key (string) (optional)
|
252
251
|
|
253
|
-
Field name to contain source.
|
252
|
+
Field name to contain source. Cannot set both `source` and `source_key` parameters at the same time.
|
254
253
|
|
255
254
|
### sourcetype (string) (optional)
|
256
255
|
|
257
|
-
The sourcetype field for events. When not set, the sourcetype is decided by HEC.
|
258
|
-
|
256
|
+
The sourcetype field for events. When not set, the sourcetype is decided by HEC.
|
257
|
+
Cannot set both `source` and `source_key` parameters at the same time.
|
259
258
|
|
260
259
|
### sourcetype_key (string) (optional)
|
261
260
|
|
262
|
-
Field name that contains the sourcetype.
|
261
|
+
Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
|
262
|
+
|
263
|
+
### time_key (string) (optional)
|
264
|
+
|
265
|
+
Field name to contain Splunk event time. By default will use fluentd\'d time.
|
263
266
|
|
264
267
|
### fields (init) (optional)
|
265
268
|
|
@@ -274,6 +277,14 @@ When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `
|
|
274
277
|
|
275
278
|
Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
|
276
279
|
|
280
|
+
### app_name (string) (Optional)
|
281
|
+
|
282
|
+
Splunk app name using this plugin (default to `hec_plugin_gem`)
|
283
|
+
|
284
|
+
### app_version (string) (Optional)
|
285
|
+
|
286
|
+
The version of Splunk app using this this plugin (default to plugin version)
|
287
|
+
|
277
288
|
#### When `data_type` is `event`
|
278
289
|
|
279
290
|
In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
|
@@ -286,7 +297,7 @@ In this case, parameters inside `<fields>` are used as indexed fields and remove
|
|
286
297
|
<fields>
|
287
298
|
file
|
288
299
|
level
|
289
|
-
app
|
300
|
+
app application
|
290
301
|
</fields>
|
291
302
|
</match>
|
292
303
|
```
|
@@ -320,7 +331,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
|
|
320
331
|
|
321
332
|
#### When `data_type` is `metric`
|
322
333
|
|
323
|
-
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
334
|
+
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
324
335
|
|
325
336
|
```
|
326
337
|
<match **>
|
@@ -333,7 +344,7 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
|
|
333
344
|
<fields>
|
334
345
|
file
|
335
346
|
level
|
336
|
-
app
|
347
|
+
app application
|
337
348
|
</fields>
|
338
349
|
</match>
|
339
350
|
```
|
@@ -371,7 +382,7 @@ Multiple `<format>` sections can be defined to use different formatters for diff
|
|
371
382
|
</format>
|
372
383
|
```
|
373
384
|
|
374
|
-
This example:
|
385
|
+
This example:
|
375
386
|
- Formats events with tags that start with `sometag.` with the `single_value` formatter
|
376
387
|
- Formats events with tags `some.othertag` with the `csv` formatter
|
377
388
|
- Formats all other events with the `json` formatter (the default formatter)
|
@@ -388,31 +399,15 @@ The following parameters can be used for tuning HTTP connections:
|
|
388
399
|
|
389
400
|
#### idle_timeout (integer)
|
390
401
|
|
391
|
-
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
402
|
+
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
392
403
|
|
393
404
|
#### read_timeout (integer)
|
394
|
-
The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout.
|
405
|
+
The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout.
|
395
406
|
|
396
407
|
#### open_timeout (integer)
|
397
408
|
|
398
409
|
The amount of time to wait for a connection to be opened. The default is `nil`, which means no timeout.
|
399
410
|
|
400
|
-
### Net::HTTP::Persistent parameters (optional)
|
401
|
-
|
402
|
-
The following parameters can be used for tuning HTTP connections
|
403
|
-
|
404
|
-
#### idle_timeout (integer)
|
405
|
-
|
406
|
-
The default is 5 seconds. If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection; nil means no timeout.
|
407
|
-
|
408
|
-
#### read_timeout (integer)
|
409
|
-
|
410
|
-
The default is nil. The amount of time allowed between reading two chunks from the socket.
|
411
|
-
|
412
|
-
#### open_timeout (integer)
|
413
|
-
|
414
|
-
The default is nil. The amount of time to wait for a connection to be opened.
|
415
|
-
|
416
411
|
### SSL parameters
|
417
412
|
|
418
413
|
The following optional parameters let you configure SSL for HTTPS protocol.
|
@@ -439,7 +434,15 @@ List of SSl ciphers allowed.
|
|
439
434
|
|
440
435
|
#### insecure_ssl (bool)
|
441
436
|
|
442
|
-
Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default.
|
437
|
+
Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
|
438
|
+
|
439
|
+
#### require_ssl_min_version (bool)
|
440
|
+
|
441
|
+
When set to true, TLS version 1.1 and above is required.
|
442
|
+
|
443
|
+
#### consume_chunk_on_4xx_errors (bool)
|
444
|
+
|
445
|
+
Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
|
443
446
|
|
444
447
|
## About Buffer
|
445
448
|
|
@@ -454,4 +457,4 @@ Here are some hints:
|
|
454
457
|
|
455
458
|
## License
|
456
459
|
|
457
|
-
Please see [LICENSE](LICENSE).
|
460
|
+
Please see [LICENSE](LICENSE).
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.5
|
@@ -33,15 +33,14 @@ Gem::Specification.new do |spec|
|
|
33
33
|
|
34
34
|
spec.required_ruby_version = '>= 2.3.0'
|
35
35
|
|
36
|
-
spec.add_runtime_dependency '
|
37
|
-
spec.add_runtime_dependency 'fluentd', '= 1.4'
|
36
|
+
spec.add_runtime_dependency 'fluentd', '>= 1.4'
|
38
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
39
|
-
spec.add_runtime_dependency 'net-http-persistent', '~> 3.
|
40
|
-
spec.add_runtime_dependency 'openid_connect', '~> 1.1.
|
41
|
-
spec.add_runtime_dependency 'prometheus-client', '
|
38
|
+
spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
|
39
|
+
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
40
|
+
spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
|
42
41
|
|
43
42
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
44
|
-
spec.add_development_dependency 'rake', '
|
43
|
+
spec.add_development_dependency 'rake', '>= 12.0'
|
45
44
|
# required by fluent/test.rb
|
46
45
|
spec.add_development_dependency 'minitest', '~> 5.0'
|
47
46
|
spec.add_development_dependency 'rubocop', '~> 0.63.1'
|
@@ -13,7 +13,7 @@ module Fluent::Plugin
|
|
13
13
|
autoload :VERSION, 'fluent/plugin/out_splunk/version'
|
14
14
|
autoload :MatchFormatter, 'fluent/plugin/out_splunk/match_formatter'
|
15
15
|
|
16
|
-
KEY_FIELDS = %w[index host source sourcetype metric_name metric_value].freeze
|
16
|
+
KEY_FIELDS = %w[index host source sourcetype metric_name metric_value time].freeze
|
17
17
|
TAG_PLACEHOLDER = '${tag}'
|
18
18
|
|
19
19
|
desc 'The host field for events, by default it uses the hostname of the machine that runnning fluentd. This is exclusive with `host_key`.'
|
@@ -51,6 +51,9 @@ module Fluent::Plugin
|
|
51
51
|
# this is blank on purpose
|
52
52
|
end
|
53
53
|
|
54
|
+
desc 'Indicates if 4xx errors should consume chunk'
|
55
|
+
config_param :consume_chunk_on_4xx_errors, :bool, :default => true
|
56
|
+
|
54
57
|
config_section :format do
|
55
58
|
config_set_default :usage, '**'
|
56
59
|
config_set_default :@type, 'json'
|
@@ -152,11 +155,12 @@ module Fluent::Plugin
|
|
152
155
|
|
153
156
|
@metrics[:status_counter].increment(metric_labels(status: response.code.to_s))
|
154
157
|
|
158
|
+
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
159
|
+
|
155
160
|
# raise Exception to utilize Fluentd output plugin retry mechanism
|
156
|
-
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if
|
161
|
+
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
|
157
162
|
|
158
|
-
# For both success response (2xx)
|
159
|
-
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
163
|
+
# For both success response (2xx) we will consume the chunk.
|
160
164
|
unless response.code.to_s.start_with?('2')
|
161
165
|
log.error "#{self.class}: Failed POST to #{@api}, response: #{response.body}"
|
162
166
|
log.error { "#{self.class}: Failed request body: #{post.body}" }
|
@@ -1,5 +1,6 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
|
2
|
+
$LOAD_PATH.unshift(File.expand_path('..', __dir__))
|
3
|
+
require 'fluent/env'
|
3
4
|
require 'fluent/output'
|
4
5
|
require 'fluent/plugin/output'
|
5
6
|
require 'fluent/plugin/formatter'
|
@@ -62,6 +63,9 @@ module Fluent::Plugin
|
|
62
63
|
desc 'List of SSL ciphers allowed.'
|
63
64
|
config_param :ssl_ciphers, :array, default: nil
|
64
65
|
|
66
|
+
desc 'When set to true, TLS version 1.1 and above is required.'
|
67
|
+
config_param :require_ssl_min_version, :bool, default: true
|
68
|
+
|
65
69
|
desc 'Indicates if insecure SSL connection is allowed.'
|
66
70
|
config_param :insecure_ssl, :bool, default: false
|
67
71
|
|
@@ -71,9 +75,6 @@ module Fluent::Plugin
|
|
71
75
|
desc 'The Splunk index to index events. When not set, will be decided by HEC. This is exclusive with `index_key`'
|
72
76
|
config_param :index, :string, default: nil
|
73
77
|
|
74
|
-
desc 'Field name to contain Splunk event time. By default will use fluentd\'d time'
|
75
|
-
config_param :time_key, :string, default: nil
|
76
|
-
|
77
78
|
desc 'Field name to contain Splunk index name. This is exclusive with `index`.'
|
78
79
|
config_param :index_key, :string, default: nil
|
79
80
|
|
@@ -89,11 +90,20 @@ module Fluent::Plugin
|
|
89
90
|
desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
|
90
91
|
config_param :keep_keys, :bool, default: false
|
91
92
|
|
93
|
+
desc 'App name'
|
94
|
+
config_param :app_name, :string, default: "hec_plugin_gem"
|
95
|
+
|
96
|
+
desc 'App version'
|
97
|
+
config_param :app_version, :string, default: "#{VERSION}"
|
98
|
+
|
92
99
|
desc 'Define index-time fields for event data type, or metric dimensions for metric data type. Null value fields will be removed.'
|
93
100
|
config_section :fields, init: false, multi: false, required: false do
|
94
101
|
# this is blank on purpose
|
95
102
|
end
|
96
103
|
|
104
|
+
desc 'Indicates if 4xx errors should consume chunk'
|
105
|
+
config_param :consume_chunk_on_4xx_errors, :bool, :default => true
|
106
|
+
|
97
107
|
config_section :format do
|
98
108
|
config_set_default :usage, '**'
|
99
109
|
config_set_default :@type, 'json'
|
@@ -136,10 +146,15 @@ module Fluent::Plugin
|
|
136
146
|
c.ca_file = @ca_file
|
137
147
|
c.ca_path = @ca_path
|
138
148
|
c.ciphers = @ssl_ciphers
|
149
|
+
c.proxy = :ENV
|
150
|
+
c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
|
139
151
|
|
140
152
|
c.override_headers['Content-Type'] = 'application/json'
|
141
153
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
142
154
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
155
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
156
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
157
|
+
|
143
158
|
end
|
144
159
|
end
|
145
160
|
|
@@ -172,7 +187,7 @@ module Fluent::Plugin
|
|
172
187
|
end
|
173
188
|
|
174
189
|
def format_event(tag, time, record)
|
175
|
-
|
190
|
+
d = {
|
176
191
|
host: @host ? @host.(tag, record) : @default_host,
|
177
192
|
# From the API reference
|
178
193
|
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
@@ -205,7 +220,12 @@ module Fluent::Plugin
|
|
205
220
|
record = formatter.format(tag, time, record)
|
206
221
|
end
|
207
222
|
payload[:event] = convert_to_utf8 record
|
208
|
-
}
|
223
|
+
}
|
224
|
+
if d[:event] == "{}"
|
225
|
+
log.warn { "Event after formatting was blank, not sending" }
|
226
|
+
return ""
|
227
|
+
end
|
228
|
+
MultiJson.dump(d)
|
209
229
|
end
|
210
230
|
|
211
231
|
def format_metric(tag, time, record)
|
@@ -272,13 +292,18 @@ module Fluent::Plugin
|
|
272
292
|
c.ca_file = @ca_file
|
273
293
|
c.ca_path = @ca_path
|
274
294
|
c.ciphers = @ssl_ciphers
|
295
|
+
c.proxy = :ENV
|
275
296
|
c.idle_timeout = @idle_timeout
|
276
297
|
c.read_timeout = @read_timeout
|
277
298
|
c.open_timeout = @open_timeout
|
299
|
+
c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
|
278
300
|
|
279
301
|
c.override_headers['Content-Type'] = 'application/json'
|
280
302
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
281
303
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
304
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
305
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
306
|
+
|
282
307
|
end
|
283
308
|
end
|
284
309
|
|
@@ -292,13 +317,14 @@ module Fluent::Plugin
|
|
292
317
|
response = @conn.request @api, post
|
293
318
|
t2 = Time.now
|
294
319
|
|
295
|
-
|
296
|
-
|
320
|
+
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
321
|
+
|
322
|
+
# raise Exception to utilize Fluentd output plugin retry mechanism
|
323
|
+
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
|
297
324
|
|
298
|
-
# For both success response (2xx)
|
299
|
-
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
325
|
+
# For both success response (2xx) we will consume the chunk.
|
300
326
|
if not response.code.start_with?('2')
|
301
|
-
log.error "Failed POST to #{@
|
327
|
+
log.error "Failed POST to #{@api}, response: #{response.body}"
|
302
328
|
log.debug { "Failed request body: #{post.body}" }
|
303
329
|
end
|
304
330
|
|
@@ -330,7 +356,7 @@ module Fluent::Plugin
|
|
330
356
|
invalid: :replace,
|
331
357
|
undef: :replace,
|
332
358
|
replace: @non_utf8_replacement_string)
|
333
|
-
|
359
|
+
else
|
334
360
|
begin
|
335
361
|
input.encode('utf-8')
|
336
362
|
rescue EncodingError
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
|
2
|
+
$LOAD_PATH.unshift(File.expand_path('..', __dir__))
|
3
3
|
require 'fluent/plugin/out_splunk'
|
4
4
|
require 'openid_connect'
|
5
5
|
require 'rack/oauth2'
|
@@ -16,10 +16,13 @@ module Fluent::Plugin
|
|
16
16
|
config_param :service_client_secret_key, :string, default: nil
|
17
17
|
|
18
18
|
desc 'Token Endpoint'
|
19
|
-
config_param :token_endpoint, :string, default: '/
|
19
|
+
config_param :token_endpoint, :string, default: '/token'
|
20
|
+
|
21
|
+
desc 'Token Auth Hostname'
|
22
|
+
config_param :ingest_auth_host, :string, default: 'auth.scp.splunk.com'
|
20
23
|
|
21
24
|
desc 'Ingest Api Hostname'
|
22
|
-
config_param :ingest_api_host, :string, default: 'api.
|
25
|
+
config_param :ingest_api_host, :string, default: 'api.scp.splunk.com'
|
23
26
|
|
24
27
|
desc 'Ingest API Tenant Name'
|
25
28
|
config_param :ingest_api_tenant, :string
|
@@ -90,7 +93,7 @@ module Fluent::Plugin
|
|
90
93
|
identifier: @service_client_identifier,
|
91
94
|
secret: @service_client_secret_key,
|
92
95
|
redirect_uri: 'http://localhost:8080/', # Not used
|
93
|
-
host: @
|
96
|
+
host: @ingest_auth_host,
|
94
97
|
scheme: 'https'
|
95
98
|
)
|
96
99
|
|
@@ -57,6 +57,9 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
57
57
|
assert_nil(create_hec_output_driver('hec_host hec_token').instance.index_key)
|
58
58
|
expect(create_hec_output_driver('hec_host hec_token').instance.index_key).is_a? String
|
59
59
|
end
|
60
|
+
it 'should consume chunks on 4xx errors' do
|
61
|
+
expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
|
62
|
+
end
|
60
63
|
end
|
61
64
|
|
62
65
|
describe 'hec_host validation' do
|
@@ -100,15 +103,6 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
100
103
|
assert_nil(test_driver.instance.time_key)
|
101
104
|
end
|
102
105
|
|
103
|
-
# it "should contain splunk event time field via fluentd, as nil" do
|
104
|
-
# expect(create_output_driver('hec_host splunk.com').instance.time_key).must_equal nil
|
105
|
-
# end
|
106
|
-
#
|
107
|
-
it "should contain splunk event time field via fluentd, as nil" do
|
108
|
-
test_driver = create_output_driver('hec_host splunk.com')
|
109
|
-
assert_nil(test_driver.instance.time_key)
|
110
|
-
end
|
111
|
-
|
112
106
|
it "should use host machine's hostname for event host by default" do
|
113
107
|
verify_sent_events do |batch|
|
114
108
|
batch.each do |item|
|
@@ -148,6 +142,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
148
142
|
host_key from
|
149
143
|
source_key file
|
150
144
|
sourcetype_key agent.name
|
145
|
+
time_key timestamp
|
151
146
|
CONF
|
152
147
|
batch.each do |item|
|
153
148
|
expect(item['index']).must_equal 'info'
|
@@ -156,7 +151,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
156
151
|
expect(item['sourcetype']).must_equal 'test'
|
157
152
|
|
158
153
|
JSON.load(item['event']).tap do |event|
|
159
|
-
%w[level from file].each { |field| expect(event).wont_include field }
|
154
|
+
%w[level from file timestamp].each { |field| expect(event).wont_include field }
|
160
155
|
expect(event['agent']).wont_include 'name'
|
161
156
|
end
|
162
157
|
end
|
@@ -229,6 +224,24 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
229
224
|
end
|
230
225
|
end
|
231
226
|
|
227
|
+
it 'should not send blank events' do
|
228
|
+
verify_sent_events(<<~CONF) do |batch|
|
229
|
+
<fields>
|
230
|
+
from
|
231
|
+
logLevel level
|
232
|
+
nonexist
|
233
|
+
log
|
234
|
+
file
|
235
|
+
value
|
236
|
+
id
|
237
|
+
agent
|
238
|
+
timestamp
|
239
|
+
</fields>
|
240
|
+
CONF
|
241
|
+
expect(batch.length).must_equal 0
|
242
|
+
end
|
243
|
+
end
|
244
|
+
|
232
245
|
describe 'metric' do
|
233
246
|
it 'should check related configs' do
|
234
247
|
expect(
|
@@ -358,7 +371,8 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
358
371
|
'agent' => {
|
359
372
|
'name' => 'test',
|
360
373
|
'version' => '1.0.0'
|
361
|
-
}
|
374
|
+
},
|
375
|
+
'timestamp' => 'time'
|
362
376
|
}
|
363
377
|
events = [
|
364
378
|
['tag.event1', event_time, { 'id' => '1st' }.merge(Marshal.load(Marshal.dump(event)))],
|
@@ -6,8 +6,8 @@ describe Fluent::Plugin::SplunkIngestApiOutput do
|
|
6
6
|
include Fluent::Test::Helpers
|
7
7
|
include PluginTestHelper
|
8
8
|
|
9
|
-
INGEST_API_ENDPOINT = 'https://api.
|
10
|
-
AUTH_TOKEN_ENDPOINT = 'https://
|
9
|
+
INGEST_API_ENDPOINT = 'https://api.scp.splunk.com/tenant_name/ingest/v1beta2/events'
|
10
|
+
AUTH_TOKEN_ENDPOINT = 'https://auth.scp.splunk.com/token'
|
11
11
|
|
12
12
|
before { Fluent::Test.setup } # setup router and others
|
13
13
|
|
metadata
CHANGED
@@ -1,41 +1,27 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: fluent-plugin-kubernetes_metadata_filter
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - '='
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 2.1.2
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - '='
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: 2.1.2
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: fluentd
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
30
16
|
requirements:
|
31
|
-
- -
|
17
|
+
- - ">="
|
32
18
|
- !ruby/object:Gem::Version
|
33
19
|
version: '1.4'
|
34
20
|
type: :runtime
|
35
21
|
prerelease: false
|
36
22
|
version_requirements: !ruby/object:Gem::Requirement
|
37
23
|
requirements:
|
38
|
-
- -
|
24
|
+
- - ">="
|
39
25
|
- !ruby/object:Gem::Version
|
40
26
|
version: '1.4'
|
41
27
|
- !ruby/object:Gem::Dependency
|
@@ -58,42 +44,42 @@ dependencies:
|
|
58
44
|
requirements:
|
59
45
|
- - "~>"
|
60
46
|
- !ruby/object:Gem::Version
|
61
|
-
version: '3.
|
47
|
+
version: '3.1'
|
62
48
|
type: :runtime
|
63
49
|
prerelease: false
|
64
50
|
version_requirements: !ruby/object:Gem::Requirement
|
65
51
|
requirements:
|
66
52
|
- - "~>"
|
67
53
|
- !ruby/object:Gem::Version
|
68
|
-
version: '3.
|
54
|
+
version: '3.1'
|
69
55
|
- !ruby/object:Gem::Dependency
|
70
56
|
name: openid_connect
|
71
57
|
requirement: !ruby/object:Gem::Requirement
|
72
58
|
requirements:
|
73
59
|
- - "~>"
|
74
60
|
- !ruby/object:Gem::Version
|
75
|
-
version: 1.1.
|
61
|
+
version: 1.1.8
|
76
62
|
type: :runtime
|
77
63
|
prerelease: false
|
78
64
|
version_requirements: !ruby/object:Gem::Requirement
|
79
65
|
requirements:
|
80
66
|
- - "~>"
|
81
67
|
- !ruby/object:Gem::Version
|
82
|
-
version: 1.1.
|
68
|
+
version: 1.1.8
|
83
69
|
- !ruby/object:Gem::Dependency
|
84
70
|
name: prometheus-client
|
85
71
|
requirement: !ruby/object:Gem::Requirement
|
86
72
|
requirements:
|
87
|
-
- - "
|
73
|
+
- - "<"
|
88
74
|
- !ruby/object:Gem::Version
|
89
|
-
version: 0.
|
75
|
+
version: 0.10.0
|
90
76
|
type: :runtime
|
91
77
|
prerelease: false
|
92
78
|
version_requirements: !ruby/object:Gem::Requirement
|
93
79
|
requirements:
|
94
|
-
- - "
|
80
|
+
- - "<"
|
95
81
|
- !ruby/object:Gem::Version
|
96
|
-
version: 0.
|
82
|
+
version: 0.10.0
|
97
83
|
- !ruby/object:Gem::Dependency
|
98
84
|
name: bundler
|
99
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -112,14 +98,14 @@ dependencies:
|
|
112
98
|
name: rake
|
113
99
|
requirement: !ruby/object:Gem::Requirement
|
114
100
|
requirements:
|
115
|
-
- - "
|
101
|
+
- - ">="
|
116
102
|
- !ruby/object:Gem::Version
|
117
103
|
version: '12.0'
|
118
104
|
type: :development
|
119
105
|
prerelease: false
|
120
106
|
version_requirements: !ruby/object:Gem::Requirement
|
121
107
|
requirements:
|
122
|
-
- - "
|
108
|
+
- - ">="
|
123
109
|
- !ruby/object:Gem::Version
|
124
110
|
version: '12.0'
|
125
111
|
- !ruby/object:Gem::Dependency
|
@@ -229,7 +215,7 @@ homepage: https://github.com/splunk/fluent-plugin-splunk-hec
|
|
229
215
|
licenses:
|
230
216
|
- Apache-2.0
|
231
217
|
metadata: {}
|
232
|
-
post_install_message:
|
218
|
+
post_install_message:
|
233
219
|
rdoc_options: []
|
234
220
|
require_paths:
|
235
221
|
- lib
|
@@ -245,17 +231,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
245
231
|
version: '0'
|
246
232
|
requirements: []
|
247
233
|
rubygems_version: 3.0.6
|
248
|
-
signing_key:
|
234
|
+
signing_key:
|
249
235
|
specification_version: 4
|
250
236
|
summary: Fluentd plugin for Splunk HEC.
|
251
237
|
test_files:
|
238
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|
239
|
+
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
240
|
+
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
241
|
+
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
252
242
|
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
253
243
|
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
254
|
-
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
255
244
|
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
256
|
-
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
257
245
|
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
258
246
|
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
259
|
-
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
260
|
-
- test/fluent/plugin/out_splunk_hec_test.rb
|
261
247
|
- test/test_helper.rb
|