fluent-plugin-splunk-hec 1.2.1 → 1.2.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b08af552b4a06c613aadbfac297ccb4bae1dbdc4814ecc930beb4a81d1a58e5f
-  data.tar.gz: db100e47a1d540241ddc807e949d4bebbb0a159a56149aa77317710c0df32b4b
+  metadata.gz: 010d7729182f03560365cd5fd4d17eb4dbcb9ce487b41235611e61e88cbd6110
+  data.tar.gz: 2c27aac20a1301d9c94386642ca1005e1d359e1629ea63f203cc193ed02622f8
 SHA512:
-  metadata.gz: 31be2f7ad272c86436d9d2efd32c6c18b81d99cb1798917dcc0544a75b4aea4c81b5798478408ba7ef6b0ae3fbd14afb1905937260044252221f35ba14931f8d
-  data.tar.gz: f5a4617e8822cd0fca9a7ad88be301fba6a1c661eaa43ad107db8fbb5d660787f30a0a747e637e1ad697ff17cf8351acf1df4ac50a10213fd32b4392786d74e0
+  metadata.gz: e2771aa9aa10244e3de558466c8b3e8a0a08d6ab2b4e052ac38da8eabab86c788c491c7de4825a3077be4c036e576d6adbd0513602ef5e4d7bb5ccd77e9ff540
+  data.tar.gz: c0024af0008b91f4cfa93c7fd9e70a0da0ff2346d21c228a9a2d5775a47f4f16aa63f47e63b4d75965b046e6b989a255538beb775d771b50018c8e1c931dc1aa

data/Gemfile.lock

@@ -1,11 +1,8 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-splunk-hec (1.2.1)
-      activesupport (~> 5.2)
-      fluent-plugin-kubernetes_metadata_filter (~> 2.4.2)
+    fluent-plugin-splunk-hec (1.2.6)
       fluentd (>= 1.4)
-      http_parser.rb (= 0.5.3)
       multi_json (~> 1.13)
       net-http-persistent (~> 3.1)
       openid_connect (~> 1.1.8)
@@ -14,84 +11,56 @@ PATH
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.2.4.1)
-      activesupport (= 5.2.4.1)
-    activesupport (5.2.4.1)
+    activemodel (6.1.3.2)
+      activesupport (= 6.1.3.2)
+    activesupport (6.1.3.2)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
     addressable (2.7.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aes_key_wrap (1.0.1)
-    ast (2.4.0)
+    aes_key_wrap (1.1.0)
+    ast (2.4.2)
     attr_required (1.0.1)
-    bindata (2.4.4)
-    concurrent-ruby (1.1.6)
-    connection_pool (2.2.2)
-    cool.io (1.6.0)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    docile (1.3.2)
-    domain_name (0.5.20190701)
-      unf (>= 0.0.5, < 1.0.0)
-    ffi (1.12.2)
-    ffi-compiler (1.0.1)
-      ffi (>= 1.0.0)
-      rake
-    fluent-plugin-kubernetes_metadata_filter (2.4.2)
-      fluentd (>= 0.14.0, < 2)
-      kubeclient (< 5)
-      lru_redux
-    fluentd (1.9.2)
+    bindata (2.4.10)
+    concurrent-ruby (1.1.9)
+    connection_pool (2.2.5)
+    cool.io (1.7.1)
+    crack (0.4.5)
+      rexml
+    docile (1.3.5)
+    fluentd (1.13.0)
+      bundler
       cool.io (>= 1.4.5, < 2.0.0)
       http_parser.rb (>= 0.5.1, < 0.7.0)
       msgpack (>= 1.3.1, < 2.0.0)
-      serverengine (>= 2.0.4, < 3.0.0)
+      serverengine (>= 2.2.2, < 3.0.0)
       sigdump (~> 0.2.2)
       strptime (>= 0.2.2, < 1.0.0)
       tzinfo (>= 1.0, < 3.0)
       tzinfo-data (~> 1.0)
+      webrick (>= 1.4.2, < 1.8.0)
       yajl-ruby (~> 1.0)
-    hashdiff (1.0.0)
-    http (4.3.0)
-      addressable (~> 2.3)
-      http-cookie (~> 1.0)
-      http-form_data (~> 2.2)
-      http-parser (~> 1.2.0)
-    http-accept (1.7.0)
-    http-cookie (1.0.3)
-      domain_name (~> 0.5)
-    http-form_data (2.2.0)
-    http-parser (1.2.1)
-      ffi-compiler (>= 1.0, < 2.0)
-    http_parser.rb (0.5.3)
+    hashdiff (1.0.1)
+    http_parser.rb (0.6.0)
     httpclient (2.8.3)
-    i18n (1.8.2)
+    i18n (1.8.10)
       concurrent-ruby (~> 1.0)
     jaro_winkler (1.5.4)
-    json (2.3.0)
-    json-jwt (1.11.0)
+    json-jwt (1.13.0)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
-    kubeclient (4.6.0)
-      http (>= 3.0, < 5.0)
-      recursive-open-struct (~> 1.0, >= 1.0.4)
-      rest-client (~> 2.0)
-    lru_redux (1.1.0)
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    mime-types (3.3.1)
-      mime-types-data (~> 3.2015)
-    mime-types-data (3.2019.1009)
-    mini_mime (1.0.2)
-    minitest (5.14.0)
-    msgpack (1.3.3)
-    multi_json (1.14.1)
+    mini_mime (1.1.0)
+    minitest (5.14.4)
+    msgpack (1.4.2)
+    multi_json (1.15.0)
     net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
-    netrc (0.11.0)
     openid_connect (1.1.8)
       activemodel
       attr_required (>= 1.0.0)
@@ -102,30 +71,25 @@ GEM
       validate_email
       validate_url
       webfinger (>= 1.0.1)
-    parallel (1.19.1)
-    parser (2.7.0.2)
-      ast (~> 2.4.0)
-    power_assert (1.1.5)
-    powerpack (0.1.2)
+    parallel (1.20.1)
+    parser (3.0.0.0)
+      ast (~> 2.4.1)
+    power_assert (2.0.0)
+    powerpack (0.1.3)
     prometheus-client (0.9.0)
       quantile (~> 0.2.1)
-    public_suffix (4.0.3)
+    public_suffix (4.0.6)
     quantile (0.2.1)
-    rack (2.2.2)
-    rack-oauth2 (1.10.1)
+    rack (2.2.3)
+    rack-oauth2 (1.17.0)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
-      rack
+      rack (>= 2.1.0)
     rainbow (3.0.0)
-    rake (12.3.3)
-    recursive-open-struct (1.1.0)
-    rest-client (2.1.0)
-      http-accept (>= 1.7.0, < 2.0)
-      http-cookie (>= 1.0.2, < 2.0)
-      mime-types (>= 1.16, < 4.0)
-      netrc (~> 0.8)
+    rake (13.0.3)
+    rexml (3.2.4)
     rubocop (0.63.1)
       jaro_winkler (~> 1.5.1)
       parallel (~> 1.10)
@@ -134,36 +98,32 @@ GEM
       rainbow (>= 2.2.2, < 4.0)
       ruby-progressbar (~> 1.7)
       unicode-display_width (~> 1.4.0)
-    ruby-progressbar (1.10.1)
-    safe_yaml (1.0.5)
-    serverengine (2.2.1)
+    ruby-progressbar (1.11.0)
+    serverengine (2.2.4)
       sigdump (~> 0.2.2)
     sigdump (0.2.4)
-    simplecov (0.16.1)
+    simplecov (0.21.2)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    strptime (0.2.3)
-    swd (1.1.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.2)
+    strptime (0.2.5)
+    swd (1.2.0)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
-    test-unit (3.3.5)
+    test-unit (3.4.0)
       power_assert
-    thread_safe (0.3.6)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.3)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    tzinfo-data (1.2021.1)
       tzinfo (>= 1.0.0)
-    unf (0.1.4)
-      unf_ext
-    unf_ext (0.0.7.6)
     unicode-display_width (1.4.1)
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
-    validate_url (1.0.8)
+    validate_url (1.0.13)
       activemodel (>= 3.0.0)
       public_suffix
     webfinger (1.1.0)
@@ -173,7 +133,9 @@ GEM
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
+    webrick (1.7.0)
     yajl-ruby (1.4.1)
+    zeitwerk (2.4.2)
 
 PLATFORMS
   ruby
@@ -182,11 +144,11 @@ DEPENDENCIES
   bundler (~> 2.0)
   fluent-plugin-splunk-hec!
   minitest (~> 5.0)
-  rake (~> 12.0)
+  rake (>= 12.0)
   rubocop (~> 0.63.1)
   simplecov
   test-unit (~> 3.0)
   webmock (~> 3.5.0)
 
 BUNDLED WITH
-   2.1.4
+   2.2.21

data/LICENSE

@@ -214,21 +214,89 @@ Apache License 2.0
 The following components are provided under the Apache License 2.0. See project link for details.
 
     (Apache License 2.0) fluentd (https://github.com/fluent/fluentd/blob/master/LICENSE)
+    (Apache License 2.0) ffi-compiler (https://github.com/ffi/ffi-compiler/blob/master/LICENSE)
+    (Apache License 2.0) msgpack (https://github.com/msgpack/msgpack-ruby/blob/master/LICENSE)
+    (Apache License 2.0) prometheus-client (https://github.com/prometheus/client_ruby/blob/master/LICENSE)
+    (Apache License 2.0) quantile (https://github.com/matttproud/ruby_quantile_estimation/blob/master/LICENSE)
+    (Apache License 2.0) serverengine (https://github.com/treasure-data/serverengine/blob/master/LICENSE)
+    (Apache License 2.0) addressable (https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt)
+    (Apache License 2.0) fluent-plugin-kubernetes_metadata_filter (https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/LICENSE.txt)
+    (Apache License 2.0) thread_safe (https://github.com/ruby-concurrency/thread_safe/blob/master/LICENSE)
 
 ========================================================================
 MIT licenses
 ========================================================================
 The following components are provided under the MIT License. See project link for details.
 
-    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
-    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent/blob/master/README.rdoc#license)
+    (MIT License) activemodel (https://github.com/rails/rails/blob/v6.0.2.1/activemodel/MIT-LICENSE)
+    (MIT License) activesupport (https://github.com/rails/rails/blob/v6.0.2.1/activesupport/MIT-LICENSE)
+    (MIT License) aes_key_wrap (https://github.com/tomdalling/aes_key_wrap/blob/master/LICENSE.txt)
+    (MIT License) ast (https://github.com/whitequark/ast/blob/master/LICENSE.MIT)
+    (MIT License) attr_required (https://github.com/nov/attr_required/blob/master/LICENSE)
     (MIT License) bundler (https://github.com/bundler/bundler/blob/master/LICENSE.md)
+    (MIT License) concurrent-ruby (https://github.com/ruby-concurrency/concurrent-ruby/blob/master/LICENSE.md)
+    (MIT License) connection_pool (https://github.com/mperham/connection_pool/blob/master/LICENSE)
+    (MIT License) cool.io (https://github.com/tarcieri/cool.io/blob/master/LICENSE)
+    (MIT License) crack (https://github.com/jnunemaker/crack/blob/master/LICENSE)
+    (MIT License) docile (https://github.com/ms-ati/docile/blob/master/LICENSE)
+    (MIT License) hashdiff (https://github.com/liufengyun/hashdiff/blob/master/LICENSE)
+    (MIT License) http (https://github.com/httprb/http/blob/master/LICENSE.txt)
+    (MIT License) http_parser.rb (https://github.com/tmm1/http_parser.rb/blob/master/LICENSE-MIT)
+    (MIT License) http-accept (https://github.com/socketry/http-accept#license)
+    (MIT License) http-cookie (https://github.com/sparklemotion/http-cookie/blob/master/LICENSE.txt)
+    (MIT License) http-form_data (https://github.com/httprb/form_data/blob/master/LICENSE.txt)
+    (MIT License) http-parser (https://github.com/cotag/http-parser/blob/master/LICENSE)
+    (MIT License) i18n (https://github.com/ruby-i18n/i18n/blob/master/MIT-LICENSE)
+    (MIT License) jaro_winkler (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) json-jwt (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
+    (MIT License) kubeclient (https://github.com/abonas/kubeclient/blob/master/LICENSE.txt)
+    (MIT License) lru_redux (https://github.com/SamSaffron/lru_redux/blob/master/LICENSE.txt)
+    (MIT License) mail (https://github.com/mikel/mail/blob/master/MIT-LICENSE)
+    (MIT License) mime-types (https://github.com/mime-types/ruby-mime-types/blob/master/Licence.md)
+    (MIT License) mime-types-data (https://github.com/mime-types/mime-types-data/blob/master/Licence.md)
+    (MIT License) mini_mime (https://github.com/discourse/mini_mime/blob/master/LICENSE.txt)
+    (MIT License) minitest (https://github.com/seattlerb/minitest)
+    (MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
+    (MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent)
+    (MIT License) netrc (https://github.com/heroku/netrc/blob/master/LICENSE.md)
+    (MIT License) openid_connect (https://github.com/nov/openid_connect/blob/master/LICENSE)
+    (MIT License) parallel (https://github.com/grosser/parallel/blob/master/MIT-LICENSE.txt)
+    (MIT License) parser (https://github.com/whitequark/parser/blob/master/LICENSE.txt)
+    (MIT License) powerpack (https://github.com/bbatsov/powerpack/blob/master/LICENSE.txt)
+    (MIT License) public_suffix (https://github.com/weppos/publicsuffix-ruby/blob/master/LICENSE.txt)
+    (MIT License) rack (https://github.com/rack/rack/blob/master/MIT-LICENSE)
+    (MIT License) rack-oauth2 (https://github.com/nov/rack-oauth2/blob/master/LICENSE)
+    (MIT License) rainbow (https://github.com/sickill/rainbow/blob/master/LICENSE)
     (MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
+    (MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
+    (MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
+    (MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
+    (MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
+    (MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
+    (MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)
+    (MIT License) simplecov (https://github.com/colszowka/simplecov/blob/master/LICENSE)
+    (MIT License) simplecov-html (https://github.com/colszowka/simplecov-html/blob/master/LICENSE)
+    (MIT License) swd (https://github.com/nov/SWD/blob/master/LICENSE)
+    (MIT License) tzinfo (https://github.com/tzinfo/tzinfo/blob/master/LICENSE)
+    (MIT License) tzinfo-data (https://github.com/tzinfo/tzinfo-data/blob/master/LICENSE)
+    (MIT License) unf_ext (https://github.com/knu/ruby-unf_ext/blob/master/LICENSE.txt)
+    (MIT License) unicode-display_width (https://github.com/janlelis/unicode-display_width/blob/master/MIT-LICENSE.txt)
+    (MIT License) validate_email (https://github.com/perfectline/validates_email/blob/master/MIT-LICENSE)
+    (MIT License) validate_url (https://github.com/perfectline/validates_url/blob/master/LICENSE.md)
+    (MIT License) webfinger (https://github.com/nov/webfinger/blob/master/LICENSE.txt)
     (MIT License) webmock (https://github.com/bblimke/webmock/blob/master/LICENSE)
-    (MIT License) minitest (https://github.com/seattlerb/minitest/blob/master/README.rdoc#license)
+    (MIT License) yajl-ruby (https://github.com/brianmario/yajl-ruby/blob/master/LICENSE)
 
 ========================================================================
-For test-unit:
+For the rest:
 ========================================================================
 
-See https://github.com/test-unit/test-unit/blob/master/COPYING
+     bindata (https://github.com/dmendel/bindata/blob/master/COPYING)
+     httpclient (https://github.com/nahi/httpclient/#license)
+     json (https://www.ruby-lang.org/en/about/license.txt)
+     test-unit (https://github.com/test-unit/test-unit)
+     unf (https://github.com/knu/ruby-unf/blob/master/LICENSE)
+     power_assert (https://github.com/k-tsj/power_assert/blob/master/BSDL)
+     strptime (https://github.com/nurse/strptime/blob/master/LICENSE.txt)
+     domain_name (https://github.com/knu/ruby-domain_name/blob/master/LICENSE.txt)
+     ffi (https://github.com/ffi/ffi/blob/master/LICENSE)

data/README.md

@@ -260,6 +260,10 @@ Cannot set both `source` and `source_key` parameters at the same time.
 
 Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
 
+### time_key (string) (optional)
+
+Field name to contain Splunk event time. By default will use fluentd\'d time.
+
 ### fields (init) (optional)
 
 Lets you specify the index-time fields for the event data type, or metric dimensions for the metric data type. Null value fields are removed.
@@ -273,6 +277,14 @@ When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `
 
 Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
 
+### app_name (string) (Optional)
+
+Splunk app name using this plugin (default to `hec_plugin_gem`)
+
+### app_version (string) (Optional)
+
+The version of Splunk app using this this plugin (default to plugin version)
+
 #### When `data_type` is `event`
 
 In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
@@ -285,7 +297,7 @@ In this case, parameters inside `<fields>` are used as indexed fields and remove
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -332,7 +344,7 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -424,6 +436,14 @@ List of SSl ciphers allowed.
 
 Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
 
+#### require_ssl_min_version (bool)
+
+When set to true, TLS version 1.1 and above is required.
+
+#### consume_chunk_on_4xx_errors (bool)
+
+Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
+
 ## About Buffer
 
 This plugin sends events to HEC using [batch mode](https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/FormateventsforHTTPEventCollector#Event_data).

data/VERSION

@@ -1 +1 @@
-1.2.1
+1.2.6

data/fluent-plugin-splunk-hec.gemspec

@@ -33,17 +33,14 @@ Gem::Specification.new do |spec|
 
   spec.required_ruby_version = '>= 2.3.0'
 
-  spec.add_runtime_dependency 'fluent-plugin-kubernetes_metadata_filter', '~> 2.4.2'
   spec.add_runtime_dependency 'fluentd', '>= 1.4'
   spec.add_runtime_dependency 'multi_json', '~> 1.13'
   spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
   spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
   spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
-  spec.add_runtime_dependency 'activesupport', '~> 5.2'
-  spec.add_runtime_dependency 'http_parser.rb', '= 0.5.3'
 
   spec.add_development_dependency 'bundler', '~> 2.0'
-  spec.add_development_dependency 'rake', '~> 12.0'
+  spec.add_development_dependency 'rake', '>= 12.0'
   # required by fluent/test.rb
   spec.add_development_dependency 'minitest', '~> 5.0'
   spec.add_development_dependency 'rubocop', '~> 0.63.1'

data/lib/fluent/plugin/out_splunk.rb

@@ -13,7 +13,7 @@ module Fluent::Plugin
     autoload :VERSION, 'fluent/plugin/out_splunk/version'
     autoload :MatchFormatter, 'fluent/plugin/out_splunk/match_formatter'
 
-    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value].freeze
+    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value time].freeze
     TAG_PLACEHOLDER = '${tag}'
 
     desc 'The host field for events, by default it uses the hostname of the machine that runnning fluentd. This is exclusive with `host_key`.'
@@ -51,6 +51,9 @@ module Fluent::Plugin
       # this is blank on purpose
     end
 
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -152,11 +155,12 @@ module Fluent::Plugin
 
       @metrics[:status_counter].increment(metric_labels(status: response.code.to_s))
 
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
+
       # raise Exception to utilize Fluentd output plugin retry mechanism
-      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if response.code.to_s.start_with?('5')
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       unless response.code.to_s.start_with?('2')
         log.error "#{self.class}: Failed POST to #{@api}, response: #{response.body}"
         log.error { "#{self.class}: Failed request body: #{post.body}" }
@@ -205,7 +209,7 @@ module Fluent::Plugin
       # This loop looks dump, but it is used to suppress the unused parameter configuration warning
       # Learned from `filter_record_transformer`.
       conf.elements.select { |element| element.name == 'fields' }.each do |element|
-        element.each_pair { |k, _v| element.key?(k) }
+        element.each_pair { |k, _v| element.has_key?(k) }
       end
 
       return unless @fields

data/lib/fluent/plugin/out_splunk_hec.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-
+$LOAD_PATH.unshift(File.expand_path('..', __dir__))
 require 'fluent/env'
 require 'fluent/output'
 require 'fluent/plugin/output'
@@ -63,6 +63,9 @@ module Fluent::Plugin
     desc 'List of SSL ciphers allowed.'
     config_param :ssl_ciphers, :array, default: nil
 
+    desc 'When set to true, TLS version 1.1 and above is required.'
+    config_param :require_ssl_min_version, :bool, default: true
+
     desc 'Indicates if insecure SSL connection is allowed.'
     config_param :insecure_ssl, :bool, default: false
 
@@ -72,9 +75,6 @@ module Fluent::Plugin
     desc 'The Splunk index to index events. When not set, will be decided by HEC. This is exclusive with `index_key`'
     config_param :index, :string, default: nil
 
-    desc 'Field name to contain Splunk event time. By default will use fluentd\'d time'
-    config_param :time_key, :string, default: nil
-
     desc 'Field name to contain Splunk index name. This is exclusive with `index`.'
     config_param :index_key, :string, default: nil
 
@@ -90,11 +90,20 @@ module Fluent::Plugin
     desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
     config_param :keep_keys, :bool, default: false
 
+    desc 'App name'
+    config_param :app_name, :string, default: "hec_plugin_gem"
+
+    desc 'App version'
+    config_param :app_version, :string, default: "#{VERSION}"
+
     desc 'Define index-time fields for event data type, or metric dimensions for metric data type. Null value fields will be removed.'
     config_section :fields, init: false, multi: false, required: false do
       # this is blank on purpose
     end
 
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -137,10 +146,15 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
         c.override_headers['Authorization'] = "Splunk #{@hec_token}"
+        c.override_headers['__splunk_app_name'] = "#{@app_name}"
+        c.override_headers['__splunk_app_version'] = "#{@app_version}"
+
       end
     end
 
@@ -173,7 +187,7 @@ module Fluent::Plugin
     end
 
     def format_event(tag, time, record)
-      MultiJson.dump({
+      d = {
         host: @host ? @host.(tag, record) : @default_host,
         # From the API reference
         # http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
@@ -206,7 +220,12 @@ module Fluent::Plugin
             record = formatter.format(tag, time, record)
           end
           payload[:event] = convert_to_utf8 record
-      })
+      }
+      if d[:event] == "{}"
+        log.warn { "Event after formatting was blank, not sending" }
+        return ""
+      end
+      MultiJson.dump(d)
     end
 
     def format_metric(tag, time, record)
@@ -218,7 +237,7 @@ module Fluent::Plugin
         # That's why we use `to_s` here.
         time: time.to_f.to_s,
         event: 'metric'
-      }.tap do |payload| 
+      }.tap do |payload|
         if @time
           time_value = @time.(tag, record)
           # if no value is found don't override and use fluentd's time
@@ -273,13 +292,18 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
         c.idle_timeout = @idle_timeout
         c.read_timeout = @read_timeout
         c.open_timeout = @open_timeout
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
         c.override_headers['Authorization'] = "Splunk #{@hec_token}"
+        c.override_headers['__splunk_app_name'] = "#{@app_name}"
+        c.override_headers['__splunk_app_version'] = "#{@app_version}"
+
       end
     end
 
@@ -293,13 +317,14 @@ module Fluent::Plugin
       response = @conn.request @api, post
       t2 = Time.now
 
-      # raise Exception to utilize Fluentd output plugin retry machanism
-      raise "Server error (#{response.code}) for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
+
+      # raise Exception to utilize Fluentd output plugin retry mechanism
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       if not response.code.start_with?('2')
-        log.error "Failed POST to #{@hec_api}, response: #{response.body}"
+        log.error "Failed POST to #{@api}, response: #{response.body}"
         log.debug { "Failed request body: #{post.body}" }
       end
 
@@ -331,7 +356,7 @@ module Fluent::Plugin
           invalid: :replace,
           undef: :replace,
           replace: @non_utf8_replacement_string)
-            else
+      else
         begin
           input.encode('utf-8')
         rescue EncodingError

data/lib/fluent/plugin/out_splunk_ingest_api.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
-
+$LOAD_PATH.unshift(File.expand_path('..', __dir__))
 require 'fluent/plugin/out_splunk'
 require 'openid_connect'
 require 'rack/oauth2'

data/test/fluent/plugin/out_splunk_hec_test.rb

@@ -57,6 +57,9 @@ describe Fluent::Plugin::SplunkHecOutput do
       assert_nil(create_hec_output_driver('hec_host hec_token').instance.index_key)
       expect(create_hec_output_driver('hec_host hec_token').instance.index_key).is_a? String
     end
+    it 'should consume chunks on 4xx errors' do
+      expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
+    end
   end
 
   describe 'hec_host validation' do
@@ -139,6 +142,7 @@ describe Fluent::Plugin::SplunkHecOutput do
       host_key       from
       source_key     file
       sourcetype_key agent.name
+      time_key       timestamp
     CONF
       batch.each do |item|
         expect(item['index']).must_equal 'info'
@@ -147,7 +151,7 @@ describe Fluent::Plugin::SplunkHecOutput do
         expect(item['sourcetype']).must_equal 'test'
 
         JSON.load(item['event']).tap do |event|
-          %w[level from file].each { |field| expect(event).wont_include field }
+          %w[level from file timestamp].each { |field| expect(event).wont_include field }
           expect(event['agent']).wont_include 'name'
         end
       end
@@ -220,6 +224,24 @@ describe Fluent::Plugin::SplunkHecOutput do
     end
   end
 
+  it 'should not send blank events' do
+    verify_sent_events(<<~CONF) do |batch|
+      <fields>
+        from
+        logLevel level
+        nonexist
+        log
+        file
+        value
+        id
+        agent
+        timestamp
+      </fields>
+    CONF
+      expect(batch.length).must_equal 0
+    end
+  end
+
   describe 'metric' do
     it 'should check related configs' do
       expect(
@@ -349,7 +371,8 @@ describe Fluent::Plugin::SplunkHecOutput do
       'agent' => {
         'name' => 'test',
         'version' => '1.0.0'
-      }
+      },
+      'timestamp' => 'time'
     }
     events = [
       ['tag.event1', event_time, { 'id' => '1st' }.merge(Marshal.load(Marshal.dump(event)))],

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-splunk-hec
 version: !ruby/object:Gem::Version
-  version: 1.2.1
+  version: 1.2.6
 platform: ruby
 authors:
 - Splunk Inc.
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-02-20 00:00:00.000000000 Z
+date: 2021-06-23 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: fluent-plugin-kubernetes_metadata_filter
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.4.2
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 2.4.2
 - !ruby/object:Gem::Dependency
   name: fluentd
   requirement: !ruby/object:Gem::Requirement
@@ -94,34 +80,6 @@ dependencies:
     - - "<"
       - !ruby/object:Gem::Version
         version: 0.10.0
-- !ruby/object:Gem::Dependency
-  name: activesupport
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '5.2'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '5.2'
-- !ruby/object:Gem::Dependency
-  name: http_parser.rb
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.5.3
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - '='
-      - !ruby/object:Gem::Version
-        version: 0.5.3
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -140,14 +98,14 @@ dependencies:
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '12.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '12.0'
 - !ruby/object:Gem::Dependency
@@ -257,7 +215,7 @@ homepage: https://github.com/splunk/fluent-plugin-splunk-hec
 licenses:
 - Apache-2.0
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -272,8 +230,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: Fluentd plugin for Splunk HEC.
 test_files: