fluent-plugin-splunk-hec 1.2.1 → 1.2.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +58 -96
- data/LICENSE +73 -5
- data/README.md +22 -2
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +1 -4
- data/lib/fluent/plugin/out_splunk.rb +9 -5
- data/lib/fluent/plugin/out_splunk_hec.rb +38 -13
- data/lib/fluent/plugin/out_splunk_ingest_api.rb +1 -1
- data/test/fluent/plugin/out_splunk_hec_test.rb +25 -2
- metadata +8 -50
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 010d7729182f03560365cd5fd4d17eb4dbcb9ce487b41235611e61e88cbd6110
|
4
|
+
data.tar.gz: 2c27aac20a1301d9c94386642ca1005e1d359e1629ea63f203cc193ed02622f8
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e2771aa9aa10244e3de558466c8b3e8a0a08d6ab2b4e052ac38da8eabab86c788c491c7de4825a3077be4c036e576d6adbd0513602ef5e4d7bb5ccd77e9ff540
|
7
|
+
data.tar.gz: c0024af0008b91f4cfa93c7fd9e70a0da0ff2346d21c228a9a2d5775a47f4f16aa63f47e63b4d75965b046e6b989a255538beb775d771b50018c8e1c931dc1aa
|
data/Gemfile.lock
CHANGED
@@ -1,11 +1,8 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
5
|
-
activesupport (~> 5.2)
|
6
|
-
fluent-plugin-kubernetes_metadata_filter (~> 2.4.2)
|
4
|
+
fluent-plugin-splunk-hec (1.2.6)
|
7
5
|
fluentd (>= 1.4)
|
8
|
-
http_parser.rb (= 0.5.3)
|
9
6
|
multi_json (~> 1.13)
|
10
7
|
net-http-persistent (~> 3.1)
|
11
8
|
openid_connect (~> 1.1.8)
|
@@ -14,84 +11,56 @@ PATH
|
|
14
11
|
GEM
|
15
12
|
remote: https://rubygems.org/
|
16
13
|
specs:
|
17
|
-
activemodel (
|
18
|
-
activesupport (=
|
19
|
-
activesupport (
|
14
|
+
activemodel (6.1.3.2)
|
15
|
+
activesupport (= 6.1.3.2)
|
16
|
+
activesupport (6.1.3.2)
|
20
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
21
|
-
i18n (>=
|
22
|
-
minitest (
|
23
|
-
tzinfo (~>
|
18
|
+
i18n (>= 1.6, < 2)
|
19
|
+
minitest (>= 5.1)
|
20
|
+
tzinfo (~> 2.0)
|
21
|
+
zeitwerk (~> 2.3)
|
24
22
|
addressable (2.7.0)
|
25
23
|
public_suffix (>= 2.0.2, < 5.0)
|
26
|
-
aes_key_wrap (1.0
|
27
|
-
ast (2.4.
|
24
|
+
aes_key_wrap (1.1.0)
|
25
|
+
ast (2.4.2)
|
28
26
|
attr_required (1.0.1)
|
29
|
-
bindata (2.4.
|
30
|
-
concurrent-ruby (1.1.
|
31
|
-
connection_pool (2.2.
|
32
|
-
cool.io (1.
|
33
|
-
crack (0.4.
|
34
|
-
|
35
|
-
docile (1.3.
|
36
|
-
|
37
|
-
|
38
|
-
ffi (1.12.2)
|
39
|
-
ffi-compiler (1.0.1)
|
40
|
-
ffi (>= 1.0.0)
|
41
|
-
rake
|
42
|
-
fluent-plugin-kubernetes_metadata_filter (2.4.2)
|
43
|
-
fluentd (>= 0.14.0, < 2)
|
44
|
-
kubeclient (< 5)
|
45
|
-
lru_redux
|
46
|
-
fluentd (1.9.2)
|
27
|
+
bindata (2.4.10)
|
28
|
+
concurrent-ruby (1.1.9)
|
29
|
+
connection_pool (2.2.5)
|
30
|
+
cool.io (1.7.1)
|
31
|
+
crack (0.4.5)
|
32
|
+
rexml
|
33
|
+
docile (1.3.5)
|
34
|
+
fluentd (1.13.0)
|
35
|
+
bundler
|
47
36
|
cool.io (>= 1.4.5, < 2.0.0)
|
48
37
|
http_parser.rb (>= 0.5.1, < 0.7.0)
|
49
38
|
msgpack (>= 1.3.1, < 2.0.0)
|
50
|
-
serverengine (>= 2.
|
39
|
+
serverengine (>= 2.2.2, < 3.0.0)
|
51
40
|
sigdump (~> 0.2.2)
|
52
41
|
strptime (>= 0.2.2, < 1.0.0)
|
53
42
|
tzinfo (>= 1.0, < 3.0)
|
54
43
|
tzinfo-data (~> 1.0)
|
44
|
+
webrick (>= 1.4.2, < 1.8.0)
|
55
45
|
yajl-ruby (~> 1.0)
|
56
|
-
hashdiff (1.0.
|
57
|
-
|
58
|
-
addressable (~> 2.3)
|
59
|
-
http-cookie (~> 1.0)
|
60
|
-
http-form_data (~> 2.2)
|
61
|
-
http-parser (~> 1.2.0)
|
62
|
-
http-accept (1.7.0)
|
63
|
-
http-cookie (1.0.3)
|
64
|
-
domain_name (~> 0.5)
|
65
|
-
http-form_data (2.2.0)
|
66
|
-
http-parser (1.2.1)
|
67
|
-
ffi-compiler (>= 1.0, < 2.0)
|
68
|
-
http_parser.rb (0.5.3)
|
46
|
+
hashdiff (1.0.1)
|
47
|
+
http_parser.rb (0.6.0)
|
69
48
|
httpclient (2.8.3)
|
70
|
-
i18n (1.8.
|
49
|
+
i18n (1.8.10)
|
71
50
|
concurrent-ruby (~> 1.0)
|
72
51
|
jaro_winkler (1.5.4)
|
73
|
-
json (
|
74
|
-
json-jwt (1.11.0)
|
52
|
+
json-jwt (1.13.0)
|
75
53
|
activesupport (>= 4.2)
|
76
54
|
aes_key_wrap
|
77
55
|
bindata
|
78
|
-
kubeclient (4.6.0)
|
79
|
-
http (>= 3.0, < 5.0)
|
80
|
-
recursive-open-struct (~> 1.0, >= 1.0.4)
|
81
|
-
rest-client (~> 2.0)
|
82
|
-
lru_redux (1.1.0)
|
83
56
|
mail (2.7.1)
|
84
57
|
mini_mime (>= 0.1.1)
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
minitest (5.14.0)
|
90
|
-
msgpack (1.3.3)
|
91
|
-
multi_json (1.14.1)
|
58
|
+
mini_mime (1.1.0)
|
59
|
+
minitest (5.14.4)
|
60
|
+
msgpack (1.4.2)
|
61
|
+
multi_json (1.15.0)
|
92
62
|
net-http-persistent (3.1.0)
|
93
63
|
connection_pool (~> 2.2)
|
94
|
-
netrc (0.11.0)
|
95
64
|
openid_connect (1.1.8)
|
96
65
|
activemodel
|
97
66
|
attr_required (>= 1.0.0)
|
@@ -102,30 +71,25 @@ GEM
|
|
102
71
|
validate_email
|
103
72
|
validate_url
|
104
73
|
webfinger (>= 1.0.1)
|
105
|
-
parallel (1.
|
106
|
-
parser (
|
107
|
-
ast (~> 2.4.
|
108
|
-
power_assert (
|
109
|
-
powerpack (0.1.
|
74
|
+
parallel (1.20.1)
|
75
|
+
parser (3.0.0.0)
|
76
|
+
ast (~> 2.4.1)
|
77
|
+
power_assert (2.0.0)
|
78
|
+
powerpack (0.1.3)
|
110
79
|
prometheus-client (0.9.0)
|
111
80
|
quantile (~> 0.2.1)
|
112
|
-
public_suffix (4.0.
|
81
|
+
public_suffix (4.0.6)
|
113
82
|
quantile (0.2.1)
|
114
|
-
rack (2.2.
|
115
|
-
rack-oauth2 (1.
|
83
|
+
rack (2.2.3)
|
84
|
+
rack-oauth2 (1.17.0)
|
116
85
|
activesupport
|
117
86
|
attr_required
|
118
87
|
httpclient
|
119
88
|
json-jwt (>= 1.11.0)
|
120
|
-
rack
|
89
|
+
rack (>= 2.1.0)
|
121
90
|
rainbow (3.0.0)
|
122
|
-
rake (
|
123
|
-
|
124
|
-
rest-client (2.1.0)
|
125
|
-
http-accept (>= 1.7.0, < 2.0)
|
126
|
-
http-cookie (>= 1.0.2, < 2.0)
|
127
|
-
mime-types (>= 1.16, < 4.0)
|
128
|
-
netrc (~> 0.8)
|
91
|
+
rake (13.0.3)
|
92
|
+
rexml (3.2.4)
|
129
93
|
rubocop (0.63.1)
|
130
94
|
jaro_winkler (~> 1.5.1)
|
131
95
|
parallel (~> 1.10)
|
@@ -134,36 +98,32 @@ GEM
|
|
134
98
|
rainbow (>= 2.2.2, < 4.0)
|
135
99
|
ruby-progressbar (~> 1.7)
|
136
100
|
unicode-display_width (~> 1.4.0)
|
137
|
-
ruby-progressbar (1.
|
138
|
-
|
139
|
-
serverengine (2.2.1)
|
101
|
+
ruby-progressbar (1.11.0)
|
102
|
+
serverengine (2.2.4)
|
140
103
|
sigdump (~> 0.2.2)
|
141
104
|
sigdump (0.2.4)
|
142
|
-
simplecov (0.
|
105
|
+
simplecov (0.21.2)
|
143
106
|
docile (~> 1.1)
|
144
|
-
|
145
|
-
|
146
|
-
simplecov-html (0.
|
147
|
-
|
148
|
-
|
107
|
+
simplecov-html (~> 0.11)
|
108
|
+
simplecov_json_formatter (~> 0.1)
|
109
|
+
simplecov-html (0.12.3)
|
110
|
+
simplecov_json_formatter (0.1.2)
|
111
|
+
strptime (0.2.5)
|
112
|
+
swd (1.2.0)
|
149
113
|
activesupport (>= 3)
|
150
114
|
attr_required (>= 0.0.5)
|
151
115
|
httpclient (>= 2.4)
|
152
|
-
test-unit (3.
|
116
|
+
test-unit (3.4.0)
|
153
117
|
power_assert
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
tzinfo-data (1.2019.3)
|
118
|
+
tzinfo (2.0.4)
|
119
|
+
concurrent-ruby (~> 1.0)
|
120
|
+
tzinfo-data (1.2021.1)
|
158
121
|
tzinfo (>= 1.0.0)
|
159
|
-
unf (0.1.4)
|
160
|
-
unf_ext
|
161
|
-
unf_ext (0.0.7.6)
|
162
122
|
unicode-display_width (1.4.1)
|
163
123
|
validate_email (0.1.6)
|
164
124
|
activemodel (>= 3.0)
|
165
125
|
mail (>= 2.2.5)
|
166
|
-
validate_url (1.0.
|
126
|
+
validate_url (1.0.13)
|
167
127
|
activemodel (>= 3.0.0)
|
168
128
|
public_suffix
|
169
129
|
webfinger (1.1.0)
|
@@ -173,7 +133,9 @@ GEM
|
|
173
133
|
addressable (>= 2.3.6)
|
174
134
|
crack (>= 0.3.2)
|
175
135
|
hashdiff
|
136
|
+
webrick (1.7.0)
|
176
137
|
yajl-ruby (1.4.1)
|
138
|
+
zeitwerk (2.4.2)
|
177
139
|
|
178
140
|
PLATFORMS
|
179
141
|
ruby
|
@@ -182,11 +144,11 @@ DEPENDENCIES
|
|
182
144
|
bundler (~> 2.0)
|
183
145
|
fluent-plugin-splunk-hec!
|
184
146
|
minitest (~> 5.0)
|
185
|
-
rake (
|
147
|
+
rake (>= 12.0)
|
186
148
|
rubocop (~> 0.63.1)
|
187
149
|
simplecov
|
188
150
|
test-unit (~> 3.0)
|
189
151
|
webmock (~> 3.5.0)
|
190
152
|
|
191
153
|
BUNDLED WITH
|
192
|
-
2.
|
154
|
+
2.2.21
|
data/LICENSE
CHANGED
@@ -214,21 +214,89 @@ Apache License 2.0
|
|
214
214
|
The following components are provided under the Apache License 2.0. See project link for details.
|
215
215
|
|
216
216
|
(Apache License 2.0) fluentd (https://github.com/fluent/fluentd/blob/master/LICENSE)
|
217
|
+
(Apache License 2.0) ffi-compiler (https://github.com/ffi/ffi-compiler/blob/master/LICENSE)
|
218
|
+
(Apache License 2.0) msgpack (https://github.com/msgpack/msgpack-ruby/blob/master/LICENSE)
|
219
|
+
(Apache License 2.0) prometheus-client (https://github.com/prometheus/client_ruby/blob/master/LICENSE)
|
220
|
+
(Apache License 2.0) quantile (https://github.com/matttproud/ruby_quantile_estimation/blob/master/LICENSE)
|
221
|
+
(Apache License 2.0) serverengine (https://github.com/treasure-data/serverengine/blob/master/LICENSE)
|
222
|
+
(Apache License 2.0) addressable (https://github.com/sporkmonger/addressable/blob/master/LICENSE.txt)
|
223
|
+
(Apache License 2.0) fluent-plugin-kubernetes_metadata_filter (https://github.com/fabric8io/fluent-plugin-kubernetes_metadata_filter/blob/master/LICENSE.txt)
|
224
|
+
(Apache License 2.0) thread_safe (https://github.com/ruby-concurrency/thread_safe/blob/master/LICENSE)
|
217
225
|
|
218
226
|
========================================================================
|
219
227
|
MIT licenses
|
220
228
|
========================================================================
|
221
229
|
The following components are provided under the MIT License. See project link for details.
|
222
230
|
|
223
|
-
(MIT License)
|
224
|
-
(MIT License)
|
231
|
+
(MIT License) activemodel (https://github.com/rails/rails/blob/v6.0.2.1/activemodel/MIT-LICENSE)
|
232
|
+
(MIT License) activesupport (https://github.com/rails/rails/blob/v6.0.2.1/activesupport/MIT-LICENSE)
|
233
|
+
(MIT License) aes_key_wrap (https://github.com/tomdalling/aes_key_wrap/blob/master/LICENSE.txt)
|
234
|
+
(MIT License) ast (https://github.com/whitequark/ast/blob/master/LICENSE.MIT)
|
235
|
+
(MIT License) attr_required (https://github.com/nov/attr_required/blob/master/LICENSE)
|
225
236
|
(MIT License) bundler (https://github.com/bundler/bundler/blob/master/LICENSE.md)
|
237
|
+
(MIT License) concurrent-ruby (https://github.com/ruby-concurrency/concurrent-ruby/blob/master/LICENSE.md)
|
238
|
+
(MIT License) connection_pool (https://github.com/mperham/connection_pool/blob/master/LICENSE)
|
239
|
+
(MIT License) cool.io (https://github.com/tarcieri/cool.io/blob/master/LICENSE)
|
240
|
+
(MIT License) crack (https://github.com/jnunemaker/crack/blob/master/LICENSE)
|
241
|
+
(MIT License) docile (https://github.com/ms-ati/docile/blob/master/LICENSE)
|
242
|
+
(MIT License) hashdiff (https://github.com/liufengyun/hashdiff/blob/master/LICENSE)
|
243
|
+
(MIT License) http (https://github.com/httprb/http/blob/master/LICENSE.txt)
|
244
|
+
(MIT License) http_parser.rb (https://github.com/tmm1/http_parser.rb/blob/master/LICENSE-MIT)
|
245
|
+
(MIT License) http-accept (https://github.com/socketry/http-accept#license)
|
246
|
+
(MIT License) http-cookie (https://github.com/sparklemotion/http-cookie/blob/master/LICENSE.txt)
|
247
|
+
(MIT License) http-form_data (https://github.com/httprb/form_data/blob/master/LICENSE.txt)
|
248
|
+
(MIT License) http-parser (https://github.com/cotag/http-parser/blob/master/LICENSE)
|
249
|
+
(MIT License) i18n (https://github.com/ruby-i18n/i18n/blob/master/MIT-LICENSE)
|
250
|
+
(MIT License) jaro_winkler (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
|
251
|
+
(MIT License) json-jwt (https://github.com/tonytonyjan/jaro_winkler/blob/master/LICENSE.txt)
|
252
|
+
(MIT License) kubeclient (https://github.com/abonas/kubeclient/blob/master/LICENSE.txt)
|
253
|
+
(MIT License) lru_redux (https://github.com/SamSaffron/lru_redux/blob/master/LICENSE.txt)
|
254
|
+
(MIT License) mail (https://github.com/mikel/mail/blob/master/MIT-LICENSE)
|
255
|
+
(MIT License) mime-types (https://github.com/mime-types/ruby-mime-types/blob/master/Licence.md)
|
256
|
+
(MIT License) mime-types-data (https://github.com/mime-types/mime-types-data/blob/master/Licence.md)
|
257
|
+
(MIT License) mini_mime (https://github.com/discourse/mini_mime/blob/master/LICENSE.txt)
|
258
|
+
(MIT License) minitest (https://github.com/seattlerb/minitest)
|
259
|
+
(MIT License) multi_json (https://github.com/intridea/multi_json/blob/master/LICENSE.md)
|
260
|
+
(MIT License) net-http-persistent (https://github.com/drbrain/net-http-persistent)
|
261
|
+
(MIT License) netrc (https://github.com/heroku/netrc/blob/master/LICENSE.md)
|
262
|
+
(MIT License) openid_connect (https://github.com/nov/openid_connect/blob/master/LICENSE)
|
263
|
+
(MIT License) parallel (https://github.com/grosser/parallel/blob/master/MIT-LICENSE.txt)
|
264
|
+
(MIT License) parser (https://github.com/whitequark/parser/blob/master/LICENSE.txt)
|
265
|
+
(MIT License) powerpack (https://github.com/bbatsov/powerpack/blob/master/LICENSE.txt)
|
266
|
+
(MIT License) public_suffix (https://github.com/weppos/publicsuffix-ruby/blob/master/LICENSE.txt)
|
267
|
+
(MIT License) rack (https://github.com/rack/rack/blob/master/MIT-LICENSE)
|
268
|
+
(MIT License) rack-oauth2 (https://github.com/nov/rack-oauth2/blob/master/LICENSE)
|
269
|
+
(MIT License) rainbow (https://github.com/sickill/rainbow/blob/master/LICENSE)
|
226
270
|
(MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
|
271
|
+
(MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
|
272
|
+
(MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
|
273
|
+
(MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
|
274
|
+
(MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
|
275
|
+
(MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
|
276
|
+
(MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)
|
277
|
+
(MIT License) simplecov (https://github.com/colszowka/simplecov/blob/master/LICENSE)
|
278
|
+
(MIT License) simplecov-html (https://github.com/colszowka/simplecov-html/blob/master/LICENSE)
|
279
|
+
(MIT License) swd (https://github.com/nov/SWD/blob/master/LICENSE)
|
280
|
+
(MIT License) tzinfo (https://github.com/tzinfo/tzinfo/blob/master/LICENSE)
|
281
|
+
(MIT License) tzinfo-data (https://github.com/tzinfo/tzinfo-data/blob/master/LICENSE)
|
282
|
+
(MIT License) unf_ext (https://github.com/knu/ruby-unf_ext/blob/master/LICENSE.txt)
|
283
|
+
(MIT License) unicode-display_width (https://github.com/janlelis/unicode-display_width/blob/master/MIT-LICENSE.txt)
|
284
|
+
(MIT License) validate_email (https://github.com/perfectline/validates_email/blob/master/MIT-LICENSE)
|
285
|
+
(MIT License) validate_url (https://github.com/perfectline/validates_url/blob/master/LICENSE.md)
|
286
|
+
(MIT License) webfinger (https://github.com/nov/webfinger/blob/master/LICENSE.txt)
|
227
287
|
(MIT License) webmock (https://github.com/bblimke/webmock/blob/master/LICENSE)
|
228
|
-
(MIT License)
|
288
|
+
(MIT License) yajl-ruby (https://github.com/brianmario/yajl-ruby/blob/master/LICENSE)
|
229
289
|
|
230
290
|
========================================================================
|
231
|
-
For
|
291
|
+
For the rest:
|
232
292
|
========================================================================
|
233
293
|
|
234
|
-
|
294
|
+
bindata (https://github.com/dmendel/bindata/blob/master/COPYING)
|
295
|
+
httpclient (https://github.com/nahi/httpclient/#license)
|
296
|
+
json (https://www.ruby-lang.org/en/about/license.txt)
|
297
|
+
test-unit (https://github.com/test-unit/test-unit)
|
298
|
+
unf (https://github.com/knu/ruby-unf/blob/master/LICENSE)
|
299
|
+
power_assert (https://github.com/k-tsj/power_assert/blob/master/BSDL)
|
300
|
+
strptime (https://github.com/nurse/strptime/blob/master/LICENSE.txt)
|
301
|
+
domain_name (https://github.com/knu/ruby-domain_name/blob/master/LICENSE.txt)
|
302
|
+
ffi (https://github.com/ffi/ffi/blob/master/LICENSE)
|
data/README.md
CHANGED
@@ -260,6 +260,10 @@ Cannot set both `source` and `source_key` parameters at the same time.
|
|
260
260
|
|
261
261
|
Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
|
262
262
|
|
263
|
+
### time_key (string) (optional)
|
264
|
+
|
265
|
+
Field name to contain Splunk event time. By default will use fluentd\'d time.
|
266
|
+
|
263
267
|
### fields (init) (optional)
|
264
268
|
|
265
269
|
Lets you specify the index-time fields for the event data type, or metric dimensions for the metric data type. Null value fields are removed.
|
@@ -273,6 +277,14 @@ When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `
|
|
273
277
|
|
274
278
|
Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
|
275
279
|
|
280
|
+
### app_name (string) (Optional)
|
281
|
+
|
282
|
+
Splunk app name using this plugin (default to `hec_plugin_gem`)
|
283
|
+
|
284
|
+
### app_version (string) (Optional)
|
285
|
+
|
286
|
+
The version of Splunk app using this this plugin (default to plugin version)
|
287
|
+
|
276
288
|
#### When `data_type` is `event`
|
277
289
|
|
278
290
|
In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
|
@@ -285,7 +297,7 @@ In this case, parameters inside `<fields>` are used as indexed fields and remove
|
|
285
297
|
<fields>
|
286
298
|
file
|
287
299
|
level
|
288
|
-
app
|
300
|
+
app application
|
289
301
|
</fields>
|
290
302
|
</match>
|
291
303
|
```
|
@@ -332,7 +344,7 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
|
|
332
344
|
<fields>
|
333
345
|
file
|
334
346
|
level
|
335
|
-
app
|
347
|
+
app application
|
336
348
|
</fields>
|
337
349
|
</match>
|
338
350
|
```
|
@@ -424,6 +436,14 @@ List of SSl ciphers allowed.
|
|
424
436
|
|
425
437
|
Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
|
426
438
|
|
439
|
+
#### require_ssl_min_version (bool)
|
440
|
+
|
441
|
+
When set to true, TLS version 1.1 and above is required.
|
442
|
+
|
443
|
+
#### consume_chunk_on_4xx_errors (bool)
|
444
|
+
|
445
|
+
Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
|
446
|
+
|
427
447
|
## About Buffer
|
428
448
|
|
429
449
|
This plugin sends events to HEC using [batch mode](https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/FormateventsforHTTPEventCollector#Event_data).
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.6
|
@@ -33,17 +33,14 @@ Gem::Specification.new do |spec|
|
|
33
33
|
|
34
34
|
spec.required_ruby_version = '>= 2.3.0'
|
35
35
|
|
36
|
-
spec.add_runtime_dependency 'fluent-plugin-kubernetes_metadata_filter', '~> 2.4.2'
|
37
36
|
spec.add_runtime_dependency 'fluentd', '>= 1.4'
|
38
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
39
38
|
spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
|
40
39
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
41
40
|
spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
|
42
|
-
spec.add_runtime_dependency 'activesupport', '~> 5.2'
|
43
|
-
spec.add_runtime_dependency 'http_parser.rb', '= 0.5.3'
|
44
41
|
|
45
42
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
46
|
-
spec.add_development_dependency 'rake', '
|
43
|
+
spec.add_development_dependency 'rake', '>= 12.0'
|
47
44
|
# required by fluent/test.rb
|
48
45
|
spec.add_development_dependency 'minitest', '~> 5.0'
|
49
46
|
spec.add_development_dependency 'rubocop', '~> 0.63.1'
|
@@ -13,7 +13,7 @@ module Fluent::Plugin
|
|
13
13
|
autoload :VERSION, 'fluent/plugin/out_splunk/version'
|
14
14
|
autoload :MatchFormatter, 'fluent/plugin/out_splunk/match_formatter'
|
15
15
|
|
16
|
-
KEY_FIELDS = %w[index host source sourcetype metric_name metric_value].freeze
|
16
|
+
KEY_FIELDS = %w[index host source sourcetype metric_name metric_value time].freeze
|
17
17
|
TAG_PLACEHOLDER = '${tag}'
|
18
18
|
|
19
19
|
desc 'The host field for events, by default it uses the hostname of the machine that runnning fluentd. This is exclusive with `host_key`.'
|
@@ -51,6 +51,9 @@ module Fluent::Plugin
|
|
51
51
|
# this is blank on purpose
|
52
52
|
end
|
53
53
|
|
54
|
+
desc 'Indicates if 4xx errors should consume chunk'
|
55
|
+
config_param :consume_chunk_on_4xx_errors, :bool, :default => true
|
56
|
+
|
54
57
|
config_section :format do
|
55
58
|
config_set_default :usage, '**'
|
56
59
|
config_set_default :@type, 'json'
|
@@ -152,11 +155,12 @@ module Fluent::Plugin
|
|
152
155
|
|
153
156
|
@metrics[:status_counter].increment(metric_labels(status: response.code.to_s))
|
154
157
|
|
158
|
+
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
159
|
+
|
155
160
|
# raise Exception to utilize Fluentd output plugin retry mechanism
|
156
|
-
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if
|
161
|
+
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
|
157
162
|
|
158
|
-
# For both success response (2xx)
|
159
|
-
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
163
|
+
# For both success response (2xx) we will consume the chunk.
|
160
164
|
unless response.code.to_s.start_with?('2')
|
161
165
|
log.error "#{self.class}: Failed POST to #{@api}, response: #{response.body}"
|
162
166
|
log.error { "#{self.class}: Failed request body: #{post.body}" }
|
@@ -205,7 +209,7 @@ module Fluent::Plugin
|
|
205
209
|
# This loop looks dump, but it is used to suppress the unused parameter configuration warning
|
206
210
|
# Learned from `filter_record_transformer`.
|
207
211
|
conf.elements.select { |element| element.name == 'fields' }.each do |element|
|
208
|
-
element.each_pair { |k, _v| element.
|
212
|
+
element.each_pair { |k, _v| element.has_key?(k) }
|
209
213
|
end
|
210
214
|
|
211
215
|
return unless @fields
|
@@ -1,5 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
|
-
|
2
|
+
$LOAD_PATH.unshift(File.expand_path('..', __dir__))
|
3
3
|
require 'fluent/env'
|
4
4
|
require 'fluent/output'
|
5
5
|
require 'fluent/plugin/output'
|
@@ -63,6 +63,9 @@ module Fluent::Plugin
|
|
63
63
|
desc 'List of SSL ciphers allowed.'
|
64
64
|
config_param :ssl_ciphers, :array, default: nil
|
65
65
|
|
66
|
+
desc 'When set to true, TLS version 1.1 and above is required.'
|
67
|
+
config_param :require_ssl_min_version, :bool, default: true
|
68
|
+
|
66
69
|
desc 'Indicates if insecure SSL connection is allowed.'
|
67
70
|
config_param :insecure_ssl, :bool, default: false
|
68
71
|
|
@@ -72,9 +75,6 @@ module Fluent::Plugin
|
|
72
75
|
desc 'The Splunk index to index events. When not set, will be decided by HEC. This is exclusive with `index_key`'
|
73
76
|
config_param :index, :string, default: nil
|
74
77
|
|
75
|
-
desc 'Field name to contain Splunk event time. By default will use fluentd\'d time'
|
76
|
-
config_param :time_key, :string, default: nil
|
77
|
-
|
78
78
|
desc 'Field name to contain Splunk index name. This is exclusive with `index`.'
|
79
79
|
config_param :index_key, :string, default: nil
|
80
80
|
|
@@ -90,11 +90,20 @@ module Fluent::Plugin
|
|
90
90
|
desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
|
91
91
|
config_param :keep_keys, :bool, default: false
|
92
92
|
|
93
|
+
desc 'App name'
|
94
|
+
config_param :app_name, :string, default: "hec_plugin_gem"
|
95
|
+
|
96
|
+
desc 'App version'
|
97
|
+
config_param :app_version, :string, default: "#{VERSION}"
|
98
|
+
|
93
99
|
desc 'Define index-time fields for event data type, or metric dimensions for metric data type. Null value fields will be removed.'
|
94
100
|
config_section :fields, init: false, multi: false, required: false do
|
95
101
|
# this is blank on purpose
|
96
102
|
end
|
97
103
|
|
104
|
+
desc 'Indicates if 4xx errors should consume chunk'
|
105
|
+
config_param :consume_chunk_on_4xx_errors, :bool, :default => true
|
106
|
+
|
98
107
|
config_section :format do
|
99
108
|
config_set_default :usage, '**'
|
100
109
|
config_set_default :@type, 'json'
|
@@ -137,10 +146,15 @@ module Fluent::Plugin
|
|
137
146
|
c.ca_file = @ca_file
|
138
147
|
c.ca_path = @ca_path
|
139
148
|
c.ciphers = @ssl_ciphers
|
149
|
+
c.proxy = :ENV
|
150
|
+
c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
|
140
151
|
|
141
152
|
c.override_headers['Content-Type'] = 'application/json'
|
142
153
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
143
154
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
155
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
156
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
157
|
+
|
144
158
|
end
|
145
159
|
end
|
146
160
|
|
@@ -173,7 +187,7 @@ module Fluent::Plugin
|
|
173
187
|
end
|
174
188
|
|
175
189
|
def format_event(tag, time, record)
|
176
|
-
|
190
|
+
d = {
|
177
191
|
host: @host ? @host.(tag, record) : @default_host,
|
178
192
|
# From the API reference
|
179
193
|
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
@@ -206,7 +220,12 @@ module Fluent::Plugin
|
|
206
220
|
record = formatter.format(tag, time, record)
|
207
221
|
end
|
208
222
|
payload[:event] = convert_to_utf8 record
|
209
|
-
}
|
223
|
+
}
|
224
|
+
if d[:event] == "{}"
|
225
|
+
log.warn { "Event after formatting was blank, not sending" }
|
226
|
+
return ""
|
227
|
+
end
|
228
|
+
MultiJson.dump(d)
|
210
229
|
end
|
211
230
|
|
212
231
|
def format_metric(tag, time, record)
|
@@ -218,7 +237,7 @@ module Fluent::Plugin
|
|
218
237
|
# That's why we use `to_s` here.
|
219
238
|
time: time.to_f.to_s,
|
220
239
|
event: 'metric'
|
221
|
-
}.tap do |payload|
|
240
|
+
}.tap do |payload|
|
222
241
|
if @time
|
223
242
|
time_value = @time.(tag, record)
|
224
243
|
# if no value is found don't override and use fluentd's time
|
@@ -273,13 +292,18 @@ module Fluent::Plugin
|
|
273
292
|
c.ca_file = @ca_file
|
274
293
|
c.ca_path = @ca_path
|
275
294
|
c.ciphers = @ssl_ciphers
|
295
|
+
c.proxy = :ENV
|
276
296
|
c.idle_timeout = @idle_timeout
|
277
297
|
c.read_timeout = @read_timeout
|
278
298
|
c.open_timeout = @open_timeout
|
299
|
+
c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
|
279
300
|
|
280
301
|
c.override_headers['Content-Type'] = 'application/json'
|
281
302
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
282
303
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
304
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
305
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
306
|
+
|
283
307
|
end
|
284
308
|
end
|
285
309
|
|
@@ -293,13 +317,14 @@ module Fluent::Plugin
|
|
293
317
|
response = @conn.request @api, post
|
294
318
|
t2 = Time.now
|
295
319
|
|
296
|
-
|
297
|
-
|
320
|
+
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
321
|
+
|
322
|
+
# raise Exception to utilize Fluentd output plugin retry mechanism
|
323
|
+
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
|
298
324
|
|
299
|
-
# For both success response (2xx)
|
300
|
-
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
325
|
+
# For both success response (2xx) we will consume the chunk.
|
301
326
|
if not response.code.start_with?('2')
|
302
|
-
log.error "Failed POST to #{@
|
327
|
+
log.error "Failed POST to #{@api}, response: #{response.body}"
|
303
328
|
log.debug { "Failed request body: #{post.body}" }
|
304
329
|
end
|
305
330
|
|
@@ -331,7 +356,7 @@ module Fluent::Plugin
|
|
331
356
|
invalid: :replace,
|
332
357
|
undef: :replace,
|
333
358
|
replace: @non_utf8_replacement_string)
|
334
|
-
|
359
|
+
else
|
335
360
|
begin
|
336
361
|
input.encode('utf-8')
|
337
362
|
rescue EncodingError
|
@@ -57,6 +57,9 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
57
57
|
assert_nil(create_hec_output_driver('hec_host hec_token').instance.index_key)
|
58
58
|
expect(create_hec_output_driver('hec_host hec_token').instance.index_key).is_a? String
|
59
59
|
end
|
60
|
+
it 'should consume chunks on 4xx errors' do
|
61
|
+
expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
|
62
|
+
end
|
60
63
|
end
|
61
64
|
|
62
65
|
describe 'hec_host validation' do
|
@@ -139,6 +142,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
139
142
|
host_key from
|
140
143
|
source_key file
|
141
144
|
sourcetype_key agent.name
|
145
|
+
time_key timestamp
|
142
146
|
CONF
|
143
147
|
batch.each do |item|
|
144
148
|
expect(item['index']).must_equal 'info'
|
@@ -147,7 +151,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
147
151
|
expect(item['sourcetype']).must_equal 'test'
|
148
152
|
|
149
153
|
JSON.load(item['event']).tap do |event|
|
150
|
-
%w[level from file].each { |field| expect(event).wont_include field }
|
154
|
+
%w[level from file timestamp].each { |field| expect(event).wont_include field }
|
151
155
|
expect(event['agent']).wont_include 'name'
|
152
156
|
end
|
153
157
|
end
|
@@ -220,6 +224,24 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
220
224
|
end
|
221
225
|
end
|
222
226
|
|
227
|
+
it 'should not send blank events' do
|
228
|
+
verify_sent_events(<<~CONF) do |batch|
|
229
|
+
<fields>
|
230
|
+
from
|
231
|
+
logLevel level
|
232
|
+
nonexist
|
233
|
+
log
|
234
|
+
file
|
235
|
+
value
|
236
|
+
id
|
237
|
+
agent
|
238
|
+
timestamp
|
239
|
+
</fields>
|
240
|
+
CONF
|
241
|
+
expect(batch.length).must_equal 0
|
242
|
+
end
|
243
|
+
end
|
244
|
+
|
223
245
|
describe 'metric' do
|
224
246
|
it 'should check related configs' do
|
225
247
|
expect(
|
@@ -349,7 +371,8 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
349
371
|
'agent' => {
|
350
372
|
'name' => 'test',
|
351
373
|
'version' => '1.0.0'
|
352
|
-
}
|
374
|
+
},
|
375
|
+
'timestamp' => 'time'
|
353
376
|
}
|
354
377
|
events = [
|
355
378
|
['tag.event1', event_time, { 'id' => '1st' }.merge(Marshal.load(Marshal.dump(event)))],
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
|
-
autorequire:
|
8
|
+
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-06-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: fluent-plugin-kubernetes_metadata_filter
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: 2.4.2
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: 2.4.2
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: fluentd
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,34 +80,6 @@ dependencies:
|
|
94
80
|
- - "<"
|
95
81
|
- !ruby/object:Gem::Version
|
96
82
|
version: 0.10.0
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: activesupport
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - "~>"
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '5.2'
|
104
|
-
type: :runtime
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - "~>"
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '5.2'
|
111
|
-
- !ruby/object:Gem::Dependency
|
112
|
-
name: http_parser.rb
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
114
|
-
requirements:
|
115
|
-
- - '='
|
116
|
-
- !ruby/object:Gem::Version
|
117
|
-
version: 0.5.3
|
118
|
-
type: :runtime
|
119
|
-
prerelease: false
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - '='
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: 0.5.3
|
125
83
|
- !ruby/object:Gem::Dependency
|
126
84
|
name: bundler
|
127
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -140,14 +98,14 @@ dependencies:
|
|
140
98
|
name: rake
|
141
99
|
requirement: !ruby/object:Gem::Requirement
|
142
100
|
requirements:
|
143
|
-
- - "
|
101
|
+
- - ">="
|
144
102
|
- !ruby/object:Gem::Version
|
145
103
|
version: '12.0'
|
146
104
|
type: :development
|
147
105
|
prerelease: false
|
148
106
|
version_requirements: !ruby/object:Gem::Requirement
|
149
107
|
requirements:
|
150
|
-
- - "
|
108
|
+
- - ">="
|
151
109
|
- !ruby/object:Gem::Version
|
152
110
|
version: '12.0'
|
153
111
|
- !ruby/object:Gem::Dependency
|
@@ -257,7 +215,7 @@ homepage: https://github.com/splunk/fluent-plugin-splunk-hec
|
|
257
215
|
licenses:
|
258
216
|
- Apache-2.0
|
259
217
|
metadata: {}
|
260
|
-
post_install_message:
|
218
|
+
post_install_message:
|
261
219
|
rdoc_options: []
|
262
220
|
require_paths:
|
263
221
|
- lib
|
@@ -272,8 +230,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
272
230
|
- !ruby/object:Gem::Version
|
273
231
|
version: '0'
|
274
232
|
requirements: []
|
275
|
-
rubygems_version: 3.
|
276
|
-
signing_key:
|
233
|
+
rubygems_version: 3.1.4
|
234
|
+
signing_key:
|
277
235
|
specification_version: 4
|
278
236
|
summary: Fluentd plugin for Splunk HEC.
|
279
237
|
test_files:
|