fluent-plugin-splunk-hec 1.2.10 → 1.2.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dc792fc7c40630f15ecb739d4b5fb02d8b0eb82bae0cea4d83f2a3bc2033f86a
-  data.tar.gz: 7db6c9fbcc52941f5196c69dfb472b01126983003efa1924b87514ab73ceaab3
+  metadata.gz: de7c88e53248a080bb6074bf72a88896438727d88a042945b1faacce56df8a34
+  data.tar.gz: 44a74cb51c4697397ef0fac7d50e6ff9a044e823c336c5a680840e387b8383e5
 SHA512:
-  metadata.gz: 0f1370fc994cd6ff1d41e1c8b6714a81159f899fc60f133e7842963f7a2d24b192d7c385b8f4dc596c4b6975e48de40dc3025fda16c9aa7913871fbb30ba3b0d
-  data.tar.gz: be09848d438d90c78c45981efd44e1c57d92842ea3249c9099abecb2efdff84bc012766e45cd8807f4a047b73ee42639d277262f277a9ec3c4b4a75eeef9c4e7
+  metadata.gz: fa2ef5e67fbb22bc0721e15cb9d73e9442f5485dc70da665507455e9cba99ec8c672ea65c308b50fd82249977ee9f06a3120c6d5be56b8ef8251e6927f4e1d29
+  data.tar.gz: 9945827eb5330b28eaa319c7de17825bb1f6c5ea9494c5bdeca128eb9839663318f698d9f5ba7718c62c50c0095a3ca9456951293a93d9aa00dc8de10edfb66c

data/Gemfile.lock

@@ -1,19 +1,19 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-splunk-hec (1.2.10)
+    fluent-plugin-splunk-hec (1.2.13)
       fluentd (>= 1.4)
       multi_json (~> 1.13)
-      net-http-persistent (~> 3.1)
+      net-http-persistent (~> 4.0)
       openid_connect (~> 1.1.8)
       prometheus-client (>= 2.1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (7.0.1)
-      activesupport (= 7.0.1)
-    activesupport (7.0.1)
+    activemodel (7.0.2.3)
+      activesupport (= 7.0.2.3)
+    activesupport (7.0.2.3)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
@@ -23,18 +23,18 @@ GEM
     aes_key_wrap (1.1.0)
     attr_required (1.0.1)
     bindata (2.4.10)
-    concurrent-ruby (1.1.9)
+    concurrent-ruby (1.1.10)
     connection_pool (2.2.5)
     cool.io (1.7.1)
     crack (0.4.5)
       rexml
     docile (1.4.0)
-    fluentd (1.14.4)
+    fluentd (1.14.6)
       bundler
       cool.io (>= 1.4.5, < 2.0.0)
       http_parser.rb (>= 0.5.1, < 0.9.0)
       msgpack (>= 1.3.1, < 2.0.0)
-      serverengine (>= 2.2.2, < 3.0.0)
+      serverengine (>= 2.2.5, < 3.0.0)
       sigdump (~> 0.2.2)
       strptime (>= 0.2.4, < 1.0.0)
       tzinfo (>= 1.0, < 3.0)
@@ -44,7 +44,7 @@ GEM
     hashdiff (1.0.1)
     http_parser.rb (0.8.0)
     httpclient (2.8.3)
-    i18n (1.9.1)
+    i18n (1.10.0)
       concurrent-ruby (~> 1.0)
     json-jwt (1.13.0)
       activesupport (>= 4.2)
@@ -54,9 +54,9 @@ GEM
       mini_mime (>= 0.1.1)
     mini_mime (1.1.2)
     minitest (5.15.0)
-    msgpack (1.4.4)
+    msgpack (1.5.1)
     multi_json (1.15.0)
-    net-http-persistent (3.1.0)
+    net-http-persistent (4.0.1)
       connection_pool (~> 2.2)
     openid_connect (1.1.8)
       activemodel
@@ -69,7 +69,7 @@ GEM
       validate_url
       webfinger (>= 1.0.1)
     power_assert (2.0.1)
-    prometheus-client (2.1.0)
+    prometheus-client (4.0.0)
     public_suffix (4.0.6)
     rack (2.2.3)
     rack-oauth2 (1.19.0)
@@ -98,7 +98,7 @@ GEM
       power_assert
     tzinfo (2.0.4)
       concurrent-ruby (~> 1.0)
-    tzinfo-data (1.2021.5)
+    tzinfo-data (1.2022.1)
       tzinfo (>= 1.0.0)
     validate_email (0.1.6)
       activemodel (>= 3.0)
@@ -114,7 +114,7 @@ GEM
       crack (>= 0.3.2)
       hashdiff
     webrick (1.7.0)
-    yajl-ruby (1.4.1)
+    yajl-ruby (1.4.2)
 
 PLATFORMS
   ruby
@@ -129,4 +129,4 @@ DEPENDENCIES
   webmock (~> 3.5.0)
 
 BUNDLED WITH
-   2.3.6
+   2.3.12

data/README.md

@@ -1,13 +1,13 @@
 # fluent-plugin-splunk-hec
 
 [Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
-1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/> 
+1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
 2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
 
 ## Installation
 
 ### RubyGems
-``` 
+```
 $ gem install fluent-plugin-splunk-hec
 ```
 ### Bundler
@@ -157,7 +157,7 @@ This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_
 
 #### protocol (enum) (optional)
 
-This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is 
+This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
 set to `https` by default.
 
 ### hec_host (string) (required)
@@ -172,6 +172,10 @@ The port number for the HEC token or the HEC load balancer. The default value is
 
 Identifier for the HEC token.
 
+### hec_endpoint (string) (optional)
+
+The HEC REST API endpoint to use. The default value is `services/collector`.
+
 ### metrics_from_event (bool) (optional)
 
 When `data_type` is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics. The default value is `true`.
@@ -194,31 +198,31 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the
 
 ### Parameters for `splunk_ingest_api`
 
-### service_client_identifier: (optional) (string) 
+### service_client_identifier: (optional) (string)
 
 Splunk uses the client identifier to make authorized requests to the ingest API.
 
-### service_client_secret_key: (string) 
+### service_client_secret_key: (string)
 
 The client identifier uses this authorization to make requests to the ingest API.
 
-### token_endpoint: (string) 
+### token_endpoint: (string)
 
 This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
 
-### ingest_api_host: (string) 
+### ingest_api_host: (string)
 
 Indicates which url/hostname to use for requests to the ingest API.
 
-### ingest_api_tenant: (string) 
+### ingest_api_tenant: (string)
 
 Indicates which tenant Splunk should use for requests to the ingest API.
 
-### ingest_api_events_endpoint: (string) 
+### ingest_api_events_endpoint: (string)
 
 Indicates which endpoint to use for requests to the ingest API.
 
-### debug_http: (bool) 
+### debug_http: (bool)
 Set to True if you want to debug requests and responses to ingest API. Default is false.
 
 ### Parameters for both `splunk_hec` and `splunk_ingest_api`
@@ -330,7 +334,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
 
 #### When `data_type` is `metric`
 
-For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration: 
+For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
 
 ```
 <match **>
@@ -381,7 +385,7 @@ Multiple `<format>` sections can be defined to use different formatters for diff
   </format>
 ```
 
-This example: 
+This example:
 - Formats events with tags that start with `sometag.` with the `single_value` formatter
 - Formats events with tags `some.othertag` with the `csv` formatter
 - Formats all other events with the `json` formatter (the default formatter)
@@ -398,9 +402,10 @@ The following parameters can be used for tuning HTTP connections:
 
 #### idle_timeout (integer)
 
-The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts. 
+The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
 
 #### read_timeout (integer)
+
 The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout. 
 
 #### open_timeout (integer)
@@ -421,11 +426,11 @@ The private key for this client.
 
 #### ca_file (string)
 
-The path to a file containing a PEM-format CA certificate.
+The path to a file containing CA cerificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the `ssl_insecure` option.
 
 #### ca_path (string)
 
-The path to a directory containing CA certificates in PEM format.
+The path to a directory containing CA certificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the `ssl_insecure` option.
 
 #### ciphers (array)
 
@@ -433,15 +438,15 @@ List of SSl ciphers allowed.
 
 #### insecure_ssl (bool)
 
-Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
+Specifies whether an insecure SSL connection is allowed. If set to `false` (the default), the plugin will verify the TLS server certificate presented by Splunk against the CA certificates provided by the `ca_file`/`ca_path` options, and reject the certificate if if verification fails.
 
 #### require_ssl_min_version (bool)
 
-When set to true, TLS version 1.1 and above is required.
+When set to `true` (the default), the plugin will require TLSv1.1 or later for its connection to Splunk.
 
 #### consume_chunk_on_4xx_errors (bool)
 
-Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
+Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to `false`, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
 
 ## About Buffer
 
@@ -456,4 +461,4 @@ Here are some hints:
 
 ## License
 
-Please see [LICENSE](LICENSE). 
+Please see [LICENSE](LICENSE).

data/VERSION

@@ -1 +1 @@
-1.2.10
+1.2.13

data/fluent-plugin-splunk-hec.gemspec

@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
 
   spec.add_runtime_dependency 'fluentd', '>= 1.4'
   spec.add_runtime_dependency 'multi_json', '~> 1.13'
-  spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
+  spec.add_runtime_dependency 'net-http-persistent', '~> 4.0'
   spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
   spec.add_runtime_dependency 'prometheus-client', '>= 2.1.0'
 

data/lib/fluent/plugin/out_splunk.rb

@@ -92,6 +92,10 @@ module Fluent::Plugin
       end
     end
 
+    def shutdown
+      super
+    end
+
     def write(chunk)
       log.trace { "#{self.class}: Received new chunk, size=#{chunk.read.bytesize}" }
 

data/lib/fluent/plugin/out_splunk_hec.rb

@@ -36,6 +36,9 @@ module Fluent::Plugin
     desc 'The port number to HEC, or HEC load balancer.'
     config_param :hec_port, :integer, default: 8088
 
+    desc 'HEC REST API endpoint to use'
+    config_param :hec_endpoint, :string, default: 'services/collector'
+
     desc 'Full url to connect tosplunk. Example: https://mydomain.com:8088/apps/splunk'
     config_param :full_url, :string, default: ''
 
@@ -166,8 +169,8 @@ module Fluent::Plugin
     end
 
     def shutdown
+      @conn.shutdown if not @conn.nil?
       super
-      @conn.shutdown
     end
 
     def format(tag, time, record)
@@ -287,9 +290,9 @@ module Fluent::Plugin
 
     def construct_api
       if @full_url.empty?
-        URI("#{@protocol}://#{@hec_host}:#{@hec_port}/services/collector")
+        URI("#{@protocol}://#{@hec_host}:#{@hec_port}/#{@hec_endpoint.delete_prefix("/")}")
       else
-        URI("#{@full_url.delete_suffix("/")}/services/collector")
+        URI("#{@full_url.delete_suffix("/")}/#{@hec_endpoint.delete_prefix("/")}")
       end
     rescue StandardError
       if @full_url.empty?

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-splunk-hec
 version: !ruby/object:Gem::Version
-  version: 1.2.10
+  version: 1.2.13
 platform: ruby
 authors:
 - Splunk Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-02-02 00:00:00.000000000 Z
+date: 2022-04-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -44,14 +44,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.1'
+        version: '4.0'
 - !ruby/object:Gem::Dependency
   name: openid_connect
   requirement: !ruby/object:Gem::Requirement
@@ -221,13 +221,13 @@ signing_key:
 specification_version: 4
 summary: Fluentd plugin for Splunk HEC.
 test_files:
-- test/test_helper.rb
-- test/fluent/plugin/out_splunk_ingest_api_test.rb
-- test/fluent/plugin/out_splunk_hec_test.rb
 - test/lib/webmock/http_lib_adapters/manticore_adapter.rb
-- test/lib/webmock/http_lib_adapters/curb_adapter.rb
 - test/lib/webmock/http_lib_adapters/patron_adapter.rb
-- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
-- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
 - test/lib/webmock/http_lib_adapters/excon_adapter.rb
 - test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
+- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
+- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
+- test/lib/webmock/http_lib_adapters/curb_adapter.rb
+- test/test_helper.rb
+- test/fluent/plugin/out_splunk_hec_test.rb
+- test/fluent/plugin/out_splunk_ingest_api_test.rb