fluent-plugin-splunk-hec 1.2.11 → 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +31 -20
- data/README.md +24 -19
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +2 -2
- data/lib/fluent/plugin/out_splunk.rb +4 -0
- data/lib/fluent/plugin/out_splunk_hec.rb +19 -5
- data/test/fluent/plugin/out_splunk_hec_test.rb +30 -0
- data/test/test_helper.rb +11 -0
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 23746f631e5a9217fca76160c200155878aecdc2402dcaa0dec2b7447f7f5986
|
4
|
+
data.tar.gz: 43e704a9048113bbc9070972a809ab2d689e05ba63c2a1739d35abad1ea7ba08
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 531cb324fcfdbdd81b89abca06d39ec324776dd973c23118eda9df697160980f87f43dd1beded8adec71103f9ed1bcf43ced51b60b30f6ebce032516524c3424
|
7
|
+
data.tar.gz: 27cdfef7e22314183999e93651275da29ca4c473b44d68c8873c458f9fcbf1d7213b1632690d4dd7b923699822cf7b57fd4fdea0b6a48b7dc51767d9785a1176
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,19 +1,19 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.
|
5
|
-
fluentd (>= 1.
|
4
|
+
fluent-plugin-splunk-hec (1.3.0)
|
5
|
+
fluentd (>= 1.5)
|
6
6
|
multi_json (~> 1.13)
|
7
|
-
net-http-persistent (~>
|
7
|
+
net-http-persistent (~> 4.0)
|
8
8
|
openid_connect (~> 1.1.8)
|
9
9
|
prometheus-client (>= 2.1.0)
|
10
10
|
|
11
11
|
GEM
|
12
12
|
remote: https://rubygems.org/
|
13
13
|
specs:
|
14
|
-
activemodel (7.0.
|
15
|
-
activesupport (= 7.0.
|
16
|
-
activesupport (7.0.
|
14
|
+
activemodel (7.0.3)
|
15
|
+
activesupport (= 7.0.3)
|
16
|
+
activesupport (7.0.3)
|
17
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
18
18
|
i18n (>= 1.6, < 2)
|
19
19
|
minitest (>= 5.1)
|
@@ -23,18 +23,19 @@ GEM
|
|
23
23
|
aes_key_wrap (1.1.0)
|
24
24
|
attr_required (1.0.1)
|
25
25
|
bindata (2.4.10)
|
26
|
-
concurrent-ruby (1.1.
|
26
|
+
concurrent-ruby (1.1.10)
|
27
27
|
connection_pool (2.2.5)
|
28
28
|
cool.io (1.7.1)
|
29
29
|
crack (0.4.5)
|
30
30
|
rexml
|
31
|
+
digest (3.1.0)
|
31
32
|
docile (1.4.0)
|
32
|
-
fluentd (1.
|
33
|
+
fluentd (1.15.1)
|
33
34
|
bundler
|
34
35
|
cool.io (>= 1.4.5, < 2.0.0)
|
35
36
|
http_parser.rb (>= 0.5.1, < 0.9.0)
|
36
37
|
msgpack (>= 1.3.1, < 2.0.0)
|
37
|
-
serverengine (>= 2.
|
38
|
+
serverengine (>= 2.3.0, < 3.0.0)
|
38
39
|
sigdump (~> 0.2.2)
|
39
40
|
strptime (>= 0.2.4, < 1.0.0)
|
40
41
|
tzinfo (>= 1.0, < 3.0)
|
@@ -44,8 +45,9 @@ GEM
|
|
44
45
|
hashdiff (1.0.1)
|
45
46
|
http_parser.rb (0.8.0)
|
46
47
|
httpclient (2.8.3)
|
47
|
-
i18n (1.
|
48
|
+
i18n (1.10.0)
|
48
49
|
concurrent-ruby (~> 1.0)
|
50
|
+
io-wait (0.2.1)
|
49
51
|
json-jwt (1.13.0)
|
50
52
|
activesupport (>= 4.2)
|
51
53
|
aes_key_wrap
|
@@ -54,10 +56,17 @@ GEM
|
|
54
56
|
mini_mime (>= 0.1.1)
|
55
57
|
mini_mime (1.1.2)
|
56
58
|
minitest (5.15.0)
|
57
|
-
msgpack (1.
|
59
|
+
msgpack (1.5.4)
|
58
60
|
multi_json (1.15.0)
|
59
|
-
net-http-persistent (
|
61
|
+
net-http-persistent (4.0.1)
|
60
62
|
connection_pool (~> 2.2)
|
63
|
+
net-protocol (0.1.2)
|
64
|
+
io-wait
|
65
|
+
timeout
|
66
|
+
net-smtp (0.3.1)
|
67
|
+
digest
|
68
|
+
net-protocol
|
69
|
+
timeout
|
61
70
|
openid_connect (1.1.8)
|
62
71
|
activemodel
|
63
72
|
attr_required (>= 1.0.0)
|
@@ -69,9 +78,9 @@ GEM
|
|
69
78
|
validate_url
|
70
79
|
webfinger (>= 1.0.1)
|
71
80
|
power_assert (2.0.1)
|
72
|
-
prometheus-client (
|
81
|
+
prometheus-client (4.0.0)
|
73
82
|
public_suffix (4.0.6)
|
74
|
-
rack (2.2.3)
|
83
|
+
rack (2.2.3.1)
|
75
84
|
rack-oauth2 (1.19.0)
|
76
85
|
activesupport
|
77
86
|
attr_required
|
@@ -80,7 +89,7 @@ GEM
|
|
80
89
|
rack (>= 2.1.0)
|
81
90
|
rake (13.0.6)
|
82
91
|
rexml (3.2.5)
|
83
|
-
serverengine (2.
|
92
|
+
serverengine (2.3.0)
|
84
93
|
sigdump (~> 0.2.2)
|
85
94
|
sigdump (0.2.4)
|
86
95
|
simplecov (0.21.2)
|
@@ -96,14 +105,15 @@ GEM
|
|
96
105
|
httpclient (>= 2.4)
|
97
106
|
test-unit (3.5.3)
|
98
107
|
power_assert
|
99
|
-
|
108
|
+
timeout (0.2.0)
|
109
|
+
tzinfo (2.0.5)
|
100
110
|
concurrent-ruby (~> 1.0)
|
101
|
-
tzinfo-data (1.
|
111
|
+
tzinfo-data (1.2022.2)
|
102
112
|
tzinfo (>= 1.0.0)
|
103
113
|
validate_email (0.1.6)
|
104
114
|
activemodel (>= 3.0)
|
105
115
|
mail (>= 2.2.5)
|
106
|
-
validate_url (1.0.
|
116
|
+
validate_url (1.0.15)
|
107
117
|
activemodel (>= 3.0.0)
|
108
118
|
public_suffix
|
109
119
|
webfinger (1.2.0)
|
@@ -114,7 +124,7 @@ GEM
|
|
114
124
|
crack (>= 0.3.2)
|
115
125
|
hashdiff
|
116
126
|
webrick (1.7.0)
|
117
|
-
yajl-ruby (1.4.
|
127
|
+
yajl-ruby (1.4.3)
|
118
128
|
|
119
129
|
PLATFORMS
|
120
130
|
ruby
|
@@ -123,10 +133,11 @@ DEPENDENCIES
|
|
123
133
|
bundler (~> 2.0)
|
124
134
|
fluent-plugin-splunk-hec!
|
125
135
|
minitest (~> 5.0)
|
136
|
+
net-smtp
|
126
137
|
rake (>= 12.0)
|
127
138
|
simplecov
|
128
139
|
test-unit (~> 3.0)
|
129
140
|
webmock (~> 3.5.0)
|
130
141
|
|
131
142
|
BUNDLED WITH
|
132
|
-
2.3.
|
143
|
+
2.3.20
|
data/README.md
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
# fluent-plugin-splunk-hec
|
2
2
|
|
3
3
|
[Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
|
4
|
-
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
4
|
+
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
5
5
|
2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
9
|
### RubyGems
|
10
|
-
```
|
10
|
+
```
|
11
11
|
$ gem install fluent-plugin-splunk-hec
|
12
12
|
```
|
13
13
|
### Bundler
|
@@ -157,7 +157,7 @@ This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_
|
|
157
157
|
|
158
158
|
#### protocol (enum) (optional)
|
159
159
|
|
160
|
-
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
160
|
+
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
161
161
|
set to `https` by default.
|
162
162
|
|
163
163
|
### hec_host (string) (required)
|
@@ -172,6 +172,10 @@ The port number for the HEC token or the HEC load balancer. The default value is
|
|
172
172
|
|
173
173
|
Identifier for the HEC token.
|
174
174
|
|
175
|
+
### hec_endpoint (string) (optional)
|
176
|
+
|
177
|
+
The HEC REST API endpoint to use. The default value is `services/collector`.
|
178
|
+
|
175
179
|
### metrics_from_event (bool) (optional)
|
176
180
|
|
177
181
|
When `data_type` is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics. The default value is `true`.
|
@@ -194,31 +198,31 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the
|
|
194
198
|
|
195
199
|
### Parameters for `splunk_ingest_api`
|
196
200
|
|
197
|
-
### service_client_identifier: (optional) (string)
|
201
|
+
### service_client_identifier: (optional) (string)
|
198
202
|
|
199
203
|
Splunk uses the client identifier to make authorized requests to the ingest API.
|
200
204
|
|
201
|
-
### service_client_secret_key: (string)
|
205
|
+
### service_client_secret_key: (string)
|
202
206
|
|
203
207
|
The client identifier uses this authorization to make requests to the ingest API.
|
204
208
|
|
205
|
-
### token_endpoint: (string)
|
209
|
+
### token_endpoint: (string)
|
206
210
|
|
207
211
|
This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
|
208
212
|
|
209
|
-
### ingest_api_host: (string)
|
213
|
+
### ingest_api_host: (string)
|
210
214
|
|
211
215
|
Indicates which url/hostname to use for requests to the ingest API.
|
212
216
|
|
213
|
-
### ingest_api_tenant: (string)
|
217
|
+
### ingest_api_tenant: (string)
|
214
218
|
|
215
219
|
Indicates which tenant Splunk should use for requests to the ingest API.
|
216
220
|
|
217
|
-
### ingest_api_events_endpoint: (string)
|
221
|
+
### ingest_api_events_endpoint: (string)
|
218
222
|
|
219
223
|
Indicates which endpoint to use for requests to the ingest API.
|
220
224
|
|
221
|
-
### debug_http: (bool)
|
225
|
+
### debug_http: (bool)
|
222
226
|
Set to True if you want to debug requests and responses to ingest API. Default is false.
|
223
227
|
|
224
228
|
### Parameters for both `splunk_hec` and `splunk_ingest_api`
|
@@ -330,7 +334,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
|
|
330
334
|
|
331
335
|
#### When `data_type` is `metric`
|
332
336
|
|
333
|
-
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
337
|
+
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
334
338
|
|
335
339
|
```
|
336
340
|
<match **>
|
@@ -381,7 +385,7 @@ Multiple `<format>` sections can be defined to use different formatters for diff
|
|
381
385
|
</format>
|
382
386
|
```
|
383
387
|
|
384
|
-
This example:
|
388
|
+
This example:
|
385
389
|
- Formats events with tags that start with `sometag.` with the `single_value` formatter
|
386
390
|
- Formats events with tags `some.othertag` with the `csv` formatter
|
387
391
|
- Formats all other events with the `json` formatter (the default formatter)
|
@@ -398,9 +402,10 @@ The following parameters can be used for tuning HTTP connections:
|
|
398
402
|
|
399
403
|
#### idle_timeout (integer)
|
400
404
|
|
401
|
-
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
405
|
+
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
402
406
|
|
403
407
|
#### read_timeout (integer)
|
408
|
+
|
404
409
|
The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout.
|
405
410
|
|
406
411
|
#### open_timeout (integer)
|
@@ -421,11 +426,11 @@ The private key for this client.
|
|
421
426
|
|
422
427
|
#### ca_file (string)
|
423
428
|
|
424
|
-
The path to a file containing
|
429
|
+
The path to a file containing CA cerificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the `ssl_insecure` option.
|
425
430
|
|
426
431
|
#### ca_path (string)
|
427
432
|
|
428
|
-
The path to a directory containing CA certificates in PEM format.
|
433
|
+
The path to a directory containing CA certificates in PEM format. The plugin will verify the TLS server certificate presented by Splunk against the certificates in this file, unless verification is disabled by the `ssl_insecure` option.
|
429
434
|
|
430
435
|
#### ciphers (array)
|
431
436
|
|
@@ -433,15 +438,15 @@ List of SSl ciphers allowed.
|
|
433
438
|
|
434
439
|
#### insecure_ssl (bool)
|
435
440
|
|
436
|
-
Specifies whether an insecure SSL connection is allowed. If set to false,
|
441
|
+
Specifies whether an insecure SSL connection is allowed. If set to `false` (the default), the plugin will verify the TLS server certificate presented by Splunk against the CA certificates provided by the `ca_file`/`ca_path` options, and reject the certificate if if verification fails.
|
437
442
|
|
438
443
|
#### require_ssl_min_version (bool)
|
439
444
|
|
440
|
-
When set to true,
|
445
|
+
When set to `true` (the default), the plugin will require TLSv1.1 or later for its connection to Splunk.
|
441
446
|
|
442
447
|
#### consume_chunk_on_4xx_errors (bool)
|
443
448
|
|
444
|
-
Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false
|
449
|
+
Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to `false`, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
|
445
450
|
|
446
451
|
## About Buffer
|
447
452
|
|
@@ -456,4 +461,4 @@ Here are some hints:
|
|
456
461
|
|
457
462
|
## License
|
458
463
|
|
459
|
-
Please see [LICENSE](LICENSE).
|
464
|
+
Please see [LICENSE](LICENSE).
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.3.0
|
@@ -33,9 +33,9 @@ Gem::Specification.new do |spec|
|
|
33
33
|
|
34
34
|
spec.required_ruby_version = '>= 2.3.0'
|
35
35
|
|
36
|
-
spec.add_runtime_dependency 'fluentd', '>= 1.
|
36
|
+
spec.add_runtime_dependency 'fluentd', '>= 1.5'
|
37
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
38
|
-
spec.add_runtime_dependency 'net-http-persistent', '~>
|
38
|
+
spec.add_runtime_dependency 'net-http-persistent', '~> 4.0'
|
39
39
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
40
40
|
spec.add_runtime_dependency 'prometheus-client', '>= 2.1.0'
|
41
41
|
|
@@ -9,6 +9,7 @@ require 'fluent/plugin/out_splunk'
|
|
9
9
|
require 'openssl'
|
10
10
|
require 'multi_json'
|
11
11
|
require 'net/http/persistent'
|
12
|
+
require 'zlib'
|
12
13
|
|
13
14
|
module Fluent::Plugin
|
14
15
|
class SplunkHecOutput < SplunkOutput
|
@@ -36,6 +37,9 @@ module Fluent::Plugin
|
|
36
37
|
desc 'The port number to HEC, or HEC load balancer.'
|
37
38
|
config_param :hec_port, :integer, default: 8088
|
38
39
|
|
40
|
+
desc 'HEC REST API endpoint to use'
|
41
|
+
config_param :hec_endpoint, :string, default: 'services/collector'
|
42
|
+
|
39
43
|
desc 'Full url to connect tosplunk. Example: https://mydomain.com:8088/apps/splunk'
|
40
44
|
config_param :full_url, :string, default: ''
|
41
45
|
|
@@ -93,6 +97,9 @@ module Fluent::Plugin
|
|
93
97
|
desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
|
94
98
|
config_param :keep_keys, :bool, default: false
|
95
99
|
|
100
|
+
desc 'Indicates if GZIP Compression is enabled.'
|
101
|
+
config_param :gzip_compression, :bool, default: false
|
102
|
+
|
96
103
|
desc 'App name'
|
97
104
|
config_param :app_name, :string, default: "hec_plugin_gem"
|
98
105
|
|
@@ -166,8 +173,8 @@ module Fluent::Plugin
|
|
166
173
|
end
|
167
174
|
|
168
175
|
def shutdown
|
176
|
+
@conn.shutdown if not @conn.nil?
|
169
177
|
super
|
170
|
-
@conn.shutdown
|
171
178
|
end
|
172
179
|
|
173
180
|
def format(tag, time, record)
|
@@ -287,9 +294,9 @@ module Fluent::Plugin
|
|
287
294
|
|
288
295
|
def construct_api
|
289
296
|
if @full_url.empty?
|
290
|
-
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/
|
297
|
+
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/#{@hec_endpoint.delete_prefix("/")}")
|
291
298
|
else
|
292
|
-
URI("#{@full_url.delete_suffix("/")}/
|
299
|
+
URI("#{@full_url.delete_suffix("/")}/#{@hec_endpoint.delete_prefix("/")}")
|
293
300
|
end
|
294
301
|
rescue StandardError
|
295
302
|
if @full_url.empty?
|
@@ -318,13 +325,20 @@ module Fluent::Plugin
|
|
318
325
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
319
326
|
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
320
327
|
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
321
|
-
|
322
328
|
end
|
323
329
|
end
|
324
330
|
|
325
331
|
def write_to_splunk(chunk)
|
326
332
|
post = Net::HTTP::Post.new @api.request_uri
|
327
|
-
|
333
|
+
if @gzip_compression
|
334
|
+
post.add_field("Content-Encoding", "gzip")
|
335
|
+
gzip_stream = Zlib::GzipWriter.new StringIO.new
|
336
|
+
gzip_stream << chunk.read
|
337
|
+
post.body = gzip_stream.close.string
|
338
|
+
else
|
339
|
+
post.body = chunk.read
|
340
|
+
end
|
341
|
+
|
328
342
|
log.debug { "[Sending] Chunk: #{dump_unique_id_hex(chunk.unique_id)}(#{post.body.bytesize}B)." }
|
329
343
|
log.trace { "POST #{@api} body=#{post.body}" }
|
330
344
|
begin
|
@@ -60,6 +60,12 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
60
60
|
it 'should consume chunks on 4xx errors' do
|
61
61
|
expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
|
62
62
|
end
|
63
|
+
it 'should default gzip off' do
|
64
|
+
expect(create_hec_output_driver('hec_host hec_token').instance.gzip_compression).must_equal false
|
65
|
+
end
|
66
|
+
it 'should support enabling gzip' do
|
67
|
+
expect(create_hec_output_driver('hec_host hec_token', 'gzip_compression true').instance.gzip_compression).must_equal true
|
68
|
+
end
|
63
69
|
end
|
64
70
|
|
65
71
|
describe 'hec_host validation' do
|
@@ -357,6 +363,15 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
357
363
|
end
|
358
364
|
end
|
359
365
|
|
366
|
+
describe 'gzip encoding' do
|
367
|
+
it 'should include gzip header when enabled' do
|
368
|
+
metrics = [
|
369
|
+
['tag', event_time, { 'cup': 0.5, 'memory': 100 }]
|
370
|
+
]
|
371
|
+
with_stub_hec_gzip(events: metrics, conf: 'data_type metric')
|
372
|
+
end
|
373
|
+
end
|
374
|
+
|
360
375
|
def with_stub_hec(events:, conf: '')
|
361
376
|
host = 'hec.splunk.com'
|
362
377
|
@driver = create_hec_output_driver("hec_host #{host}", conf)
|
@@ -372,6 +387,21 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
372
387
|
hec_req
|
373
388
|
end
|
374
389
|
|
390
|
+
def with_stub_hec_gzip(events:, conf: '')
|
391
|
+
host = 'hec.splunk.com'
|
392
|
+
@driver = create_hec_output_driver("hec_host #{host}", 'gzip_compression true', conf)
|
393
|
+
|
394
|
+
hec_req = stub_hec_gzip_request("https://#{host}:8088").with do |r|
|
395
|
+
yield r.body.split(/(?={)\s*(?<=})/).map { |item| JSON.load item }
|
396
|
+
end
|
397
|
+
|
398
|
+
@driver.run do
|
399
|
+
events.each { |evt| @driver.feed *evt }
|
400
|
+
end
|
401
|
+
|
402
|
+
hec_req
|
403
|
+
end
|
404
|
+
|
375
405
|
def verify_sent_events(conf = '', &blk)
|
376
406
|
event = {
|
377
407
|
'log' => 'everything is good',
|
data/test/test_helper.rb
CHANGED
@@ -42,4 +42,15 @@ module PluginTestHelper
|
|
42
42
|
'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}" })
|
43
43
|
.to_return(body: '{"text":"Success","code":0}')
|
44
44
|
end
|
45
|
+
|
46
|
+
def stub_hec_gzip_request(endpoint)
|
47
|
+
stub_request(:post, "#{endpoint}/services/collector")
|
48
|
+
.with(headers: {
|
49
|
+
'Authorization' => "Splunk #{TEST_HEC_TOKEN}",
|
50
|
+
'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}",
|
51
|
+
'Content-Encoding' => "gzip"
|
52
|
+
},
|
53
|
+
)
|
54
|
+
.to_return(body: '{"text":"GzipSuccess","code":0}')
|
55
|
+
end
|
45
56
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-08-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.5'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.5'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: multi_json
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '4.0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '4.0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: openid_connect
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -221,13 +221,13 @@ signing_key:
|
|
221
221
|
specification_version: 4
|
222
222
|
summary: Fluentd plugin for Splunk HEC.
|
223
223
|
test_files:
|
224
|
-
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
225
|
-
- test/fluent/plugin/out_splunk_hec_test.rb
|
226
224
|
- test/test_helper.rb
|
227
225
|
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
228
|
-
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
229
226
|
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
230
227
|
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
231
228
|
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
232
|
-
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
233
229
|
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
230
|
+
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
231
|
+
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
232
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|
233
|
+
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|