fluent-plugin-splunk-hec 1.2.13 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile +1 -0
- data/Gemfile.lock +47 -24
- data/README.md +3 -0
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +4 -1
- data/lib/fluent/plugin/out_splunk_hec.rb +13 -2
- data/test/fluent/plugin/out_splunk_hec_test.rb +30 -0
- data/test/test_helper.rb +11 -0
- metadata +37 -9
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6a8a63dd4210f66f194a029bceed3d3c407aaa3fb764b69961fc01efcb801d9e
|
4
|
+
data.tar.gz: 8aab1ee69dd9c4cdcc2422da2720db89987c270b0acf4bcd01b97a908cf14763
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 4fe2f5eb7e22e8e9914754507add8d06df80be96b8fe8d2d57ce295730f77d948c16dde1bda4199ac63f2ab8798027841ec694c99113558405ad49d9000b50ab
|
7
|
+
data.tar.gz: f2e69d508a72eb1f1e306e66f1defa6572e636f148e314c9cd26fee1d7f3c2b5dd437e65c41c5e7e6ee2a77e0f0aeb341d5d849ab60313ae3fefba096ce8a1d5
|
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
@@ -1,19 +1,21 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.
|
5
|
-
fluentd (>= 1.
|
4
|
+
fluent-plugin-splunk-hec (1.3.1)
|
5
|
+
fluentd (>= 1.5)
|
6
|
+
json-jwt (~> 1.15.0)
|
6
7
|
multi_json (~> 1.13)
|
7
8
|
net-http-persistent (~> 4.0)
|
8
9
|
openid_connect (~> 1.1.8)
|
9
10
|
prometheus-client (>= 2.1.0)
|
11
|
+
rack-oauth2 (~> 1.19)
|
10
12
|
|
11
13
|
GEM
|
12
14
|
remote: https://rubygems.org/
|
13
15
|
specs:
|
14
|
-
activemodel (7.0.
|
15
|
-
activesupport (= 7.0.
|
16
|
-
activesupport (7.0.
|
16
|
+
activemodel (7.0.4)
|
17
|
+
activesupport (= 7.0.4)
|
18
|
+
activesupport (7.0.4)
|
17
19
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
18
20
|
i18n (>= 1.6, < 2)
|
19
21
|
minitest (>= 5.1)
|
@@ -22,19 +24,26 @@ GEM
|
|
22
24
|
public_suffix (>= 2.0.2, < 5.0)
|
23
25
|
aes_key_wrap (1.1.0)
|
24
26
|
attr_required (1.0.1)
|
25
|
-
bindata (2.4.
|
27
|
+
bindata (2.4.14)
|
26
28
|
concurrent-ruby (1.1.10)
|
27
|
-
connection_pool (2.
|
29
|
+
connection_pool (2.3.0)
|
28
30
|
cool.io (1.7.1)
|
29
31
|
crack (0.4.5)
|
30
32
|
rexml
|
33
|
+
digest (3.1.0)
|
31
34
|
docile (1.4.0)
|
32
|
-
|
35
|
+
faraday (2.7.1)
|
36
|
+
faraday-net_http (>= 2.0, < 3.1)
|
37
|
+
ruby2_keywords (>= 0.0.4)
|
38
|
+
faraday-follow_redirects (0.3.0)
|
39
|
+
faraday (>= 1, < 3)
|
40
|
+
faraday-net_http (3.0.2)
|
41
|
+
fluentd (1.15.3)
|
33
42
|
bundler
|
34
43
|
cool.io (>= 1.4.5, < 2.0.0)
|
35
44
|
http_parser.rb (>= 0.5.1, < 0.9.0)
|
36
45
|
msgpack (>= 1.3.1, < 2.0.0)
|
37
|
-
serverengine (>= 2.
|
46
|
+
serverengine (>= 2.3.0, < 3.0.0)
|
38
47
|
sigdump (~> 0.2.2)
|
39
48
|
strptime (>= 0.2.4, < 1.0.0)
|
40
49
|
tzinfo (>= 1.0, < 3.0)
|
@@ -44,20 +53,29 @@ GEM
|
|
44
53
|
hashdiff (1.0.1)
|
45
54
|
http_parser.rb (0.8.0)
|
46
55
|
httpclient (2.8.3)
|
47
|
-
i18n (1.
|
56
|
+
i18n (1.12.0)
|
48
57
|
concurrent-ruby (~> 1.0)
|
49
|
-
|
58
|
+
io-wait (0.2.1)
|
59
|
+
json-jwt (1.15.3)
|
50
60
|
activesupport (>= 4.2)
|
51
61
|
aes_key_wrap
|
52
62
|
bindata
|
63
|
+
httpclient
|
53
64
|
mail (2.7.1)
|
54
65
|
mini_mime (>= 0.1.1)
|
55
66
|
mini_mime (1.1.2)
|
56
67
|
minitest (5.15.0)
|
57
|
-
msgpack (1.
|
68
|
+
msgpack (1.6.0)
|
58
69
|
multi_json (1.15.0)
|
59
70
|
net-http-persistent (4.0.1)
|
60
71
|
connection_pool (~> 2.2)
|
72
|
+
net-protocol (0.1.2)
|
73
|
+
io-wait
|
74
|
+
timeout
|
75
|
+
net-smtp (0.3.1)
|
76
|
+
digest
|
77
|
+
net-protocol
|
78
|
+
timeout
|
61
79
|
openid_connect (1.1.8)
|
62
80
|
activemodel
|
63
81
|
attr_required (>= 1.0.0)
|
@@ -71,8 +89,8 @@ GEM
|
|
71
89
|
power_assert (2.0.1)
|
72
90
|
prometheus-client (4.0.0)
|
73
91
|
public_suffix (4.0.6)
|
74
|
-
rack (
|
75
|
-
rack-oauth2 (1.
|
92
|
+
rack (3.0.1)
|
93
|
+
rack-oauth2 (1.21.2)
|
76
94
|
activesupport
|
77
95
|
attr_required
|
78
96
|
httpclient
|
@@ -80,7 +98,8 @@ GEM
|
|
80
98
|
rack (>= 2.1.0)
|
81
99
|
rake (13.0.6)
|
82
100
|
rexml (3.2.5)
|
83
|
-
|
101
|
+
ruby2_keywords (0.0.5)
|
102
|
+
serverengine (2.3.0)
|
84
103
|
sigdump (~> 0.2.2)
|
85
104
|
sigdump (0.2.4)
|
86
105
|
simplecov (0.21.2)
|
@@ -90,31 +109,34 @@ GEM
|
|
90
109
|
simplecov-html (0.12.3)
|
91
110
|
simplecov_json_formatter (0.1.3)
|
92
111
|
strptime (0.2.5)
|
93
|
-
swd (
|
112
|
+
swd (2.0.2)
|
94
113
|
activesupport (>= 3)
|
95
114
|
attr_required (>= 0.0.5)
|
96
|
-
|
115
|
+
faraday (~> 2.0)
|
116
|
+
faraday-follow_redirects
|
97
117
|
test-unit (3.5.3)
|
98
118
|
power_assert
|
99
|
-
|
119
|
+
timeout (0.2.0)
|
120
|
+
tzinfo (2.0.5)
|
100
121
|
concurrent-ruby (~> 1.0)
|
101
|
-
tzinfo-data (1.2022.
|
122
|
+
tzinfo-data (1.2022.6)
|
102
123
|
tzinfo (>= 1.0.0)
|
103
124
|
validate_email (0.1.6)
|
104
125
|
activemodel (>= 3.0)
|
105
126
|
mail (>= 2.2.5)
|
106
|
-
validate_url (1.0.
|
127
|
+
validate_url (1.0.15)
|
107
128
|
activemodel (>= 3.0.0)
|
108
129
|
public_suffix
|
109
|
-
webfinger (1.2
|
130
|
+
webfinger (2.1.2)
|
110
131
|
activesupport
|
111
|
-
|
132
|
+
faraday (~> 2.0)
|
133
|
+
faraday-follow_redirects
|
112
134
|
webmock (3.5.1)
|
113
135
|
addressable (>= 2.3.6)
|
114
136
|
crack (>= 0.3.2)
|
115
137
|
hashdiff
|
116
138
|
webrick (1.7.0)
|
117
|
-
yajl-ruby (1.4.
|
139
|
+
yajl-ruby (1.4.3)
|
118
140
|
|
119
141
|
PLATFORMS
|
120
142
|
ruby
|
@@ -123,10 +145,11 @@ DEPENDENCIES
|
|
123
145
|
bundler (~> 2.0)
|
124
146
|
fluent-plugin-splunk-hec!
|
125
147
|
minitest (~> 5.0)
|
148
|
+
net-smtp
|
126
149
|
rake (>= 12.0)
|
127
150
|
simplecov
|
128
151
|
test-unit (~> 3.0)
|
129
152
|
webmock (~> 3.5.0)
|
130
153
|
|
131
154
|
BUNDLED WITH
|
132
|
-
2.3.
|
155
|
+
2.3.26
|
data/README.md
CHANGED
@@ -400,6 +400,9 @@ Specifies which formatter to use.
|
|
400
400
|
|
401
401
|
The following parameters can be used for tuning HTTP connections:
|
402
402
|
|
403
|
+
#### gzip_compression (boolean)
|
404
|
+
Whether to use gzip compression on outbound posts. This parameter is set to `false` by default for backwards compatibility.
|
405
|
+
|
403
406
|
#### idle_timeout (integer)
|
404
407
|
|
405
408
|
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.3.1
|
@@ -33,11 +33,14 @@ Gem::Specification.new do |spec|
|
|
33
33
|
|
34
34
|
spec.required_ruby_version = '>= 2.3.0'
|
35
35
|
|
36
|
-
spec.add_runtime_dependency 'fluentd', '>= 1.
|
36
|
+
spec.add_runtime_dependency 'fluentd', '>= 1.5'
|
37
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
38
38
|
spec.add_runtime_dependency 'net-http-persistent', '~> 4.0'
|
39
39
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
40
40
|
spec.add_runtime_dependency 'prometheus-client', '>= 2.1.0'
|
41
|
+
spec.add_runtime_dependency 'json-jwt', '~> 1.15.0'
|
42
|
+
spec.add_runtime_dependency 'rack-oauth2', '~> 1.19'
|
43
|
+
|
41
44
|
|
42
45
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
43
46
|
spec.add_development_dependency 'rake', '>= 12.0'
|
@@ -9,6 +9,7 @@ require 'fluent/plugin/out_splunk'
|
|
9
9
|
require 'openssl'
|
10
10
|
require 'multi_json'
|
11
11
|
require 'net/http/persistent'
|
12
|
+
require 'zlib'
|
12
13
|
|
13
14
|
module Fluent::Plugin
|
14
15
|
class SplunkHecOutput < SplunkOutput
|
@@ -96,6 +97,9 @@ module Fluent::Plugin
|
|
96
97
|
desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
|
97
98
|
config_param :keep_keys, :bool, default: false
|
98
99
|
|
100
|
+
desc 'Indicates if GZIP Compression is enabled.'
|
101
|
+
config_param :gzip_compression, :bool, default: false
|
102
|
+
|
99
103
|
desc 'App name'
|
100
104
|
config_param :app_name, :string, default: "hec_plugin_gem"
|
101
105
|
|
@@ -321,13 +325,20 @@ module Fluent::Plugin
|
|
321
325
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
322
326
|
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
323
327
|
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
324
|
-
|
325
328
|
end
|
326
329
|
end
|
327
330
|
|
328
331
|
def write_to_splunk(chunk)
|
329
332
|
post = Net::HTTP::Post.new @api.request_uri
|
330
|
-
|
333
|
+
if @gzip_compression
|
334
|
+
post.add_field("Content-Encoding", "gzip")
|
335
|
+
gzip_stream = Zlib::GzipWriter.new StringIO.new
|
336
|
+
gzip_stream << chunk.read
|
337
|
+
post.body = gzip_stream.close.string
|
338
|
+
else
|
339
|
+
post.body = chunk.read
|
340
|
+
end
|
341
|
+
|
331
342
|
log.debug { "[Sending] Chunk: #{dump_unique_id_hex(chunk.unique_id)}(#{post.body.bytesize}B)." }
|
332
343
|
log.trace { "POST #{@api} body=#{post.body}" }
|
333
344
|
begin
|
@@ -60,6 +60,12 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
60
60
|
it 'should consume chunks on 4xx errors' do
|
61
61
|
expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
|
62
62
|
end
|
63
|
+
it 'should default gzip off' do
|
64
|
+
expect(create_hec_output_driver('hec_host hec_token').instance.gzip_compression).must_equal false
|
65
|
+
end
|
66
|
+
it 'should support enabling gzip' do
|
67
|
+
expect(create_hec_output_driver('hec_host hec_token', 'gzip_compression true').instance.gzip_compression).must_equal true
|
68
|
+
end
|
63
69
|
end
|
64
70
|
|
65
71
|
describe 'hec_host validation' do
|
@@ -357,6 +363,15 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
357
363
|
end
|
358
364
|
end
|
359
365
|
|
366
|
+
describe 'gzip encoding' do
|
367
|
+
it 'should include gzip header when enabled' do
|
368
|
+
metrics = [
|
369
|
+
['tag', event_time, { 'cup': 0.5, 'memory': 100 }]
|
370
|
+
]
|
371
|
+
with_stub_hec_gzip(events: metrics, conf: 'data_type metric')
|
372
|
+
end
|
373
|
+
end
|
374
|
+
|
360
375
|
def with_stub_hec(events:, conf: '')
|
361
376
|
host = 'hec.splunk.com'
|
362
377
|
@driver = create_hec_output_driver("hec_host #{host}", conf)
|
@@ -372,6 +387,21 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
372
387
|
hec_req
|
373
388
|
end
|
374
389
|
|
390
|
+
def with_stub_hec_gzip(events:, conf: '')
|
391
|
+
host = 'hec.splunk.com'
|
392
|
+
@driver = create_hec_output_driver("hec_host #{host}", 'gzip_compression true', conf)
|
393
|
+
|
394
|
+
hec_req = stub_hec_gzip_request("https://#{host}:8088").with do |r|
|
395
|
+
yield r.body.split(/(?={)\s*(?<=})/).map { |item| JSON.load item }
|
396
|
+
end
|
397
|
+
|
398
|
+
@driver.run do
|
399
|
+
events.each { |evt| @driver.feed *evt }
|
400
|
+
end
|
401
|
+
|
402
|
+
hec_req
|
403
|
+
end
|
404
|
+
|
375
405
|
def verify_sent_events(conf = '', &blk)
|
376
406
|
event = {
|
377
407
|
'log' => 'everything is good',
|
data/test/test_helper.rb
CHANGED
@@ -42,4 +42,15 @@ module PluginTestHelper
|
|
42
42
|
'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}" })
|
43
43
|
.to_return(body: '{"text":"Success","code":0}')
|
44
44
|
end
|
45
|
+
|
46
|
+
def stub_hec_gzip_request(endpoint)
|
47
|
+
stub_request(:post, "#{endpoint}/services/collector")
|
48
|
+
.with(headers: {
|
49
|
+
'Authorization' => "Splunk #{TEST_HEC_TOKEN}",
|
50
|
+
'User-Agent' => "fluent-plugin-splunk_hec_out/#{Fluent::Plugin::SplunkHecOutput::VERSION}",
|
51
|
+
'Content-Encoding' => "gzip"
|
52
|
+
},
|
53
|
+
)
|
54
|
+
.to_return(body: '{"text":"GzipSuccess","code":0}')
|
55
|
+
end
|
45
56
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.3.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-11-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: '1.
|
19
|
+
version: '1.5'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: '1.
|
26
|
+
version: '1.5'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: multi_json
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -80,6 +80,34 @@ dependencies:
|
|
80
80
|
- - ">="
|
81
81
|
- !ruby/object:Gem::Version
|
82
82
|
version: 2.1.0
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: json-jwt
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: 1.15.0
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: 1.15.0
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: rack-oauth2
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.19'
|
104
|
+
type: :runtime
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.19'
|
83
111
|
- !ruby/object:Gem::Dependency
|
84
112
|
name: bundler
|
85
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -221,13 +249,13 @@ signing_key:
|
|
221
249
|
specification_version: 4
|
222
250
|
summary: Fluentd plugin for Splunk HEC.
|
223
251
|
test_files:
|
224
|
-
- test/lib/webmock/http_lib_adapters/
|
252
|
+
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
253
|
+
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
225
254
|
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
226
|
-
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
227
255
|
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
228
|
-
- test/lib/webmock/http_lib_adapters/
|
256
|
+
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
229
257
|
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
230
|
-
- test/lib/webmock/http_lib_adapters/
|
258
|
+
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
231
259
|
- test/test_helper.rb
|
232
|
-
- test/fluent/plugin/out_splunk_hec_test.rb
|
233
260
|
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
261
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|