fluent-plugin-splunk-hec 1.2.4 → 1.2.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 057e56b761d497efa241a04003ffabe88f22c52f04eb7388538044c829548736
-  data.tar.gz: 50a5bcbed257411be793337e52ce45b49c723782134b4ff9000e74af28c59965
+  metadata.gz: 3404443a78707ec84c807cc959de100eefec4c7144f76b4587fa4c02580d300d
+  data.tar.gz: '098eb708f6093e40c59aa597c7f185403f9fb195c03758a726ebd8bcc2fc4468'
 SHA512:
-  metadata.gz: e036e50f81d0f607145b57111031fcee43072915c4619c98d33126df237e3c4afbfde859d7babfd94bdddc849c09d881d0383fc7863688f4db7f0f2e8c5e7cfd
-  data.tar.gz: 78246497f0735f9b54d80cce7b19831d75c623c31a90adfd8a717dc4a9a347f9b2288202566532d89c5b0526c2b04e1e34041fdce5e0de9cc790ac8d67b27a02
+  metadata.gz: b7dc521fe94e36ae9e4df51f5a32c936615228a164f76ec9391bd72033aa06d35e8292d8cc95b6025cf880943e56f48c2bebbbc5a9e606e219972528a464c9a3
+  data.tar.gz: 4d6ae8221544453debf6e0dbf1ecbdb9a0774f36ae3d1e4715781ca078a2c0d3ebd2870455ffcd75bdb292d1634a8e71d6034f620c69638d51372f010cac4d46

data/Gemfile.lock

@@ -1,62 +1,62 @@
 PATH
   remote: .
   specs:
-    fluent-plugin-splunk-hec (1.2.4)
+    fluent-plugin-splunk-hec (1.2.8)
       fluentd (>= 1.4)
       multi_json (~> 1.13)
       net-http-persistent (~> 3.1)
       openid_connect (~> 1.1.8)
-      prometheus-client (< 0.10.0)
+      prometheus-client (>= 2.1.0)
 
 GEM
   remote: https://rubygems.org/
   specs:
-    activemodel (5.2.4.3)
-      activesupport (= 5.2.4.3)
-    activesupport (5.2.4.3)
+    activemodel (6.1.4.1)
+      activesupport (= 6.1.4.1)
+    activesupport (6.1.4.1)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (>= 0.7, < 2)
-      minitest (~> 5.1)
-      tzinfo (~> 1.1)
-    addressable (2.7.0)
+      i18n (>= 1.6, < 2)
+      minitest (>= 5.1)
+      tzinfo (~> 2.0)
+      zeitwerk (~> 2.3)
+    addressable (2.8.0)
       public_suffix (>= 2.0.2, < 5.0)
-    aes_key_wrap (1.0.1)
-    ast (2.4.0)
+    aes_key_wrap (1.1.0)
     attr_required (1.0.1)
-    bindata (2.4.4)
-    concurrent-ruby (1.1.6)
-    connection_pool (2.2.2)
-    cool.io (1.6.0)
-    crack (0.4.3)
-      safe_yaml (~> 1.0.0)
-    docile (1.3.2)
-    fluentd (1.9.2)
+    bindata (2.4.10)
+    concurrent-ruby (1.1.9)
+    connection_pool (2.2.5)
+    cool.io (1.7.1)
+    crack (0.4.5)
+      rexml
+    docile (1.4.0)
+    fluentd (1.14.2)
+      bundler
       cool.io (>= 1.4.5, < 2.0.0)
-      http_parser.rb (>= 0.5.1, < 0.7.0)
+      http_parser.rb (>= 0.5.1, < 0.8.0)
       msgpack (>= 1.3.1, < 2.0.0)
-      serverengine (>= 2.0.4, < 3.0.0)
+      serverengine (>= 2.2.2, < 3.0.0)
       sigdump (~> 0.2.2)
-      strptime (>= 0.2.2, < 1.0.0)
+      strptime (>= 0.2.4, < 1.0.0)
       tzinfo (>= 1.0, < 3.0)
       tzinfo-data (~> 1.0)
+      webrick (>= 1.4.2, < 1.8.0)
       yajl-ruby (~> 1.0)
-    hashdiff (1.0.0)
-    http_parser.rb (0.5.3)
+    hashdiff (1.0.1)
+    http_parser.rb (0.7.0)
     httpclient (2.8.3)
-    i18n (1.8.2)
+    i18n (1.8.11)
       concurrent-ruby (~> 1.0)
-    jaro_winkler (1.5.4)
-    json (2.3.0)
-    json-jwt (1.11.0)
+    json-jwt (1.13.0)
       activesupport (>= 4.2)
       aes_key_wrap
       bindata
     mail (2.7.1)
       mini_mime (>= 0.1.1)
-    mini_mime (1.0.2)
-    minitest (5.14.0)
-    msgpack (1.3.3)
-    multi_json (1.14.1)
+    mini_mime (1.1.2)
+    minitest (5.14.4)
+    msgpack (1.4.2)
+    multi_json (1.15.0)
     net-http-persistent (3.1.0)
       connection_pool (~> 2.2)
     openid_connect (1.1.8)
@@ -69,69 +69,54 @@ GEM
       validate_email
       validate_url
       webfinger (>= 1.0.1)
-    parallel (1.19.1)
-    parser (2.7.0.2)
-      ast (~> 2.4.0)
-    power_assert (1.1.5)
-    powerpack (0.1.2)
-    prometheus-client (0.9.0)
-      quantile (~> 0.2.1)
-    public_suffix (4.0.3)
-    quantile (0.2.1)
+    power_assert (2.0.1)
+    prometheus-client (2.1.0)
+    public_suffix (4.0.6)
     rack (2.2.3)
-    rack-oauth2 (1.10.1)
+    rack-oauth2 (1.19.0)
       activesupport
       attr_required
       httpclient
       json-jwt (>= 1.11.0)
-      rack
-    rainbow (3.0.0)
-    rake (12.3.3)
-    rubocop (0.63.1)
-      jaro_winkler (~> 1.5.1)
-      parallel (~> 1.10)
-      parser (>= 2.5, != 2.5.1.1)
-      powerpack (~> 0.1)
-      rainbow (>= 2.2.2, < 4.0)
-      ruby-progressbar (~> 1.7)
-      unicode-display_width (~> 1.4.0)
-    ruby-progressbar (1.10.1)
-    safe_yaml (1.0.5)
-    serverengine (2.2.1)
+      rack (>= 2.1.0)
+    rake (13.0.6)
+    rexml (3.2.5)
+    serverengine (2.2.4)
       sigdump (~> 0.2.2)
     sigdump (0.2.4)
-    simplecov (0.16.1)
+    simplecov (0.21.2)
       docile (~> 1.1)
-      json (>= 1.8, < 3)
-      simplecov-html (~> 0.10.0)
-    simplecov-html (0.10.2)
-    strptime (0.2.3)
-    swd (1.1.2)
+      simplecov-html (~> 0.11)
+      simplecov_json_formatter (~> 0.1)
+    simplecov-html (0.12.3)
+    simplecov_json_formatter (0.1.3)
+    strptime (0.2.5)
+    swd (1.3.0)
       activesupport (>= 3)
       attr_required (>= 0.0.5)
       httpclient (>= 2.4)
-    test-unit (3.3.5)
+    test-unit (3.5.0)
       power_assert
-    thread_safe (0.3.6)
-    tzinfo (1.2.6)
-      thread_safe (~> 0.1)
-    tzinfo-data (1.2019.3)
+    tzinfo (2.0.4)
+      concurrent-ruby (~> 1.0)
+    tzinfo-data (1.2021.5)
       tzinfo (>= 1.0.0)
-    unicode-display_width (1.4.1)
     validate_email (0.1.6)
       activemodel (>= 3.0)
       mail (>= 2.2.5)
-    validate_url (1.0.8)
+    validate_url (1.0.13)
       activemodel (>= 3.0.0)
       public_suffix
-    webfinger (1.1.0)
+    webfinger (1.2.0)
       activesupport
       httpclient (>= 2.4)
     webmock (3.5.1)
       addressable (>= 2.3.6)
       crack (>= 0.3.2)
       hashdiff
+    webrick (1.7.0)
     yajl-ruby (1.4.1)
+    zeitwerk (2.5.1)
 
 PLATFORMS
   ruby
@@ -141,10 +126,9 @@ DEPENDENCIES
   fluent-plugin-splunk-hec!
   minitest (~> 5.0)
   rake (>= 12.0)
-  rubocop (~> 0.63.1)
   simplecov
   test-unit (~> 3.0)
   webmock (~> 3.5.0)
 
 BUNDLED WITH
-   2.1.4
+   2.2.30

data/LICENSE

@@ -270,7 +270,6 @@ The following components are provided under the MIT License. See project link fo
     (MIT License) rake (https://github.com/ruby/rake/blob/master/MIT-LICENSE)
     (MIT License) recursive-open-struct (https://github.com/aetherknight/recursive-open-struct/blob/master/LICENSE.txt)
     (MIT License) rest-client (https://github.com/rest-client/rest-client/blob/master/LICENSE)
-    (MIT License) rubocop (https://github.com/rubocop-hq/rubocop/blob/master/LICENSE.txt)
     (MIT License) ruby-progressbar (https://github.com/jfelchner/ruby-progressbar/blob/master/LICENSE.txt)
     (MIT License) safe_yaml (https://github.com/dtao/safe_yaml/blob/master/LICENSE.txt)
     (MIT License) sigdump (https://github.com/frsyuki/sigdump/blob/master/LICENSE)

data/README.md

@@ -1,4 +1,3 @@
-[![CircleCI](https://circleci.com/gh/git-lfs/git-lfs.svg?style=shield&circle-token=856152c2b02bfd236f54d21e1f581f3e4ebf47ad)](https://circleci.com/gh/splunk/fluent-plugin-splunk-hec)
 # fluent-plugin-splunk-hec
 
 [Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
@@ -260,6 +259,10 @@ Cannot set both `source` and `source_key` parameters at the same time.
 
 Field name that contains the sourcetype. Cannot set both `source` and `source_key` parameters at the same time.
 
+### time_key (string) (optional)
+
+Field name to contain Splunk event time. By default will use fluentd\'d time.
+
 ### fields (init) (optional)
 
 Lets you specify the index-time fields for the event data type, or metric dimensions for the metric data type. Null value fields are removed.
@@ -293,7 +296,7 @@ In this case, parameters inside `<fields>` are used as indexed fields and remove
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -340,7 +343,7 @@ For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>`
   <fields>
     file
     level
-    app applicatioin
+    app application
   </fields>
 </match>
 ```
@@ -432,6 +435,14 @@ List of SSl ciphers allowed.
 
 Specifies whether an insecure SSL connection is allowed. If set to false, Splunk does not verify an insecure server certificate. This parameter is set to `false` by default. Ensure parameter `ca_file` is not configured in order to allow insecure SSL connections when this value is set to `true`.
 
+#### require_ssl_min_version (bool)
+
+When set to true, TLS version 1.1 and above is required.
+
+#### consume_chunk_on_4xx_errors (bool)
+
+Specifies whether any 4xx HTTP response status code consumes the buffer chunks. If set to false, Splunk will fail to flush the buffer on such status codes. This parameter is set to `true` by default for backwards compatibility.
+
 ## About Buffer
 
 This plugin sends events to HEC using [batch mode](https://docs.splunk.com/Documentation/Splunk/7.1.0/Data/FormateventsforHTTPEventCollector#Event_data).

data/Rakefile

@@ -2,9 +2,6 @@
 
 require 'bundler/gem_tasks'
 require 'rake/testtask'
-require 'rubocop/rake_task'
-
-RuboCop::RakeTask.new
 
 Rake::TestTask.new(:test) do |t|
   t.libs << 'test'

data/VERSION

@@ -1 +1 @@
-1.2.4
+1.2.8

data/fluent-plugin-splunk-hec.gemspec

@@ -37,13 +37,12 @@ Gem::Specification.new do |spec|
   spec.add_runtime_dependency 'multi_json', '~> 1.13'
   spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
   spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
-  spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
+  spec.add_runtime_dependency 'prometheus-client', '>= 2.1.0'
 
   spec.add_development_dependency 'bundler', '~> 2.0'
   spec.add_development_dependency 'rake', '>= 12.0'
   # required by fluent/test.rb
   spec.add_development_dependency 'minitest', '~> 5.0'
-  spec.add_development_dependency 'rubocop', '~> 0.63.1'
   spec.add_development_dependency 'simplecov', '~> 0.16.1'
   spec.add_development_dependency 'test-unit', '~> 3.0'
   spec.add_development_dependency 'webmock', '~> 3.5.0'

data/lib/fluent/plugin/out_splunk.rb

@@ -13,7 +13,7 @@ module Fluent::Plugin
     autoload :VERSION, 'fluent/plugin/out_splunk/version'
     autoload :MatchFormatter, 'fluent/plugin/out_splunk/match_formatter'
 
-    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value].freeze
+    KEY_FIELDS = %w[index host source sourcetype metric_name metric_value time].freeze
     TAG_PLACEHOLDER = '${tag}'
 
     desc 'The host field for events, by default it uses the hostname of the machine that runnning fluentd. This is exclusive with `host_key`.'
@@ -51,6 +51,9 @@ module Fluent::Plugin
       # this is blank on purpose
     end
 
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -97,11 +100,11 @@ module Fluent::Plugin
         write_to_splunk(chunk)
       end
 
-      @metrics[:record_counter].increment(metric_labels, chunk.size_of_events)
-      @metrics[:bytes_counter].increment(metric_labels, chunk.bytesize)
-      @metrics[:write_records_histogram].observe(metric_labels, chunk.size_of_events)
-      @metrics[:write_bytes_histogram].observe(metric_labels, chunk.bytesize)
-      @metrics[:write_latency_histogram].observe(metric_labels, t)
+      @metrics[:record_counter].increment(labels: metric_labels, by: chunk.size_of_events)
+      @metrics[:bytes_counter].increment(labels: metric_labels, by: chunk.bytesize)
+      @metrics[:write_records_histogram].observe(chunk.size_of_events, labels: metric_labels)
+      @metrics[:write_bytes_histogram].observe(chunk.bytesize, labels: metric_labels, )
+      @metrics[:write_latency_histogram].observe(t, labels: metric_labels, )
     end
 
     def write_to_splunk(_chunk)
@@ -150,13 +153,14 @@ module Fluent::Plugin
     def process_response(response, _request_body)
       log.trace { "[Response] POST #{@api}: #{response.inspect}" }
 
-      @metrics[:status_counter].increment(metric_labels(status: response.code.to_s))
+      @metrics[:status_counter].increment(labels: metric_labels(status: response.code.to_s))
+
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
 
       # raise Exception to utilize Fluentd output plugin retry mechanism
-      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if response.code.to_s.start_with?('5')
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       unless response.code.to_s.start_with?('2')
         log.error "#{self.class}: Failed POST to #{@api}, response: #{response.body}"
         log.error { "#{self.class}: Failed request body: #{post.body}" }
@@ -205,7 +209,7 @@ module Fluent::Plugin
       # This loop looks dump, but it is used to suppress the unused parameter configuration warning
       # Learned from `filter_record_transformer`.
       conf.elements.select { |element| element.name == 'fields' }.each do |element|
-        element.each_pair { |k, _v| element.key?(k) }
+        element.each_pair { |k, _v| element.has_key?(k) }
       end
 
       return unless @fields
@@ -231,28 +235,34 @@ module Fluent::Plugin
 
       @metrics = {
         record_counter: register_metric(::Prometheus::Client::Counter.new(
-                                          :splunk_output_write_records_count,
-                                          'The number of log records being sent'
+                                          :splunk_output_write_records_count, docstring:
+                                          'The number of log records being sent',
+                                          labels: metric_label_keys
                                         )),
         bytes_counter: register_metric(::Prometheus::Client::Counter.new(
-                                         :splunk_output_write_bytes_count,
-                                         'The number of log bytes being sent'
+                                         :splunk_output_write_bytes_count, docstring:
+                                         'The number of log bytes being sent',
+                                         labels: metric_label_keys
                                        )),
         status_counter: register_metric(::Prometheus::Client::Counter.new(
-                                          :splunk_output_write_status_count,
-                                          'The count of sends by response_code'
+                                          :splunk_output_write_status_count, docstring:
+                                          'The count of sends by response_code',
+                                          labels: metric_label_keys(status: "")
                                         )),
         write_bytes_histogram: register_metric(::Prometheus::Client::Histogram.new(
-                                                 :splunk_output_write_payload_bytes,
-                                                 'The size of the write payload in bytes', {}, [1024, 23_937, 47_875, 95_750, 191_500, 383_000, 766_000, 1_149_000]
+                                                 :splunk_output_write_payload_bytes, docstring:
+                                                 'The size of the write payload in bytes', buckets: [1024, 23_937, 47_875, 95_750, 191_500, 383_000, 766_000, 1_149_000],
+                                                 labels: metric_label_keys
                                                )),
         write_records_histogram: register_metric(::Prometheus::Client::Histogram.new(
-                                                   :splunk_output_write_payload_records,
-                                                   'The number of records written per write', {}, [1, 10, 25, 100, 200, 300, 500, 750, 1000, 1500]
+                                                   :splunk_output_write_payload_records, docstring:
+                                                   'The number of records written per write', buckets: [1, 10, 25, 100, 200, 300, 500, 750, 1000, 1500],
+                                                   labels: metric_label_keys
                                                  )),
         write_latency_histogram: register_metric(::Prometheus::Client::Histogram.new(
-                                                   :splunk_output_write_latency_seconds,
-                                                   'The latency of writes'
+                                                   :splunk_output_write_latency_seconds, docstring:
+                                                   'The latency of writes',
+                                                   labels: metric_label_keys
                                                  ))
       }
     end
@@ -262,6 +272,10 @@ module Fluent::Plugin
       @metric_labels.merge other_labels
     end
 
+    def metric_label_keys(other_labels = {})
+      (@metric_labels.merge other_labels).keys
+    end
+
     # Encode as UTF-8. If 'coerce_to_utf8' is set to true in the config, any
     # non-UTF-8 character would be replaced by the string specified by
     # 'non_utf8_replacement_string'. If 'coerce_to_utf8' is set to false, any

data/lib/fluent/plugin/out_splunk_hec.rb

@@ -63,6 +63,9 @@ module Fluent::Plugin
     desc 'List of SSL ciphers allowed.'
     config_param :ssl_ciphers, :array, default: nil
 
+    desc 'When set to true, TLS version 1.1 and above is required.'
+    config_param :require_ssl_min_version, :bool, default: true
+
     desc 'Indicates if insecure SSL connection is allowed.'
     config_param :insecure_ssl, :bool, default: false
 
@@ -97,7 +100,10 @@ module Fluent::Plugin
     config_section :fields, init: false, multi: false, required: false do
       # this is blank on purpose
     end
-    
+
+    desc 'Indicates if 4xx errors should consume chunk'
+    config_param :consume_chunk_on_4xx_errors, :bool, :default => true
+
     config_section :format do
       config_set_default :usage, '**'
       config_set_default :@type, 'json'
@@ -140,6 +146,8 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
@@ -179,7 +187,7 @@ module Fluent::Plugin
     end
 
     def format_event(tag, time, record)
-      MultiJson.dump({
+      d = {
         host: @host ? @host.(tag, record) : @default_host,
         # From the API reference
         # http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
@@ -212,7 +220,12 @@ module Fluent::Plugin
             record = formatter.format(tag, time, record)
           end
           payload[:event] = convert_to_utf8 record
-      })
+      }
+      if d[:event] == "{}"
+        log.warn { "Event after formatting was blank, not sending" }
+        return ""
+      end
+      MultiJson.dump(d)
     end
 
     def format_metric(tag, time, record)
@@ -224,7 +237,7 @@ module Fluent::Plugin
         # That's why we use `to_s` here.
         time: time.to_f.to_s,
         event: 'metric'
-      }.tap do |payload| 
+      }.tap do |payload|
         if @time
           time_value = @time.(tag, record)
           # if no value is found don't override and use fluentd's time
@@ -279,9 +292,11 @@ module Fluent::Plugin
         c.ca_file = @ca_file
         c.ca_path = @ca_path
         c.ciphers = @ssl_ciphers
+        c.proxy   = :ENV
         c.idle_timeout = @idle_timeout
         c.read_timeout = @read_timeout
         c.open_timeout = @open_timeout
+        c.min_version = OpenSSL::SSL::TLS1_1_VERSION if @require_ssl_min_version
 
         c.override_headers['Content-Type'] = 'application/json'
         c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
@@ -302,11 +317,12 @@ module Fluent::Plugin
       response = @conn.request @api, post
       t2 = Time.now
 
-      # raise Exception to utilize Fluentd output plugin retry machanism
-      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if response.code.start_with?('5')
+      raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
+
+      # raise Exception to utilize Fluentd output plugin retry mechanism
+      raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if raise_err
 
-      # For both success response (2xx) and client errors (4xx), we will consume the chunk.
-      # Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
+      # For both success response (2xx) we will consume the chunk.
       if not response.code.start_with?('2')
         log.error "Failed POST to #{@api}, response: #{response.body}"
         log.debug { "Failed request body: #{post.body}" }
@@ -340,7 +356,7 @@ module Fluent::Plugin
           invalid: :replace,
           undef: :replace,
           replace: @non_utf8_replacement_string)
-            else
+      else
         begin
           input.encode('utf-8')
         rescue EncodingError

data/test/fluent/plugin/out_splunk_hec_test.rb

@@ -57,6 +57,9 @@ describe Fluent::Plugin::SplunkHecOutput do
       assert_nil(create_hec_output_driver('hec_host hec_token').instance.index_key)
       expect(create_hec_output_driver('hec_host hec_token').instance.index_key).is_a? String
     end
+    it 'should consume chunks on 4xx errors' do
+      expect(create_hec_output_driver('hec_host hec_token').instance.consume_chunk_on_4xx_errors).must_equal true
+    end
   end
 
   describe 'hec_host validation' do
@@ -139,6 +142,7 @@ describe Fluent::Plugin::SplunkHecOutput do
       host_key       from
       source_key     file
       sourcetype_key agent.name
+      time_key       timestamp
     CONF
       batch.each do |item|
         expect(item['index']).must_equal 'info'
@@ -147,7 +151,7 @@ describe Fluent::Plugin::SplunkHecOutput do
         expect(item['sourcetype']).must_equal 'test'
 
         JSON.load(item['event']).tap do |event|
-          %w[level from file].each { |field| expect(event).wont_include field }
+          %w[level from file timestamp].each { |field| expect(event).wont_include field }
           expect(event['agent']).wont_include 'name'
         end
       end
@@ -220,6 +224,24 @@ describe Fluent::Plugin::SplunkHecOutput do
     end
   end
 
+  it 'should not send blank events' do
+    verify_sent_events(<<~CONF) do |batch|
+      <fields>
+        from
+        logLevel level
+        nonexist
+        log
+        file
+        value
+        id
+        agent
+        timestamp
+      </fields>
+    CONF
+      expect(batch.length).must_equal 0
+    end
+  end
+
   describe 'metric' do
     it 'should check related configs' do
       expect(
@@ -349,7 +371,8 @@ describe Fluent::Plugin::SplunkHecOutput do
       'agent' => {
         'name' => 'test',
         'version' => '1.0.0'
-      }
+      },
+      'timestamp' => 'time'
     }
     events = [
       ['tag.event1', event_time, { 'id' => '1st' }.merge(Marshal.load(Marshal.dump(event)))],

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: fluent-plugin-splunk-hec
 version: !ruby/object:Gem::Version
-  version: 1.2.4
+  version: 1.2.8
 platform: ruby
 authors:
 - Splunk Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-08-06 00:00:00.000000000 Z
+date: 2021-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: fluentd
@@ -70,16 +70,16 @@ dependencies:
   name: prometheus-client
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: 2.1.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: 0.10.0
+        version: 2.1.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -122,20 +122,6 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '5.0'
-- !ruby/object:Gem::Dependency
-  name: rubocop
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.63.1
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: 0.63.1
 - !ruby/object:Gem::Dependency
   name: simplecov
   requirement: !ruby/object:Gem::Requirement
@@ -230,18 +216,18 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Fluentd plugin for Splunk HEC.
 test_files:
+- test/test_helper.rb
 - test/fluent/plugin/out_splunk_hec_test.rb
 - test/fluent/plugin/out_splunk_ingest_api_test.rb
-- test/lib/webmock/http_lib_adapters/patron_adapter.rb
-- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
-- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
-- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
 - test/lib/webmock/http_lib_adapters/curb_adapter.rb
+- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
 - test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
+- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
+- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
 - test/lib/webmock/http_lib_adapters/excon_adapter.rb
-- test/test_helper.rb
+- test/lib/webmock/http_lib_adapters/patron_adapter.rb