fluent-plugin-splunk-hec 1.2.8 → 1.2.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +13 -15
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_splunk.rb +5 -6
- data/lib/fluent/plugin/out_splunk_hec.rb +27 -9
- data/lib/fluent/plugin/out_splunk_ingest_api.rb +5 -1
- data/test/fluent/plugin/out_splunk_hec_test.rb +12 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 277de2e282c7dfee68431d0b4ca144b8215d68f7210814fff1caadc452527955
|
|
4
|
+
data.tar.gz: 99bd20f106656d0be1ab6d70c3d1afd4516fbd19995e3edc8c6357f123f18e12
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8b91a7bfc42ce39100754bd79730a7fad4b27337e9cd70e13ccbc836f05aa98e123714cf268cd8f76bb351b8e409191050d8a9b4856bc088334a7a10f174000
|
|
7
|
+
data.tar.gz: 8874436fb7b143529994256d7f8d99d0f57c113e40ff1b3907af0a08c802a65372b7550c70d7db35af75c4de9e826385d0f7a663f82f8941062a2f302c46087a
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
|
4
|
+
fluent-plugin-splunk-hec (1.2.11)
|
|
5
5
|
fluentd (>= 1.4)
|
|
6
6
|
multi_json (~> 1.13)
|
|
7
7
|
net-http-persistent (~> 3.1)
|
|
@@ -11,14 +11,13 @@ PATH
|
|
|
11
11
|
GEM
|
|
12
12
|
remote: https://rubygems.org/
|
|
13
13
|
specs:
|
|
14
|
-
activemodel (
|
|
15
|
-
activesupport (=
|
|
16
|
-
activesupport (
|
|
14
|
+
activemodel (7.0.1)
|
|
15
|
+
activesupport (= 7.0.1)
|
|
16
|
+
activesupport (7.0.1)
|
|
17
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
18
18
|
i18n (>= 1.6, < 2)
|
|
19
19
|
minitest (>= 5.1)
|
|
20
20
|
tzinfo (~> 2.0)
|
|
21
|
-
zeitwerk (~> 2.3)
|
|
22
21
|
addressable (2.8.0)
|
|
23
22
|
public_suffix (>= 2.0.2, < 5.0)
|
|
24
23
|
aes_key_wrap (1.1.0)
|
|
@@ -30,10 +29,10 @@ GEM
|
|
|
30
29
|
crack (0.4.5)
|
|
31
30
|
rexml
|
|
32
31
|
docile (1.4.0)
|
|
33
|
-
fluentd (1.14.
|
|
32
|
+
fluentd (1.14.4)
|
|
34
33
|
bundler
|
|
35
34
|
cool.io (>= 1.4.5, < 2.0.0)
|
|
36
|
-
http_parser.rb (>= 0.5.1, < 0.
|
|
35
|
+
http_parser.rb (>= 0.5.1, < 0.9.0)
|
|
37
36
|
msgpack (>= 1.3.1, < 2.0.0)
|
|
38
37
|
serverengine (>= 2.2.2, < 3.0.0)
|
|
39
38
|
sigdump (~> 0.2.2)
|
|
@@ -43,9 +42,9 @@ GEM
|
|
|
43
42
|
webrick (>= 1.4.2, < 1.8.0)
|
|
44
43
|
yajl-ruby (~> 1.0)
|
|
45
44
|
hashdiff (1.0.1)
|
|
46
|
-
http_parser.rb (0.
|
|
45
|
+
http_parser.rb (0.8.0)
|
|
47
46
|
httpclient (2.8.3)
|
|
48
|
-
i18n (1.
|
|
47
|
+
i18n (1.9.1)
|
|
49
48
|
concurrent-ruby (~> 1.0)
|
|
50
49
|
json-jwt (1.13.0)
|
|
51
50
|
activesupport (>= 4.2)
|
|
@@ -54,8 +53,8 @@ GEM
|
|
|
54
53
|
mail (2.7.1)
|
|
55
54
|
mini_mime (>= 0.1.1)
|
|
56
55
|
mini_mime (1.1.2)
|
|
57
|
-
minitest (5.
|
|
58
|
-
msgpack (1.4.
|
|
56
|
+
minitest (5.15.0)
|
|
57
|
+
msgpack (1.4.4)
|
|
59
58
|
multi_json (1.15.0)
|
|
60
59
|
net-http-persistent (3.1.0)
|
|
61
60
|
connection_pool (~> 2.2)
|
|
@@ -81,7 +80,7 @@ GEM
|
|
|
81
80
|
rack (>= 2.1.0)
|
|
82
81
|
rake (13.0.6)
|
|
83
82
|
rexml (3.2.5)
|
|
84
|
-
serverengine (2.2.
|
|
83
|
+
serverengine (2.2.5)
|
|
85
84
|
sigdump (~> 0.2.2)
|
|
86
85
|
sigdump (0.2.4)
|
|
87
86
|
simplecov (0.21.2)
|
|
@@ -95,7 +94,7 @@ GEM
|
|
|
95
94
|
activesupport (>= 3)
|
|
96
95
|
attr_required (>= 0.0.5)
|
|
97
96
|
httpclient (>= 2.4)
|
|
98
|
-
test-unit (3.5.
|
|
97
|
+
test-unit (3.5.3)
|
|
99
98
|
power_assert
|
|
100
99
|
tzinfo (2.0.4)
|
|
101
100
|
concurrent-ruby (~> 1.0)
|
|
@@ -116,7 +115,6 @@ GEM
|
|
|
116
115
|
hashdiff
|
|
117
116
|
webrick (1.7.0)
|
|
118
117
|
yajl-ruby (1.4.1)
|
|
119
|
-
zeitwerk (2.5.1)
|
|
120
118
|
|
|
121
119
|
PLATFORMS
|
|
122
120
|
ruby
|
|
@@ -131,4 +129,4 @@ DEPENDENCIES
|
|
|
131
129
|
webmock (~> 3.5.0)
|
|
132
130
|
|
|
133
131
|
BUNDLED WITH
|
|
134
|
-
2.
|
|
132
|
+
2.3.9
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.2.
|
|
1
|
+
1.2.11
|
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'fluent/output'
|
|
4
3
|
require 'fluent/plugin/output'
|
|
5
4
|
require 'fluent/plugin/formatter'
|
|
6
5
|
require 'prometheus/client'
|
|
7
6
|
require 'benchmark'
|
|
8
7
|
|
|
9
8
|
module Fluent::Plugin
|
|
10
|
-
class SplunkOutput < Fluent::
|
|
9
|
+
class SplunkOutput < Fluent::Plugin::Output
|
|
11
10
|
helpers :formatter
|
|
12
11
|
|
|
13
12
|
autoload :VERSION, 'fluent/plugin/out_splunk/version'
|
|
@@ -100,9 +99,9 @@ module Fluent::Plugin
|
|
|
100
99
|
write_to_splunk(chunk)
|
|
101
100
|
end
|
|
102
101
|
|
|
103
|
-
@metrics[:record_counter].increment(labels: metric_labels, by: chunk.
|
|
102
|
+
@metrics[:record_counter].increment(labels: metric_labels, by: chunk.size)
|
|
104
103
|
@metrics[:bytes_counter].increment(labels: metric_labels, by: chunk.bytesize)
|
|
105
|
-
@metrics[:write_records_histogram].observe(chunk.
|
|
104
|
+
@metrics[:write_records_histogram].observe(chunk.size, labels: metric_labels)
|
|
106
105
|
@metrics[:write_bytes_histogram].observe(chunk.bytesize, labels: metric_labels, )
|
|
107
106
|
@metrics[:write_latency_histogram].observe(t, labels: metric_labels, )
|
|
108
107
|
end
|
|
@@ -193,8 +192,8 @@ module Fluent::Plugin
|
|
|
193
192
|
v = instance_variable_get "@#{f}"
|
|
194
193
|
next unless v
|
|
195
194
|
|
|
196
|
-
if v
|
|
197
|
-
instance_variable_set "@#{f}", ->(tag, _) { tag }
|
|
195
|
+
if v.include? TAG_PLACEHOLDER
|
|
196
|
+
instance_variable_set "@#{f}", ->(tag, _) { v.gsub(TAG_PLACEHOLDER, tag) }
|
|
198
197
|
else
|
|
199
198
|
instance_variable_set "@#{f}", ->(_, _) { v }
|
|
200
199
|
end
|
|
@@ -31,13 +31,16 @@ module Fluent::Plugin
|
|
|
31
31
|
config_param :protocol, :enum, list: %i[http https], default: :https
|
|
32
32
|
|
|
33
33
|
desc 'The hostname/IP to HEC, or HEC load balancer.'
|
|
34
|
-
config_param :hec_host, :string
|
|
34
|
+
config_param :hec_host, :string, default: ''
|
|
35
35
|
|
|
36
36
|
desc 'The port number to HEC, or HEC load balancer.'
|
|
37
37
|
config_param :hec_port, :integer, default: 8088
|
|
38
38
|
|
|
39
|
+
desc 'Full url to connect tosplunk. Example: https://mydomain.com:8088/apps/splunk'
|
|
40
|
+
config_param :full_url, :string, default: ''
|
|
41
|
+
|
|
39
42
|
desc 'The HEC token.'
|
|
40
|
-
config_param :hec_token, :string
|
|
43
|
+
config_param :hec_token, :string, secret: true
|
|
41
44
|
|
|
42
45
|
desc 'If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection. nil means no timeout.'
|
|
43
46
|
config_param :idle_timeout, :integer, default: 5
|
|
@@ -132,11 +135,15 @@ module Fluent::Plugin
|
|
|
132
135
|
|
|
133
136
|
def configure(conf)
|
|
134
137
|
super
|
|
135
|
-
|
|
138
|
+
raise Fluent::ConfigError, 'One of `hec_host` or `full_url` is required.' if @hec_host.empty? && @full_url.empty?
|
|
136
139
|
check_metric_configs
|
|
137
140
|
pick_custom_format_method
|
|
138
141
|
end
|
|
139
142
|
|
|
143
|
+
def write(chunk)
|
|
144
|
+
super
|
|
145
|
+
end
|
|
146
|
+
|
|
140
147
|
def start
|
|
141
148
|
super
|
|
142
149
|
@conn = Net::HTTP::Persistent.new.tap do |c|
|
|
@@ -279,9 +286,17 @@ module Fluent::Plugin
|
|
|
279
286
|
end
|
|
280
287
|
|
|
281
288
|
def construct_api
|
|
282
|
-
|
|
289
|
+
if @full_url.empty?
|
|
290
|
+
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/services/collector")
|
|
291
|
+
else
|
|
292
|
+
URI("#{@full_url.delete_suffix("/")}/services/collector")
|
|
293
|
+
end
|
|
283
294
|
rescue StandardError
|
|
284
|
-
|
|
295
|
+
if @full_url.empty?
|
|
296
|
+
raise Fluent::ConfigError, "hec_host (#{@hec_host}) and/or hec_port (#{@hec_port}) are invalid."
|
|
297
|
+
else
|
|
298
|
+
raise Fluent::ConfigError, "full_url (#{@full_url}) is invalid."
|
|
299
|
+
end
|
|
285
300
|
end
|
|
286
301
|
|
|
287
302
|
def new_connection
|
|
@@ -312,10 +327,13 @@ module Fluent::Plugin
|
|
|
312
327
|
post.body = chunk.read
|
|
313
328
|
log.debug { "[Sending] Chunk: #{dump_unique_id_hex(chunk.unique_id)}(#{post.body.bytesize}B)." }
|
|
314
329
|
log.trace { "POST #{@api} body=#{post.body}" }
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
330
|
+
begin
|
|
331
|
+
t1 = Time.now
|
|
332
|
+
response = @conn.request @api, post
|
|
333
|
+
t2 = Time.now
|
|
334
|
+
rescue Net::HTTP::Persistent::Error => e
|
|
335
|
+
raise e.cause
|
|
336
|
+
end
|
|
319
337
|
|
|
320
338
|
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
|
321
339
|
|
|
@@ -41,6 +41,10 @@ module Fluent::Plugin
|
|
|
41
41
|
super
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def write(chunk)
|
|
45
|
+
super
|
|
46
|
+
end
|
|
47
|
+
|
|
44
48
|
def construct_api
|
|
45
49
|
uri = "https://#{@ingest_api_host}/#{@ingest_api_tenant}#{@ingest_api_events_endpoint}"
|
|
46
50
|
URI(uri)
|
|
@@ -101,7 +105,7 @@ module Fluent::Plugin
|
|
|
101
105
|
end
|
|
102
106
|
|
|
103
107
|
def write_to_splunk(chunk)
|
|
104
|
-
log.trace "#{self.class}: In write() with #{chunk.
|
|
108
|
+
log.trace "#{self.class}: In write() with #{chunk.size} records and #{chunk.bytesize} bytes "
|
|
105
109
|
# ingest API is an array of json objects
|
|
106
110
|
body = "[#{chunk.read.chomp(',')}]"
|
|
107
111
|
@conn ||= new_connection
|
|
@@ -64,7 +64,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
64
64
|
|
|
65
65
|
describe 'hec_host validation' do
|
|
66
66
|
describe 'invalid host' do
|
|
67
|
-
it 'should require hec_host' do
|
|
67
|
+
it 'should require hec_host or full_url' do
|
|
68
68
|
expect { create_hec_output_driver }.must_raise Fluent::ConfigError
|
|
69
69
|
end
|
|
70
70
|
|
|
@@ -78,6 +78,17 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
describe 'full_url validation' do
|
|
82
|
+
describe 'invalid full_url' do
|
|
83
|
+
it { expect { create_hec_output_driver(full_url: '%bad-host%.com') }.must_raise Fluent::ConfigError }
|
|
84
|
+
end
|
|
85
|
+
describe 'good full_url' do
|
|
86
|
+
it {
|
|
87
|
+
expect(create_hec_output_driver('full_url https://splunk.com').instance.full_url).must_equal 'https://splunk.com'
|
|
88
|
+
}
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
81
92
|
it 'should send request to Splunk' do
|
|
82
93
|
req = verify_sent_events do |batch|
|
|
83
94
|
expect(batch.size).must_equal 2
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-hec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Splunk Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -221,13 +221,13 @@ signing_key:
|
|
|
221
221
|
specification_version: 4
|
|
222
222
|
summary: Fluentd plugin for Splunk HEC.
|
|
223
223
|
test_files:
|
|
224
|
-
- test/test_helper.rb
|
|
225
|
-
- test/fluent/plugin/out_splunk_hec_test.rb
|
|
226
224
|
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
|
227
|
-
- test/
|
|
225
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|
|
226
|
+
- test/test_helper.rb
|
|
227
|
+
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
|
228
228
|
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
|
229
|
-
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
|
230
229
|
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
|
231
230
|
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
|
232
|
-
- test/lib/webmock/http_lib_adapters/
|
|
231
|
+
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
|
233
232
|
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
|
233
|
+
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|