fluent-plugin-splunk-hec 1.2.8 → 1.2.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +13 -15
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_splunk.rb +5 -6
- data/lib/fluent/plugin/out_splunk_hec.rb +27 -9
- data/lib/fluent/plugin/out_splunk_ingest_api.rb +5 -1
- data/test/fluent/plugin/out_splunk_hec_test.rb +12 -1
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 277de2e282c7dfee68431d0b4ca144b8215d68f7210814fff1caadc452527955
|
|
4
|
+
data.tar.gz: 99bd20f106656d0be1ab6d70c3d1afd4516fbd19995e3edc8c6357f123f18e12
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: e8b91a7bfc42ce39100754bd79730a7fad4b27337e9cd70e13ccbc836f05aa98e123714cf268cd8f76bb351b8e409191050d8a9b4856bc088334a7a10f174000
|
|
7
|
+
data.tar.gz: 8874436fb7b143529994256d7f8d99d0f57c113e40ff1b3907af0a08c802a65372b7550c70d7db35af75c4de9e826385d0f7a663f82f8941062a2f302c46087a
|
data/Gemfile.lock
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
PATH
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
|
4
|
+
fluent-plugin-splunk-hec (1.2.11)
|
|
5
5
|
fluentd (>= 1.4)
|
|
6
6
|
multi_json (~> 1.13)
|
|
7
7
|
net-http-persistent (~> 3.1)
|
|
@@ -11,14 +11,13 @@ PATH
|
|
|
11
11
|
GEM
|
|
12
12
|
remote: https://rubygems.org/
|
|
13
13
|
specs:
|
|
14
|
-
activemodel (
|
|
15
|
-
activesupport (=
|
|
16
|
-
activesupport (
|
|
14
|
+
activemodel (7.0.1)
|
|
15
|
+
activesupport (= 7.0.1)
|
|
16
|
+
activesupport (7.0.1)
|
|
17
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
|
18
18
|
i18n (>= 1.6, < 2)
|
|
19
19
|
minitest (>= 5.1)
|
|
20
20
|
tzinfo (~> 2.0)
|
|
21
|
-
zeitwerk (~> 2.3)
|
|
22
21
|
addressable (2.8.0)
|
|
23
22
|
public_suffix (>= 2.0.2, < 5.0)
|
|
24
23
|
aes_key_wrap (1.1.0)
|
|
@@ -30,10 +29,10 @@ GEM
|
|
|
30
29
|
crack (0.4.5)
|
|
31
30
|
rexml
|
|
32
31
|
docile (1.4.0)
|
|
33
|
-
fluentd (1.14.
|
|
32
|
+
fluentd (1.14.4)
|
|
34
33
|
bundler
|
|
35
34
|
cool.io (>= 1.4.5, < 2.0.0)
|
|
36
|
-
http_parser.rb (>= 0.5.1, < 0.
|
|
35
|
+
http_parser.rb (>= 0.5.1, < 0.9.0)
|
|
37
36
|
msgpack (>= 1.3.1, < 2.0.0)
|
|
38
37
|
serverengine (>= 2.2.2, < 3.0.0)
|
|
39
38
|
sigdump (~> 0.2.2)
|
|
@@ -43,9 +42,9 @@ GEM
|
|
|
43
42
|
webrick (>= 1.4.2, < 1.8.0)
|
|
44
43
|
yajl-ruby (~> 1.0)
|
|
45
44
|
hashdiff (1.0.1)
|
|
46
|
-
http_parser.rb (0.
|
|
45
|
+
http_parser.rb (0.8.0)
|
|
47
46
|
httpclient (2.8.3)
|
|
48
|
-
i18n (1.
|
|
47
|
+
i18n (1.9.1)
|
|
49
48
|
concurrent-ruby (~> 1.0)
|
|
50
49
|
json-jwt (1.13.0)
|
|
51
50
|
activesupport (>= 4.2)
|
|
@@ -54,8 +53,8 @@ GEM
|
|
|
54
53
|
mail (2.7.1)
|
|
55
54
|
mini_mime (>= 0.1.1)
|
|
56
55
|
mini_mime (1.1.2)
|
|
57
|
-
minitest (5.
|
|
58
|
-
msgpack (1.4.
|
|
56
|
+
minitest (5.15.0)
|
|
57
|
+
msgpack (1.4.4)
|
|
59
58
|
multi_json (1.15.0)
|
|
60
59
|
net-http-persistent (3.1.0)
|
|
61
60
|
connection_pool (~> 2.2)
|
|
@@ -81,7 +80,7 @@ GEM
|
|
|
81
80
|
rack (>= 2.1.0)
|
|
82
81
|
rake (13.0.6)
|
|
83
82
|
rexml (3.2.5)
|
|
84
|
-
serverengine (2.2.
|
|
83
|
+
serverengine (2.2.5)
|
|
85
84
|
sigdump (~> 0.2.2)
|
|
86
85
|
sigdump (0.2.4)
|
|
87
86
|
simplecov (0.21.2)
|
|
@@ -95,7 +94,7 @@ GEM
|
|
|
95
94
|
activesupport (>= 3)
|
|
96
95
|
attr_required (>= 0.0.5)
|
|
97
96
|
httpclient (>= 2.4)
|
|
98
|
-
test-unit (3.5.
|
|
97
|
+
test-unit (3.5.3)
|
|
99
98
|
power_assert
|
|
100
99
|
tzinfo (2.0.4)
|
|
101
100
|
concurrent-ruby (~> 1.0)
|
|
@@ -116,7 +115,6 @@ GEM
|
|
|
116
115
|
hashdiff
|
|
117
116
|
webrick (1.7.0)
|
|
118
117
|
yajl-ruby (1.4.1)
|
|
119
|
-
zeitwerk (2.5.1)
|
|
120
118
|
|
|
121
119
|
PLATFORMS
|
|
122
120
|
ruby
|
|
@@ -131,4 +129,4 @@ DEPENDENCIES
|
|
|
131
129
|
webmock (~> 3.5.0)
|
|
132
130
|
|
|
133
131
|
BUNDLED WITH
|
|
134
|
-
2.
|
|
132
|
+
2.3.9
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.2.
|
|
1
|
+
1.2.11
|
|
@@ -1,13 +1,12 @@
|
|
|
1
1
|
# frozen_string_literal: true
|
|
2
2
|
|
|
3
|
-
require 'fluent/output'
|
|
4
3
|
require 'fluent/plugin/output'
|
|
5
4
|
require 'fluent/plugin/formatter'
|
|
6
5
|
require 'prometheus/client'
|
|
7
6
|
require 'benchmark'
|
|
8
7
|
|
|
9
8
|
module Fluent::Plugin
|
|
10
|
-
class SplunkOutput < Fluent::
|
|
9
|
+
class SplunkOutput < Fluent::Plugin::Output
|
|
11
10
|
helpers :formatter
|
|
12
11
|
|
|
13
12
|
autoload :VERSION, 'fluent/plugin/out_splunk/version'
|
|
@@ -100,9 +99,9 @@ module Fluent::Plugin
|
|
|
100
99
|
write_to_splunk(chunk)
|
|
101
100
|
end
|
|
102
101
|
|
|
103
|
-
@metrics[:record_counter].increment(labels: metric_labels, by: chunk.
|
|
102
|
+
@metrics[:record_counter].increment(labels: metric_labels, by: chunk.size)
|
|
104
103
|
@metrics[:bytes_counter].increment(labels: metric_labels, by: chunk.bytesize)
|
|
105
|
-
@metrics[:write_records_histogram].observe(chunk.
|
|
104
|
+
@metrics[:write_records_histogram].observe(chunk.size, labels: metric_labels)
|
|
106
105
|
@metrics[:write_bytes_histogram].observe(chunk.bytesize, labels: metric_labels, )
|
|
107
106
|
@metrics[:write_latency_histogram].observe(t, labels: metric_labels, )
|
|
108
107
|
end
|
|
@@ -193,8 +192,8 @@ module Fluent::Plugin
|
|
|
193
192
|
v = instance_variable_get "@#{f}"
|
|
194
193
|
next unless v
|
|
195
194
|
|
|
196
|
-
if v
|
|
197
|
-
instance_variable_set "@#{f}", ->(tag, _) { tag }
|
|
195
|
+
if v.include? TAG_PLACEHOLDER
|
|
196
|
+
instance_variable_set "@#{f}", ->(tag, _) { v.gsub(TAG_PLACEHOLDER, tag) }
|
|
198
197
|
else
|
|
199
198
|
instance_variable_set "@#{f}", ->(_, _) { v }
|
|
200
199
|
end
|
|
@@ -31,13 +31,16 @@ module Fluent::Plugin
|
|
|
31
31
|
config_param :protocol, :enum, list: %i[http https], default: :https
|
|
32
32
|
|
|
33
33
|
desc 'The hostname/IP to HEC, or HEC load balancer.'
|
|
34
|
-
config_param :hec_host, :string
|
|
34
|
+
config_param :hec_host, :string, default: ''
|
|
35
35
|
|
|
36
36
|
desc 'The port number to HEC, or HEC load balancer.'
|
|
37
37
|
config_param :hec_port, :integer, default: 8088
|
|
38
38
|
|
|
39
|
+
desc 'Full url to connect tosplunk. Example: https://mydomain.com:8088/apps/splunk'
|
|
40
|
+
config_param :full_url, :string, default: ''
|
|
41
|
+
|
|
39
42
|
desc 'The HEC token.'
|
|
40
|
-
config_param :hec_token, :string
|
|
43
|
+
config_param :hec_token, :string, secret: true
|
|
41
44
|
|
|
42
45
|
desc 'If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection. nil means no timeout.'
|
|
43
46
|
config_param :idle_timeout, :integer, default: 5
|
|
@@ -132,11 +135,15 @@ module Fluent::Plugin
|
|
|
132
135
|
|
|
133
136
|
def configure(conf)
|
|
134
137
|
super
|
|
135
|
-
|
|
138
|
+
raise Fluent::ConfigError, 'One of `hec_host` or `full_url` is required.' if @hec_host.empty? && @full_url.empty?
|
|
136
139
|
check_metric_configs
|
|
137
140
|
pick_custom_format_method
|
|
138
141
|
end
|
|
139
142
|
|
|
143
|
+
def write(chunk)
|
|
144
|
+
super
|
|
145
|
+
end
|
|
146
|
+
|
|
140
147
|
def start
|
|
141
148
|
super
|
|
142
149
|
@conn = Net::HTTP::Persistent.new.tap do |c|
|
|
@@ -279,9 +286,17 @@ module Fluent::Plugin
|
|
|
279
286
|
end
|
|
280
287
|
|
|
281
288
|
def construct_api
|
|
282
|
-
|
|
289
|
+
if @full_url.empty?
|
|
290
|
+
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/services/collector")
|
|
291
|
+
else
|
|
292
|
+
URI("#{@full_url.delete_suffix("/")}/services/collector")
|
|
293
|
+
end
|
|
283
294
|
rescue StandardError
|
|
284
|
-
|
|
295
|
+
if @full_url.empty?
|
|
296
|
+
raise Fluent::ConfigError, "hec_host (#{@hec_host}) and/or hec_port (#{@hec_port}) are invalid."
|
|
297
|
+
else
|
|
298
|
+
raise Fluent::ConfigError, "full_url (#{@full_url}) is invalid."
|
|
299
|
+
end
|
|
285
300
|
end
|
|
286
301
|
|
|
287
302
|
def new_connection
|
|
@@ -312,10 +327,13 @@ module Fluent::Plugin
|
|
|
312
327
|
post.body = chunk.read
|
|
313
328
|
log.debug { "[Sending] Chunk: #{dump_unique_id_hex(chunk.unique_id)}(#{post.body.bytesize}B)." }
|
|
314
329
|
log.trace { "POST #{@api} body=#{post.body}" }
|
|
315
|
-
|
|
316
|
-
|
|
317
|
-
|
|
318
|
-
|
|
330
|
+
begin
|
|
331
|
+
t1 = Time.now
|
|
332
|
+
response = @conn.request @api, post
|
|
333
|
+
t2 = Time.now
|
|
334
|
+
rescue Net::HTTP::Persistent::Error => e
|
|
335
|
+
raise e.cause
|
|
336
|
+
end
|
|
319
337
|
|
|
320
338
|
raise_err = response.code.to_s.start_with?('5') || (!@consume_chunk_on_4xx_errors && response.code.to_s.start_with?('4'))
|
|
321
339
|
|
|
@@ -41,6 +41,10 @@ module Fluent::Plugin
|
|
|
41
41
|
super
|
|
42
42
|
end
|
|
43
43
|
|
|
44
|
+
def write(chunk)
|
|
45
|
+
super
|
|
46
|
+
end
|
|
47
|
+
|
|
44
48
|
def construct_api
|
|
45
49
|
uri = "https://#{@ingest_api_host}/#{@ingest_api_tenant}#{@ingest_api_events_endpoint}"
|
|
46
50
|
URI(uri)
|
|
@@ -101,7 +105,7 @@ module Fluent::Plugin
|
|
|
101
105
|
end
|
|
102
106
|
|
|
103
107
|
def write_to_splunk(chunk)
|
|
104
|
-
log.trace "#{self.class}: In write() with #{chunk.
|
|
108
|
+
log.trace "#{self.class}: In write() with #{chunk.size} records and #{chunk.bytesize} bytes "
|
|
105
109
|
# ingest API is an array of json objects
|
|
106
110
|
body = "[#{chunk.read.chomp(',')}]"
|
|
107
111
|
@conn ||= new_connection
|
|
@@ -64,7 +64,7 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
64
64
|
|
|
65
65
|
describe 'hec_host validation' do
|
|
66
66
|
describe 'invalid host' do
|
|
67
|
-
it 'should require hec_host' do
|
|
67
|
+
it 'should require hec_host or full_url' do
|
|
68
68
|
expect { create_hec_output_driver }.must_raise Fluent::ConfigError
|
|
69
69
|
end
|
|
70
70
|
|
|
@@ -78,6 +78,17 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
78
78
|
end
|
|
79
79
|
end
|
|
80
80
|
|
|
81
|
+
describe 'full_url validation' do
|
|
82
|
+
describe 'invalid full_url' do
|
|
83
|
+
it { expect { create_hec_output_driver(full_url: '%bad-host%.com') }.must_raise Fluent::ConfigError }
|
|
84
|
+
end
|
|
85
|
+
describe 'good full_url' do
|
|
86
|
+
it {
|
|
87
|
+
expect(create_hec_output_driver('full_url https://splunk.com').instance.full_url).must_equal 'https://splunk.com'
|
|
88
|
+
}
|
|
89
|
+
end
|
|
90
|
+
end
|
|
91
|
+
|
|
81
92
|
it 'should send request to Splunk' do
|
|
82
93
|
req = verify_sent_events do |batch|
|
|
83
94
|
expect(batch.size).must_equal 2
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-hec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.2.
|
|
4
|
+
version: 1.2.11
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Splunk Inc.
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2022-03-15 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|
|
@@ -221,13 +221,13 @@ signing_key:
|
|
|
221
221
|
specification_version: 4
|
|
222
222
|
summary: Fluentd plugin for Splunk HEC.
|
|
223
223
|
test_files:
|
|
224
|
-
- test/test_helper.rb
|
|
225
|
-
- test/fluent/plugin/out_splunk_hec_test.rb
|
|
226
224
|
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|
|
227
|
-
- test/
|
|
225
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|
|
226
|
+
- test/test_helper.rb
|
|
227
|
+
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
|
228
228
|
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
|
229
|
-
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
|
230
229
|
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
|
231
230
|
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
|
232
|
-
- test/lib/webmock/http_lib_adapters/
|
|
231
|
+
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
|
233
232
|
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
|
233
|
+
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|