fluent-plugin-splunk-hec 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/VERSION +1 -1
- data/lib/fluent/plugin/out_splunk_hec.rb +27 -40
- data/test/fluent/plugin/out_splunk_hec_test.rb +9 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 1a5e33a0b115b4d515ce94f1bf904bddf192994ff1b54fb624f5ea9d470bb4cd
|
|
4
|
+
data.tar.gz: 306d2647c27a63e98d3f530eacf2abd0fd16cd5f7f23213291ff061a11d4fb92
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a813d1d0ef4e157c95c49a0f75641e51af2a18d56c02020ec702a06a4d48fad02cb7e60f044637adfc261d8ec6fce21775ef38aa6215e8dea5cdb850c2faa74c
|
|
7
|
+
data.tar.gz: 584ffa55837e358d705780cdd01f86bcd3245fe3ebcc4f3f0f999ae03fa5634443db531cb1a51ac806402399cac7d1f6d9ed43f612b4c331de445a9df6376172
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.1
|
|
@@ -121,7 +121,6 @@ module Fluent::Plugin
|
|
|
121
121
|
def initialize
|
|
122
122
|
super
|
|
123
123
|
@default_host = Socket.gethostname
|
|
124
|
-
@chunk_queue = SizedQueue.new 1
|
|
125
124
|
@extra_fields = nil
|
|
126
125
|
end
|
|
127
126
|
|
|
@@ -143,21 +142,17 @@ module Fluent::Plugin
|
|
|
143
142
|
|
|
144
143
|
def start
|
|
145
144
|
super
|
|
146
|
-
|
|
145
|
+
|
|
146
|
+
@hec_conn = new_connection
|
|
147
147
|
end
|
|
148
148
|
|
|
149
149
|
def format(tag, time, record)
|
|
150
150
|
# this method will be replaced in `configure`
|
|
151
151
|
end
|
|
152
152
|
|
|
153
|
-
def
|
|
153
|
+
def write(chunk)
|
|
154
154
|
log.debug { "Received new chunk, size=#{chunk.read.bytesize}" }
|
|
155
|
-
|
|
156
|
-
end
|
|
157
|
-
|
|
158
|
-
def close
|
|
159
|
-
@chunk_queue.close
|
|
160
|
-
super
|
|
155
|
+
send_to_hec chunk
|
|
161
156
|
end
|
|
162
157
|
|
|
163
158
|
def multi_workers_ready?
|
|
@@ -239,7 +234,11 @@ module Fluent::Plugin
|
|
|
239
234
|
def format_event(tag, time, record)
|
|
240
235
|
MultiJson.dump({
|
|
241
236
|
host: @host ? @host.(tag, record) : @default_host,
|
|
242
|
-
|
|
237
|
+
# From the API reference
|
|
238
|
+
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
|
239
|
+
# `time` should be a string or unsigned integer.
|
|
240
|
+
# That's why we use `to_s` here.
|
|
241
|
+
time: time.to_f.to_s
|
|
243
242
|
}.tap { |payload|
|
|
244
243
|
payload[:index] = @index.(tag, record) if @index
|
|
245
244
|
payload[:source] = @source.(tag, record) if @source
|
|
@@ -264,7 +263,11 @@ module Fluent::Plugin
|
|
|
264
263
|
def format_metric(tag, time, record)
|
|
265
264
|
payload = {
|
|
266
265
|
host: @host ? @host.(tag, record) : @default_host,
|
|
267
|
-
|
|
266
|
+
# From the API reference
|
|
267
|
+
# http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
|
|
268
|
+
# `time` should be a string or unsigned integer.
|
|
269
|
+
# That's why we use `to_s` here.
|
|
270
|
+
time: time.to_f.to_s,
|
|
268
271
|
event: 'metric'
|
|
269
272
|
}
|
|
270
273
|
payload[:index] = @index.(tag, record) if @index
|
|
@@ -304,51 +307,35 @@ module Fluent::Plugin
|
|
|
304
307
|
raise Fluent::ConfigError, "hec_host (#{@hec_host}) and/or hec_port (#{@hec_port}) are invalid."
|
|
305
308
|
end
|
|
306
309
|
|
|
307
|
-
def start_worker_threads
|
|
308
|
-
thread_create :"hec_worker_#{@hec_api}" do
|
|
309
|
-
http = new_connection
|
|
310
|
-
while chunk = get_next_chunk
|
|
311
|
-
send_to_hec http, chunk
|
|
312
|
-
end
|
|
313
|
-
end
|
|
314
|
-
end
|
|
315
|
-
|
|
316
|
-
def get_next_chunk
|
|
317
|
-
@chunk_queue.pop @chunk_queue.closed?
|
|
318
|
-
rescue ThreadError # see SizedQueue#pop doc
|
|
319
|
-
nil
|
|
320
|
-
end
|
|
321
|
-
|
|
322
310
|
def new_connection
|
|
323
311
|
Net::HTTP::Persistent.new.tap do |c|
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
332
|
-
|
|
333
|
-
|
|
312
|
+
c.verify_mode = @insecure_ssl ? OpenSSL::SSL::VERIFY_NONE : OpenSSL::SSL::VERIFY_PEER
|
|
313
|
+
c.cert = OpenSSL::X509::Certificate.new File.read(@client_cert) if @client_cert
|
|
314
|
+
c.key = OpenSSL::PKey::RSA.new File.read(@client_key) if @client_key
|
|
315
|
+
c.ca_file = @ca_file
|
|
316
|
+
c.ca_path = @ca_path
|
|
317
|
+
c.ciphers = @ssl_ciphers
|
|
318
|
+
|
|
319
|
+
c.override_headers['Content-Type'] = 'application/json'
|
|
320
|
+
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
|
321
|
+
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
|
334
322
|
end
|
|
335
323
|
end
|
|
336
324
|
|
|
337
|
-
def send_to_hec(
|
|
325
|
+
def send_to_hec(chunk)
|
|
338
326
|
post = Net::HTTP::Post.new @hec_api.request_uri
|
|
339
327
|
post.body = chunk.read
|
|
340
328
|
log.debug { "Sending #{post.body.bytesize} bytes to Splunk." }
|
|
341
329
|
|
|
342
330
|
log.trace { "POST #{@hec_api} body=#{post.body}" }
|
|
343
|
-
response =
|
|
331
|
+
response = @hec_conn.request @hec_api, post
|
|
344
332
|
log.debug { "[Response] POST #{@hec_api}: #{response.inspect}" }
|
|
345
333
|
|
|
346
334
|
# raise Exception to utilize Fluentd output plugin retry machanism
|
|
347
|
-
raise "Server error for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
|
|
335
|
+
raise "Server error (#{response.code}) for POST #{@hec_api}, response: #{response.body}" if response.code.start_with?('5')
|
|
348
336
|
|
|
349
337
|
# For both success response (2xx) and client errors (4xx), we will consume the chunk.
|
|
350
338
|
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
|
351
|
-
commit_write(chunk.unique_id)
|
|
352
339
|
if not response.code.start_with?('2')
|
|
353
340
|
log.error "Failed POST to #{@hec_api}, response: #{response.body}"
|
|
354
341
|
log.debug { "Failed request body: #{post.body}" }
|
|
@@ -31,6 +31,15 @@ describe Fluent::Plugin::SplunkHecOutput do
|
|
|
31
31
|
expect(req).must_be_requested times: 1
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
it "should use string for event time, and the value of the string should be a float" do
|
|
35
|
+
verify_sent_events { |batch|
|
|
36
|
+
batch.each do |item|
|
|
37
|
+
expect(item['time']).must_be_instance_of String
|
|
38
|
+
expect(item['time']).must_match /^\d+\.\d+$/
|
|
39
|
+
end
|
|
40
|
+
}
|
|
41
|
+
end
|
|
42
|
+
|
|
34
43
|
it "should use host machine's hostname for event host by default" do
|
|
35
44
|
verify_sent_events { |batch|
|
|
36
45
|
batch.each do |item|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fluent-plugin-splunk-hec
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Zhimin (Gimi) Liang
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-
|
|
11
|
+
date: 2018-06-27 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: fluentd
|