fluent-plugin-splunk-hec 1.2.12 → 1.2.13
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +7 -7
- data/README.md +18 -14
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +1 -1
- data/lib/fluent/plugin/out_splunk.rb +4 -0
- data/lib/fluent/plugin/out_splunk_hec.rb +6 -3
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: de7c88e53248a080bb6074bf72a88896438727d88a042945b1faacce56df8a34
|
4
|
+
data.tar.gz: 44a74cb51c4697397ef0fac7d50e6ff9a044e823c336c5a680840e387b8383e5
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fa2ef5e67fbb22bc0721e15cb9d73e9442f5485dc70da665507455e9cba99ec8c672ea65c308b50fd82249977ee9f06a3120c6d5be56b8ef8251e6927f4e1d29
|
7
|
+
data.tar.gz: 9945827eb5330b28eaa319c7de17825bb1f6c5ea9494c5bdeca128eb9839663318f698d9f5ba7718c62c50c0095a3ca9456951293a93d9aa00dc8de10edfb66c
|
data/Gemfile.lock
CHANGED
@@ -1,10 +1,10 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
4
|
+
fluent-plugin-splunk-hec (1.2.13)
|
5
5
|
fluentd (>= 1.4)
|
6
6
|
multi_json (~> 1.13)
|
7
|
-
net-http-persistent (~>
|
7
|
+
net-http-persistent (~> 4.0)
|
8
8
|
openid_connect (~> 1.1.8)
|
9
9
|
prometheus-client (>= 2.1.0)
|
10
10
|
|
@@ -29,7 +29,7 @@ GEM
|
|
29
29
|
crack (0.4.5)
|
30
30
|
rexml
|
31
31
|
docile (1.4.0)
|
32
|
-
fluentd (1.14.
|
32
|
+
fluentd (1.14.6)
|
33
33
|
bundler
|
34
34
|
cool.io (>= 1.4.5, < 2.0.0)
|
35
35
|
http_parser.rb (>= 0.5.1, < 0.9.0)
|
@@ -54,9 +54,9 @@ GEM
|
|
54
54
|
mini_mime (>= 0.1.1)
|
55
55
|
mini_mime (1.1.2)
|
56
56
|
minitest (5.15.0)
|
57
|
-
msgpack (1.
|
57
|
+
msgpack (1.5.1)
|
58
58
|
multi_json (1.15.0)
|
59
|
-
net-http-persistent (
|
59
|
+
net-http-persistent (4.0.1)
|
60
60
|
connection_pool (~> 2.2)
|
61
61
|
openid_connect (1.1.8)
|
62
62
|
activemodel
|
@@ -114,7 +114,7 @@ GEM
|
|
114
114
|
crack (>= 0.3.2)
|
115
115
|
hashdiff
|
116
116
|
webrick (1.7.0)
|
117
|
-
yajl-ruby (1.4.
|
117
|
+
yajl-ruby (1.4.2)
|
118
118
|
|
119
119
|
PLATFORMS
|
120
120
|
ruby
|
@@ -129,4 +129,4 @@ DEPENDENCIES
|
|
129
129
|
webmock (~> 3.5.0)
|
130
130
|
|
131
131
|
BUNDLED WITH
|
132
|
-
2.3.
|
132
|
+
2.3.12
|
data/README.md
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
# fluent-plugin-splunk-hec
|
2
2
|
|
3
3
|
[Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/>
|
4
|
-
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
4
|
+
1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/>
|
5
5
|
2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2)
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
9
|
### RubyGems
|
10
|
-
```
|
10
|
+
```
|
11
11
|
$ gem install fluent-plugin-splunk-hec
|
12
12
|
```
|
13
13
|
### Bundler
|
@@ -157,7 +157,7 @@ This value must be set to `splunk_hec` when using HEC API and to `splunk_ingest_
|
|
157
157
|
|
158
158
|
#### protocol (enum) (optional)
|
159
159
|
|
160
|
-
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
160
|
+
This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is
|
161
161
|
set to `https` by default.
|
162
162
|
|
163
163
|
### hec_host (string) (required)
|
@@ -172,6 +172,10 @@ The port number for the HEC token or the HEC load balancer. The default value is
|
|
172
172
|
|
173
173
|
Identifier for the HEC token.
|
174
174
|
|
175
|
+
### hec_endpoint (string) (optional)
|
176
|
+
|
177
|
+
The HEC REST API endpoint to use. The default value is `services/collector`.
|
178
|
+
|
175
179
|
### metrics_from_event (bool) (optional)
|
176
180
|
|
177
181
|
When `data_type` is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics. The default value is `true`.
|
@@ -194,31 +198,31 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the
|
|
194
198
|
|
195
199
|
### Parameters for `splunk_ingest_api`
|
196
200
|
|
197
|
-
### service_client_identifier: (optional) (string)
|
201
|
+
### service_client_identifier: (optional) (string)
|
198
202
|
|
199
203
|
Splunk uses the client identifier to make authorized requests to the ingest API.
|
200
204
|
|
201
|
-
### service_client_secret_key: (string)
|
205
|
+
### service_client_secret_key: (string)
|
202
206
|
|
203
207
|
The client identifier uses this authorization to make requests to the ingest API.
|
204
208
|
|
205
|
-
### token_endpoint: (string)
|
209
|
+
### token_endpoint: (string)
|
206
210
|
|
207
211
|
This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API.
|
208
212
|
|
209
|
-
### ingest_api_host: (string)
|
213
|
+
### ingest_api_host: (string)
|
210
214
|
|
211
215
|
Indicates which url/hostname to use for requests to the ingest API.
|
212
216
|
|
213
|
-
### ingest_api_tenant: (string)
|
217
|
+
### ingest_api_tenant: (string)
|
214
218
|
|
215
219
|
Indicates which tenant Splunk should use for requests to the ingest API.
|
216
220
|
|
217
|
-
### ingest_api_events_endpoint: (string)
|
221
|
+
### ingest_api_events_endpoint: (string)
|
218
222
|
|
219
223
|
Indicates which endpoint to use for requests to the ingest API.
|
220
224
|
|
221
|
-
### debug_http: (bool)
|
225
|
+
### debug_http: (bool)
|
222
226
|
Set to True if you want to debug requests and responses to ingest API. Default is false.
|
223
227
|
|
224
228
|
### Parameters for both `splunk_hec` and `splunk_ingest_api`
|
@@ -330,7 +334,7 @@ If a parameter has just a key, it means its value is exactly the same as the key
|
|
330
334
|
|
331
335
|
#### When `data_type` is `metric`
|
332
336
|
|
333
|
-
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
337
|
+
For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration:
|
334
338
|
|
335
339
|
```
|
336
340
|
<match **>
|
@@ -381,7 +385,7 @@ Multiple `<format>` sections can be defined to use different formatters for diff
|
|
381
385
|
</format>
|
382
386
|
```
|
383
387
|
|
384
|
-
This example:
|
388
|
+
This example:
|
385
389
|
- Formats events with tags that start with `sometag.` with the `single_value` formatter
|
386
390
|
- Formats events with tags `some.othertag` with the `csv` formatter
|
387
391
|
- Formats all other events with the `json` formatter (the default formatter)
|
@@ -398,7 +402,7 @@ The following parameters can be used for tuning HTTP connections:
|
|
398
402
|
|
399
403
|
#### idle_timeout (integer)
|
400
404
|
|
401
|
-
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
405
|
+
The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts.
|
402
406
|
|
403
407
|
#### read_timeout (integer)
|
404
408
|
|
@@ -457,4 +461,4 @@ Here are some hints:
|
|
457
461
|
|
458
462
|
## License
|
459
463
|
|
460
|
-
Please see [LICENSE](LICENSE).
|
464
|
+
Please see [LICENSE](LICENSE).
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.13
|
@@ -35,7 +35,7 @@ Gem::Specification.new do |spec|
|
|
35
35
|
|
36
36
|
spec.add_runtime_dependency 'fluentd', '>= 1.4'
|
37
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
38
|
-
spec.add_runtime_dependency 'net-http-persistent', '~>
|
38
|
+
spec.add_runtime_dependency 'net-http-persistent', '~> 4.0'
|
39
39
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
40
40
|
spec.add_runtime_dependency 'prometheus-client', '>= 2.1.0'
|
41
41
|
|
@@ -36,6 +36,9 @@ module Fluent::Plugin
|
|
36
36
|
desc 'The port number to HEC, or HEC load balancer.'
|
37
37
|
config_param :hec_port, :integer, default: 8088
|
38
38
|
|
39
|
+
desc 'HEC REST API endpoint to use'
|
40
|
+
config_param :hec_endpoint, :string, default: 'services/collector'
|
41
|
+
|
39
42
|
desc 'Full url to connect tosplunk. Example: https://mydomain.com:8088/apps/splunk'
|
40
43
|
config_param :full_url, :string, default: ''
|
41
44
|
|
@@ -166,8 +169,8 @@ module Fluent::Plugin
|
|
166
169
|
end
|
167
170
|
|
168
171
|
def shutdown
|
172
|
+
@conn.shutdown if not @conn.nil?
|
169
173
|
super
|
170
|
-
@conn.shutdown
|
171
174
|
end
|
172
175
|
|
173
176
|
def format(tag, time, record)
|
@@ -287,9 +290,9 @@ module Fluent::Plugin
|
|
287
290
|
|
288
291
|
def construct_api
|
289
292
|
if @full_url.empty?
|
290
|
-
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/
|
293
|
+
URI("#{@protocol}://#{@hec_host}:#{@hec_port}/#{@hec_endpoint.delete_prefix("/")}")
|
291
294
|
else
|
292
|
-
URI("#{@full_url.delete_suffix("/")}/
|
295
|
+
URI("#{@full_url.delete_suffix("/")}/#{@hec_endpoint.delete_prefix("/")}")
|
293
296
|
end
|
294
297
|
rescue StandardError
|
295
298
|
if @full_url.empty?
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.13
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2022-
|
11
|
+
date: 2022-04-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|
@@ -44,14 +44,14 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: '
|
47
|
+
version: '4.0'
|
48
48
|
type: :runtime
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: '
|
54
|
+
version: '4.0'
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: openid_connect
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -221,13 +221,13 @@ signing_key:
|
|
221
221
|
specification_version: 4
|
222
222
|
summary: Fluentd plugin for Splunk HEC.
|
223
223
|
test_files:
|
224
|
-
- test/
|
225
|
-
- test/
|
226
|
-
- test/test_helper.rb
|
224
|
+
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
225
|
+
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
227
226
|
- test/lib/webmock/http_lib_adapters/excon_adapter.rb
|
228
227
|
- test/lib/webmock/http_lib_adapters/em_http_request_adapter.rb
|
229
228
|
- test/lib/webmock/http_lib_adapters/typhoeus_hydra_adapter.rb
|
230
|
-
- test/lib/webmock/http_lib_adapters/manticore_adapter.rb
|
231
|
-
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
232
|
-
- test/lib/webmock/http_lib_adapters/patron_adapter.rb
|
233
229
|
- test/lib/webmock/http_lib_adapters/http_rb_adapter.rb
|
230
|
+
- test/lib/webmock/http_lib_adapters/curb_adapter.rb
|
231
|
+
- test/test_helper.rb
|
232
|
+
- test/fluent/plugin/out_splunk_hec_test.rb
|
233
|
+
- test/fluent/plugin/out_splunk_ingest_api_test.rb
|