fluent-plugin-splunk-hec 1.2.2 → 1.2.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +6 -48
- data/README.md +8 -0
- data/VERSION +1 -1
- data/fluent-plugin-splunk-hec.gemspec +1 -4
- data/lib/fluent/plugin/out_splunk_hec.rb +14 -2
- metadata +4 -46
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e144a9789e7458c60740d05f2a53cbf18787991f19f61aeff224c0114d6f5001
|
4
|
+
data.tar.gz: 96edae330175b273c041c933a03fa052a6a41f9fb736bb28549d2405668dac71
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: fe149f5fe894e6cccbae1c17d181f84bb7ec0ce4a71d7f4da0c71eb663e6d82134bd1783eb8901c10183face7c713f4b0d60117f76d5647180eeea345deac774
|
7
|
+
data.tar.gz: 7bbda982e056231f17adc319045d6321d70641b0fc11d19d58dbbf5291251b79cdb0f2f84f6ed6fb69d06cdaf731bb44cc296e4e7de945df72a20d69090e75db
|
data/Gemfile.lock
CHANGED
@@ -1,11 +1,8 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
fluent-plugin-splunk-hec (1.2.
|
5
|
-
activesupport (~> 5.2)
|
6
|
-
fluent-plugin-kubernetes_metadata_filter (~> 2.4)
|
4
|
+
fluent-plugin-splunk-hec (1.2.3)
|
7
5
|
fluentd (>= 1.4)
|
8
|
-
http_parser.rb (= 0.5.3)
|
9
6
|
multi_json (~> 1.13)
|
10
7
|
net-http-persistent (~> 3.1)
|
11
8
|
openid_connect (~> 1.1.8)
|
@@ -14,9 +11,9 @@ PATH
|
|
14
11
|
GEM
|
15
12
|
remote: https://rubygems.org/
|
16
13
|
specs:
|
17
|
-
activemodel (5.2.4.
|
18
|
-
activesupport (= 5.2.4.
|
19
|
-
activesupport (5.2.4.
|
14
|
+
activemodel (5.2.4.3)
|
15
|
+
activesupport (= 5.2.4.3)
|
16
|
+
activesupport (5.2.4.3)
|
20
17
|
concurrent-ruby (~> 1.0, >= 1.0.2)
|
21
18
|
i18n (>= 0.7, < 2)
|
22
19
|
minitest (~> 5.1)
|
@@ -33,16 +30,6 @@ GEM
|
|
33
30
|
crack (0.4.3)
|
34
31
|
safe_yaml (~> 1.0.0)
|
35
32
|
docile (1.3.2)
|
36
|
-
domain_name (0.5.20190701)
|
37
|
-
unf (>= 0.0.5, < 1.0.0)
|
38
|
-
ffi (1.12.2)
|
39
|
-
ffi-compiler (1.0.1)
|
40
|
-
ffi (>= 1.0.0)
|
41
|
-
rake
|
42
|
-
fluent-plugin-kubernetes_metadata_filter (2.4.2)
|
43
|
-
fluentd (>= 0.14.0, < 2)
|
44
|
-
kubeclient (< 5)
|
45
|
-
lru_redux
|
46
33
|
fluentd (1.9.2)
|
47
34
|
cool.io (>= 1.4.5, < 2.0.0)
|
48
35
|
http_parser.rb (>= 0.5.1, < 0.7.0)
|
@@ -54,17 +41,6 @@ GEM
|
|
54
41
|
tzinfo-data (~> 1.0)
|
55
42
|
yajl-ruby (~> 1.0)
|
56
43
|
hashdiff (1.0.0)
|
57
|
-
http (4.3.0)
|
58
|
-
addressable (~> 2.3)
|
59
|
-
http-cookie (~> 1.0)
|
60
|
-
http-form_data (~> 2.2)
|
61
|
-
http-parser (~> 1.2.0)
|
62
|
-
http-accept (1.7.0)
|
63
|
-
http-cookie (1.0.3)
|
64
|
-
domain_name (~> 0.5)
|
65
|
-
http-form_data (2.2.0)
|
66
|
-
http-parser (1.2.1)
|
67
|
-
ffi-compiler (>= 1.0, < 2.0)
|
68
44
|
http_parser.rb (0.5.3)
|
69
45
|
httpclient (2.8.3)
|
70
46
|
i18n (1.8.2)
|
@@ -75,23 +51,14 @@ GEM
|
|
75
51
|
activesupport (>= 4.2)
|
76
52
|
aes_key_wrap
|
77
53
|
bindata
|
78
|
-
kubeclient (4.6.0)
|
79
|
-
http (>= 3.0, < 5.0)
|
80
|
-
recursive-open-struct (~> 1.0, >= 1.0.4)
|
81
|
-
rest-client (~> 2.0)
|
82
|
-
lru_redux (1.1.0)
|
83
54
|
mail (2.7.1)
|
84
55
|
mini_mime (>= 0.1.1)
|
85
|
-
mime-types (3.3.1)
|
86
|
-
mime-types-data (~> 3.2015)
|
87
|
-
mime-types-data (3.2019.1009)
|
88
56
|
mini_mime (1.0.2)
|
89
57
|
minitest (5.14.0)
|
90
58
|
msgpack (1.3.3)
|
91
59
|
multi_json (1.14.1)
|
92
60
|
net-http-persistent (3.1.0)
|
93
61
|
connection_pool (~> 2.2)
|
94
|
-
netrc (0.11.0)
|
95
62
|
openid_connect (1.1.8)
|
96
63
|
activemodel
|
97
64
|
attr_required (>= 1.0.0)
|
@@ -111,7 +78,7 @@ GEM
|
|
111
78
|
quantile (~> 0.2.1)
|
112
79
|
public_suffix (4.0.3)
|
113
80
|
quantile (0.2.1)
|
114
|
-
rack (2.2.
|
81
|
+
rack (2.2.3)
|
115
82
|
rack-oauth2 (1.10.1)
|
116
83
|
activesupport
|
117
84
|
attr_required
|
@@ -120,12 +87,6 @@ GEM
|
|
120
87
|
rack
|
121
88
|
rainbow (3.0.0)
|
122
89
|
rake (12.3.3)
|
123
|
-
recursive-open-struct (1.1.0)
|
124
|
-
rest-client (2.1.0)
|
125
|
-
http-accept (>= 1.7.0, < 2.0)
|
126
|
-
http-cookie (>= 1.0.2, < 2.0)
|
127
|
-
mime-types (>= 1.16, < 4.0)
|
128
|
-
netrc (~> 0.8)
|
129
90
|
rubocop (0.63.1)
|
130
91
|
jaro_winkler (~> 1.5.1)
|
131
92
|
parallel (~> 1.10)
|
@@ -156,9 +117,6 @@ GEM
|
|
156
117
|
thread_safe (~> 0.1)
|
157
118
|
tzinfo-data (1.2019.3)
|
158
119
|
tzinfo (>= 1.0.0)
|
159
|
-
unf (0.1.4)
|
160
|
-
unf_ext
|
161
|
-
unf_ext (0.0.7.6)
|
162
120
|
unicode-display_width (1.4.1)
|
163
121
|
validate_email (0.1.6)
|
164
122
|
activemodel (>= 3.0)
|
@@ -182,7 +140,7 @@ DEPENDENCIES
|
|
182
140
|
bundler (~> 2.0)
|
183
141
|
fluent-plugin-splunk-hec!
|
184
142
|
minitest (~> 5.0)
|
185
|
-
rake (
|
143
|
+
rake (>= 12.0)
|
186
144
|
rubocop (~> 0.63.1)
|
187
145
|
simplecov
|
188
146
|
test-unit (~> 3.0)
|
data/README.md
CHANGED
@@ -273,6 +273,14 @@ When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `
|
|
273
273
|
|
274
274
|
Depending on the value of `data_type` parameter, the parameters inside the `<fields>` section have different meanings. Despite the meaning, the syntax for parameters is unique.
|
275
275
|
|
276
|
+
### app_name (string) (Optional)
|
277
|
+
|
278
|
+
Splunk app name using this plugin (default to `hec_plugin_gem`)
|
279
|
+
|
280
|
+
### app_version (string) (Optional)
|
281
|
+
|
282
|
+
The version of Splunk app using this this plugin (default to plugin version)
|
283
|
+
|
276
284
|
#### When `data_type` is `event`
|
277
285
|
|
278
286
|
In this case, parameters inside `<fields>` are used as indexed fields and removed from the original input events. Please see the "Add a "fields" property at the top JSON level" [here](http://dev.splunk.com/view/event-collector/SP-CAAAFB6) for details. Given we have configuration like
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.2.
|
1
|
+
1.2.3
|
@@ -33,17 +33,14 @@ Gem::Specification.new do |spec|
|
|
33
33
|
|
34
34
|
spec.required_ruby_version = '>= 2.3.0'
|
35
35
|
|
36
|
-
spec.add_runtime_dependency 'fluent-plugin-kubernetes_metadata_filter', '~> 2.4'
|
37
36
|
spec.add_runtime_dependency 'fluentd', '>= 1.4'
|
38
37
|
spec.add_runtime_dependency 'multi_json', '~> 1.13'
|
39
38
|
spec.add_runtime_dependency 'net-http-persistent', '~> 3.1'
|
40
39
|
spec.add_runtime_dependency 'openid_connect', '~> 1.1.8'
|
41
40
|
spec.add_runtime_dependency 'prometheus-client', '< 0.10.0'
|
42
|
-
spec.add_runtime_dependency 'activesupport', '~> 5.2'
|
43
|
-
spec.add_runtime_dependency 'http_parser.rb', '= 0.5.3'
|
44
41
|
|
45
42
|
spec.add_development_dependency 'bundler', '~> 2.0'
|
46
|
-
spec.add_development_dependency 'rake', '
|
43
|
+
spec.add_development_dependency 'rake', '>= 12.0'
|
47
44
|
# required by fluent/test.rb
|
48
45
|
spec.add_development_dependency 'minitest', '~> 5.0'
|
49
46
|
spec.add_development_dependency 'rubocop', '~> 0.63.1'
|
@@ -87,6 +87,12 @@ module Fluent::Plugin
|
|
87
87
|
desc 'When set to true, all fields defined in `index_key`, `host_key`, `source_key`, `sourcetype_key`, `metric_name_key`, `metric_value_key` will not be removed from the original event.'
|
88
88
|
config_param :keep_keys, :bool, default: false
|
89
89
|
|
90
|
+
desc 'App name'
|
91
|
+
config_param :app_name, :string, default: "hec_plugin_gem"
|
92
|
+
|
93
|
+
desc 'App version'
|
94
|
+
config_param :app_version, :string, default: "#{VERSION}"
|
95
|
+
|
90
96
|
desc 'Define index-time fields for event data type, or metric dimensions for metric data type. Null value fields will be removed.'
|
91
97
|
config_section :fields, init: false, multi: false, required: false do
|
92
98
|
# this is blank on purpose
|
@@ -138,6 +144,9 @@ module Fluent::Plugin
|
|
138
144
|
c.override_headers['Content-Type'] = 'application/json'
|
139
145
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
140
146
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
147
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
148
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
149
|
+
|
141
150
|
end
|
142
151
|
end
|
143
152
|
|
@@ -277,6 +286,9 @@ module Fluent::Plugin
|
|
277
286
|
c.override_headers['Content-Type'] = 'application/json'
|
278
287
|
c.override_headers['User-Agent'] = "fluent-plugin-splunk_hec_out/#{VERSION}"
|
279
288
|
c.override_headers['Authorization'] = "Splunk #{@hec_token}"
|
289
|
+
c.override_headers['__splunk_app_name'] = "#{@app_name}"
|
290
|
+
c.override_headers['__splunk_app_version'] = "#{@app_version}"
|
291
|
+
|
280
292
|
end
|
281
293
|
end
|
282
294
|
|
@@ -291,12 +303,12 @@ module Fluent::Plugin
|
|
291
303
|
t2 = Time.now
|
292
304
|
|
293
305
|
# raise Exception to utilize Fluentd output plugin retry machanism
|
294
|
-
raise "Server error (#{response.code}) for POST #{@
|
306
|
+
raise "Server error (#{response.code}) for POST #{@api}, response: #{response.body}" if response.code.start_with?('5')
|
295
307
|
|
296
308
|
# For both success response (2xx) and client errors (4xx), we will consume the chunk.
|
297
309
|
# Because there probably a bug in the code if we get 4xx errors, retry won't do any good.
|
298
310
|
if not response.code.start_with?('2')
|
299
|
-
log.error "Failed POST to #{@
|
311
|
+
log.error "Failed POST to #{@api}, response: #{response.body}"
|
300
312
|
log.debug { "Failed request body: #{post.body}" }
|
301
313
|
end
|
302
314
|
|
metadata
CHANGED
@@ -1,29 +1,15 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunk-hec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Splunk Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-07-27 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
|
-
- !ruby/object:Gem::Dependency
|
14
|
-
name: fluent-plugin-kubernetes_metadata_filter
|
15
|
-
requirement: !ruby/object:Gem::Requirement
|
16
|
-
requirements:
|
17
|
-
- - "~>"
|
18
|
-
- !ruby/object:Gem::Version
|
19
|
-
version: '2.4'
|
20
|
-
type: :runtime
|
21
|
-
prerelease: false
|
22
|
-
version_requirements: !ruby/object:Gem::Requirement
|
23
|
-
requirements:
|
24
|
-
- - "~>"
|
25
|
-
- !ruby/object:Gem::Version
|
26
|
-
version: '2.4'
|
27
13
|
- !ruby/object:Gem::Dependency
|
28
14
|
name: fluentd
|
29
15
|
requirement: !ruby/object:Gem::Requirement
|
@@ -94,34 +80,6 @@ dependencies:
|
|
94
80
|
- - "<"
|
95
81
|
- !ruby/object:Gem::Version
|
96
82
|
version: 0.10.0
|
97
|
-
- !ruby/object:Gem::Dependency
|
98
|
-
name: activesupport
|
99
|
-
requirement: !ruby/object:Gem::Requirement
|
100
|
-
requirements:
|
101
|
-
- - "~>"
|
102
|
-
- !ruby/object:Gem::Version
|
103
|
-
version: '5.2'
|
104
|
-
type: :runtime
|
105
|
-
prerelease: false
|
106
|
-
version_requirements: !ruby/object:Gem::Requirement
|
107
|
-
requirements:
|
108
|
-
- - "~>"
|
109
|
-
- !ruby/object:Gem::Version
|
110
|
-
version: '5.2'
|
111
|
-
- !ruby/object:Gem::Dependency
|
112
|
-
name: http_parser.rb
|
113
|
-
requirement: !ruby/object:Gem::Requirement
|
114
|
-
requirements:
|
115
|
-
- - '='
|
116
|
-
- !ruby/object:Gem::Version
|
117
|
-
version: 0.5.3
|
118
|
-
type: :runtime
|
119
|
-
prerelease: false
|
120
|
-
version_requirements: !ruby/object:Gem::Requirement
|
121
|
-
requirements:
|
122
|
-
- - '='
|
123
|
-
- !ruby/object:Gem::Version
|
124
|
-
version: 0.5.3
|
125
83
|
- !ruby/object:Gem::Dependency
|
126
84
|
name: bundler
|
127
85
|
requirement: !ruby/object:Gem::Requirement
|
@@ -140,14 +98,14 @@ dependencies:
|
|
140
98
|
name: rake
|
141
99
|
requirement: !ruby/object:Gem::Requirement
|
142
100
|
requirements:
|
143
|
-
- - "
|
101
|
+
- - ">="
|
144
102
|
- !ruby/object:Gem::Version
|
145
103
|
version: '12.0'
|
146
104
|
type: :development
|
147
105
|
prerelease: false
|
148
106
|
version_requirements: !ruby/object:Gem::Requirement
|
149
107
|
requirements:
|
150
|
-
- - "
|
108
|
+
- - ">="
|
151
109
|
- !ruby/object:Gem::Version
|
152
110
|
version: '12.0'
|
153
111
|
- !ruby/object:Gem::Dependency
|