fluent-plugin-splunk-http-eventcollector 0.0.4

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: a9bb8b2d4ecc9e67d89c91b7c146b3be7396e12d
+  data.tar.gz: 08df84dc5e71141a4558fe2424798062061283dd
+SHA512:
+  metadata.gz: e51aabb236cd36f73b031c08982741defdc91abc27add9274671678bfdf2ed7ef06db4ad76feb69108d785a39a731681020ecc08dc49fe106c15054190d76844
+  data.tar.gz: b3196810b72dde78988d46495b9447dd9669851135beb8a5d3912fa1cb26fd179cc07f7fc51fa0a370514f19d61905b9c8b039c7779caf9de380c1152140a9de

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in fluent-plugin-splunk-http-eventcollector.gemspec
+gemspec
+
+#gem "test-unit"

data/LICENSE

@@ -0,0 +1,24 @@
+Copyright (c) 2015, Bryce Chidester (Calyptix Security)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+

data/README.md

@@ -0,0 +1,196 @@
+# Fluent::Plugin::SplunkHTTPEventcollector, a plugin for [Fluentd](http://fluentd.org)
+
+Splunk output plugin for Fluent event collector.
+
+This plugin interfaces with the Splunk HTTP Event Collector:
+  http://dev.splunk.com/view/event-collector/SP-CAAAE6M
+
+## Basic Example
+
+    <match **>
+      type splunk-http-eventcollector
+      server 127.0.0.1:8088
+      verify false
+      token YOUR-TOKEN
+
+      # Convert fluent tags to Splunk sources.
+      # If you set an index, "check_index false" is required.
+      host YOUR-HOSTNAME
+      index SOME-INDEX
+      check_index false
+      source {TAG}
+      sourcetype fluent
+
+      # TIMESTAMP: key1="value1" key2="value2" ...
+      time_format unixtime
+      format kvp
+
+      # Memory buffer with a short flush internal.
+      buffer_type memory
+      buffer_queue_limit 16
+      buffer_chunk_limit 8m
+      flush_interval 2s
+    </match>
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'fluent-plugin-splunk-http-eventcollector'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install fluent-plugin-splunk-http-eventcollector
+
+## Configuration
+
+Put the following lines to your fluent.conf:
+
+    <match **>
+      type splunk-http-eventcollector
+
+      # server: Splunk server host and port
+      # default: localhost:8088
+      server localhost:8088
+
+      # verify: SSL server verification
+      # default: true
+      #verify false
+
+      # token: the token issued
+      token YOUR-TOKEN
+
+      #
+      # Event Parameters
+      #
+
+      # host: 'host' parameter passed to Splunk
+      host YOUR-HOSTNAME
+
+      # index: 'index' parameter passed to Splunk (REST only)
+      # default: <none>
+      #index main
+
+      # check_index: 'check-index' parameter passed to Splunk (REST only)
+      # default: <none>
+      #check_index false
+
+      # host: 'source' parameter passed to Splunk
+      # default: {TAG}
+      #
+      # "{TAG}" will be replaced by fluent tags at runtime
+      source {TAG}
+
+      # sourcetype: 'sourcetype' parameter passed to Splunk
+      # default: fluent
+      sourcetype fluent
+
+      #
+      # Formatting Parameters
+      #
+
+      # time_format: the time format of each event
+      # value: none, unixtime, localtime, or any time format string
+      # default: localtime
+      time_format localtime
+
+      # format: the text format of each event
+      # value: json, kvp, or text
+      # default: json
+      #
+      # input = {"x":1, "y":"xyz", "message":"Hello, world!"}
+      # 
+      # 'json' is JSON encoding:
+      #   {"x":1,"y":"xyz","message":"Hello, world!"}
+      # 
+      # 'kvp' is "key=value" pairs, which is automatically detected as fields by Splunk:
+      #   x="1" y="xyz" message="Hello, world!"
+      # 
+      # 'text' outputs the value of "message" as is, with "key=value" pairs for others:
+      #   [x="1" y="xyz"] Hello, world!
+      format json
+
+      #
+      # Buffering Parameters
+      #
+
+      # Standard parameters for buffering.  See documentation for details:
+      #   http://docs.fluentd.org/articles/buffer-plugin-overview
+      buffer_type memory
+      buffer_queue_limit 16
+
+      # buffer_chunk_limit: The maxium size of POST data in a single API call.
+      # 
+      # This value should be reasonablly small since the current implementation
+      # of out_splunk-http-eventcollector converts a chunk to POST data on memory before API calls.
+      # The default value should be good enough.
+      buffer_chunk_limit 8m
+
+      # flush_interval: The interval of API requests.
+      # 
+      # Make sure that this value is sufficiently large to make successive API calls.
+      # Note that a different 'source' creates a different API POST, each of which may
+      # take two or more seconds.  If you include "{TAG}" in the source parameter and
+      # this 'match' section recieves many tags, a single flush may take long time.
+      # (Run fluentd with -v to see verbose logs.)
+      flush_interval 60s
+    </match>
+
+## Example
+
+    # Input from applications
+    <source>
+      type forward
+    </source>
+
+    # Input from log files
+    <source>
+      type tail
+      path /var/log/apache2/ssl_access.log
+      tag ssl_access.log
+      format /(?<message>.*)/
+      pos_file /var/log/td-agent/ssl_access.log.pos
+    </source>
+
+    # fluent logs in text format
+    <match fluent.*>
+      type splunk-http-eventcollector
+      protocol rest
+      server splunk.example.com:8089
+      auth admin:pass
+      sourcetype fluentd
+      format text
+    </match>
+
+    # log files in text format without timestamp
+    <match *.log>
+      type splunk-http-eventcollector
+      protocol rest
+      server splunk.example.com:8089
+      auth admin:pass
+      sourcetype log
+      time_format none
+      format text
+    </match>
+
+    # application logs in kvp format
+    <match app.**>
+      type splunk-http-eventcollector
+      protocol rest
+      server splunk.example.com:8089
+      auth admin:pass
+      sourcetype app
+      format kvp
+    </match>
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,10 @@
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+task :default => :test

data/fluent-plugin-splunk-http-eventcollector.gemspec

@@ -0,0 +1,26 @@
+# -*- encoding: utf-8 -*-
+$:.push File.expand_path("../lib", __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name             = "fluent-plugin-splunk-http-eventcollector"
+  gem.version          = "0.0.4"
+  gem.authors          = ["Bryce Chidester"]
+  gem.email            = ["bryce.chidester@calyptix.com"]
+  gem.summary          = "Splunk output plugin for Fluentd"
+  gem.description      = "Splunk output plugin (HTTP Event Collector) for Fluentd event collector"
+  gem.homepage         = "https://github.com/brycied00d/fluent-plugin-splunk-http-eventcollector"
+  gem.license          = 'BSD 2-clause'
+  gem.extra_rdoc_files = [ "LICENSE", "README.md" ]
+  gem.files            = [ ".gitignore", "Gemfile", "LICENSE", "README.md",
+                           "Rakefile", "test/helper.rb",
+                           "fluent-plugin-splunk-http-eventcollector.gemspec",
+                           "lib/fluent/plugin/out_splunk-http-eventcollector.rb",
+                           "test/plugin/test_out_splunk-http-eventcollector.rb" ]
+  gem.test_files       = [ "test/helper.rb", 
+                           "test/plugin/test_out_splunk-http-eventcollector.rb" ]
+  gem.require_paths    = ["lib"]
+
+  gem.add_development_dependency "test-unit", '~> 3.1'
+  gem.add_runtime_dependency "fluentd", '~> 0.12'
+  gem.add_runtime_dependency "net-http-persistent", '~> 2.9'
+end

data/lib/fluent/plugin/out_splunk-http-eventcollector.rb

@@ -0,0 +1,221 @@
+=begin
+
+Copyright (c) 2015, Bryce Chidester (Calyptix Security)
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this
+  list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice,
+  this list of conditions and the following disclaimer in the documentation
+  and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+=end
+
+module Fluent
+class SplunkHTTPEventcollectorOutput < BufferedOutput
+  Plugin.register_output('splunk-http-eventcollector', self)
+  
+  config_param :test_mode, :bool, :default => false
+  
+  config_param :server, :string, :default => 'localhost:8088'
+  config_param :verify, :bool, :default => true
+  config_param :token, :string, :default => nil
+  
+  # Event parameters
+  config_param :host, :string, :default => nil
+  config_param :index, :string, :default => 'main'
+  
+  config_param :post_retry_max, :integer, :default => 5
+  config_param :post_retry_interval, :integer, :default => 5
+  
+  # TODO Find better upper limits
+  config_param :batch_size_limit, :integer, :default => 262144 # 65535
+  #config_param :batch_event_limit, :integer, :default => 100
+  
+  # Called on class load (class initializer)
+  def initialize
+    super
+    $log.debug "splunk-http-eventcollector(initialize) called"
+    require 'net/http/persistent'
+    require 'openssl'
+  end  # initialize
+  
+  ## This method is called before starting.
+  ## 'conf' is a Hash that includes configuration parameters.
+  ## If the configuration is invalid, raise Fluent::ConfigError.
+  def configure(conf)
+    super
+    $log.debug "splunk-http-eventcollector(configure) called"
+    begin
+      @splunk_uri = URI "https://#{@server}/services/collector"
+    rescue
+      raise ConfigError, "Unable to parse the server into a URI."
+    end
+    # TODO Add other robust input/syntax checks.
+  end  # configure
+  
+  ## This method is called when starting.
+  ## Open sockets or files here.
+  def start
+    super
+    $log.debug "splunk-http-eventcollector(start) called"
+    @http = Net::HTTP::Persistent.new 'fluent-plugin-splunk-http-eventcollector'
+    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE unless @verify
+    @http.override_headers['Content-Type'] = 'application/json'
+    @http.override_headers['User-Agent'] = 'fluent-plugin-splunk-http-eventcollector/0.0.1'
+    @http.override_headers['Authorization'] = "Splunk #{@token}"
+    
+    $log.debug "initialized for splunk-http-eventcollector"
+  end
+  
+  ## This method is called when shutting down.
+  ## Shutdown the thread and close sockets or files here.
+  def shutdown
+    super
+    $log.debug "splunk-http-eventcollector(shutdown) called"
+    
+    @http.shutdown
+    $log.debug "shutdown from splunk-http-eventcollector"
+  end  # shutdown
+  
+  ## This method is called when an event reaches to Fluentd. (like unbuffered emit())
+  ## Convert the event to a raw string.
+  def format(tag, time, record)
+    #$log.debug "splunk-http-eventcollector(format) called"
+    # Basic object for Splunk. Note explicit type-casting to avoid accidental errors.
+    splunk_object = Hash[
+        "event" => record["message"],
+        "time" => time.to_i,
+        "source" => tag.to_s,
+        "host" => @host.to_s,
+        "index" => @index.to_s
+        ]
+    json_event = splunk_object.to_json
+    #$log.debug "Generated JSON(#{json_event.class.to_s}): #{json_event.to_s}"
+    #$log.debug "format: returning: #{[tag, record].to_json.to_s}"
+    json_event
+  end
+  
+  # By this point, fluentd has decided its buffer is full and it's time to flush
+  # it. chunk.read is a concatenated string of JSON.to_s objects. Simply POST
+  # them to Splunk and go about our life.
+  ## This method is called every flush interval. Write the buffer chunk
+  ## to files or databases here.
+  ## 'chunk' is a buffer chunk that includes multiple formatted
+  ## events. You can use 'data = chunk.read' to get all events and
+  ## 'chunk.open {|io| ... }' to get IO objects.
+  ##
+  ## NOTE! This method is called by internal thread, not Fluentd's main thread. So IO wait doesn't affect other plugins.
+  def write(chunk)
+    $log.debug "splunk-http-eventcollector(write) called"
+    
+    # Break the concatenated string of JSON-formatted events into an Array
+    split_chunk = chunk.read.split("}{").each do |x|
+      # Reconstruct the opening{/closing} that #split() strips off.
+      x.prepend("{") unless x.start_with?("{")
+      x << "}" unless x.end_with?("}")
+    end
+    $log.debug "Pushing #{numfmt(split_chunk.size)} events (" +
+        "#{numfmt(chunk.read.bytesize)} bytes) to Splunk."
+    # If fluentd is pushing too much data to Splunk at once, split up the payload
+    # Don't care about the number of events so much as the POST size (bytes)
+    #if split_chunk.size > @batch_event_limit
+    #  $log.warn "Fluentd is attempting to push #{numfmt(split_chunk.size)} " +
+    #      "events in a single push to Splunk. The configured limit is " + 
+    #      "#{numfmt(@batch_event_limit)}."
+    #end
+    if chunk.read.bytesize > @batch_size_limit
+      $log.warn "Fluentd is attempting to push #{numfmt(chunk.read.bytesize)} " +
+          "bytes in a single push to Splunk. The configured limit is " + 
+          "#{numfmt(@batch_size_limit)} bytes."
+      newbuffer = Array.new
+      split_chunk_counter = 0
+      split_chunk.each do |c|
+        split_chunk_counter = split_chunk_counter + 1
+        #$log.debug "(#{numfmt(split_chunk_counter)}/#{numfmt(split_chunk.size)}) " +
+        #    "newbuffer.bytesize=#{numfmt(newbuffer.join.bytesize)} + " +
+        #    "c.bytesize=#{numfmt(c.bytesize)} ????"
+        if newbuffer.join.bytesize + c.bytesize < @batch_size_limit
+          #$log.debug "Appended!"
+          newbuffer << c
+        else
+          # Reached the limit - push the current newbuffer.join, and reset
+          #$log.debug "Would exceed limit. Flushing newbuffer and continuing."
+          $log.debug "(#{numfmt(split_chunk_counter)}/#{numfmt(split_chunk.size)}) " +
+              "newbuffer.bytesize=#{numfmt(newbuffer.join.bytesize)} + " +
+              "c.bytesize=#{numfmt(c.bytesize)} > #{numfmt(@batch_size_limit)}, " +
+              "flushing current buffer to Splunk."
+          push_buffer newbuffer.join
+          newbuffer = Array c
+        end # if/else buffer fits limit
+      end # split_chunk.each
+      # Push anything left over.
+      push_buffer newbuffer.join if newbuffer.size
+      return
+    else
+      return push_buffer chunk.read
+    end # if chunk.read.bytesize > @batch_size_limit
+  end # write
+  
+  def push_buffer(body)
+    post = Net::HTTP::Post.new @splunk_uri.request_uri
+    post.body = body
+    $log.debug "POST #{@splunk_uri}"
+    if @test_mode
+      $log.debug "TEST_MODE Payload: #{body}"
+      return
+    end
+    # retry up to :post_retry_max times
+    1.upto(@post_retry_max) do |c|
+      response = @http.request @splunk_uri, post
+      $log.debug "=>(#{c}/#{numfmt(@post_retry_max)}) #{response.code} " +
+          "(#{response.message})"
+      # TODO check the actual server response too (it's JSON)
+      if response.code == "200"  # and...
+        # success
+        break
+      # TODO check 40X response within post_retry_max and retry
+      elsif response.code.match(/^50/) and c < @post_retry_max
+        # retry
+        $log.warn "#{@splunk_uri}: Server error #{response.code} (" +
+            "#{response.message}). Retrying in #{@post_retry_interval} " +
+            "seconds.\n#{response.body}"
+        sleep @post_retry_interval
+        next
+      elsif response.code.match(/^40/)
+        # user error
+        $log.error "#{@splunk_uri}: #{response.code} (#{response.message})\n#{response.body}"
+        break
+      elsif c < @post_retry_max
+        # retry
+        $log.debug "#{@splunk_uri}: Retrying..."
+        sleep @post_retry_interval
+        next
+      else
+        # other errors. fluentd will retry processing on exception
+        # FIXME: this may duplicate logs when using multiple buffers
+        raise "#{@splunk_uri}: #{response.message}"
+      end # If response.code
+    end # 1.upto(@post_retry_max)
+  end # push_buffer
+  
+  def numfmt(input)
+    input.to_s.reverse.gsub(/(\d{3})(?=\d)/, '\1,').reverse
+  end # numfmt
+end  # class SplunkHTTPEventcollectorOutput
+end  # module Fluent

data/test/helper.rb

@@ -0,0 +1,28 @@
+require 'rubygems'
+require 'bundler'
+begin
+  Bundler.setup(:default, :development)
+rescue Bundler::BundlerError => e
+  $stderr.puts e.message
+  $stderr.puts "Run `bundle install` to install missing gems"
+  exit e.status_code
+end
+require 'test/unit'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'fluent/test'
+unless ENV.has_key?('VERBOSE')
+  nulllogger = Object.new
+  nulllogger.instance_eval {|obj|
+    def method_missing(method, *args)
+      # pass
+    end
+  }
+  $log = nulllogger
+end
+
+require 'fluent/plugin/out_splunk-http-eventcollector'
+
+class Test::Unit::TestCase
+end

data/test/plugin/test_out_splunk-http-eventcollector.rb

@@ -0,0 +1,34 @@
+require 'helper'
+
+class SplunkHTTPEventcollectorOutputTest < Test::Unit::TestCase
+  def setup
+    Fluent::Test.setup
+  end
+
+  CONFIG = %[
+    server localhost:8089
+    verify false
+    token changeme
+  ]
+
+  def create_driver(conf=CONFIG, tag='test')
+    Fluent::Test::BufferedOutputTestDriver.new(Fluent::SplunkHTTPEventcollectorOutput, tag).configure(conf)
+  end
+
+  def test_configure
+    # default
+    d = create_driver
+    assert_equal '{TAG}', d.instance.source
+    assert_equal '_json', d.instance.sourcetype
+  end
+
+  def test_write
+    d = create_driver
+
+    time = Time.parse("2010-01-02 13:14:15 UTC").to_i
+    d.emit({"a"=>1}, time)
+    d.emit({"a"=>2}, time)
+
+    d.run
+  end
+end

metadata

@@ -0,0 +1,99 @@
+--- !ruby/object:Gem::Specification
+name: fluent-plugin-splunk-http-eventcollector
+version: !ruby/object:Gem::Version
+  version: 0.0.4
+platform: ruby
+authors:
+- Bryce Chidester
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-10-04 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.1'
+- !ruby/object:Gem::Dependency
+  name: fluentd
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.12'
+- !ruby/object:Gem::Dependency
+  name: net-http-persistent
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.9'
+description: Splunk output plugin (HTTP Event Collector) for Fluentd event collector
+email:
+- bryce.chidester@calyptix.com
+executables: []
+extensions: []
+extra_rdoc_files:
+- LICENSE
+- README.md
+files:
+- ".gitignore"
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- fluent-plugin-splunk-http-eventcollector.gemspec
+- lib/fluent/plugin/out_splunk-http-eventcollector.rb
+- test/helper.rb
+- test/plugin/test_out_splunk-http-eventcollector.rb
+homepage: https://github.com/brycied00d/fluent-plugin-splunk-http-eventcollector
+licenses:
+- BSD 2-clause
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Splunk output plugin for Fluentd
+test_files:
+- test/helper.rb
+- test/plugin/test_out_splunk-http-eventcollector.rb