fluent-plugin-splunkhec 1.0.1 → 1.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 84f47b38dbe7edabca5db1614024cf2bc6ca8ffe
4
- data.tar.gz: 1dd1c110988370ad9bbdd7c51f7fe2cbb640f1eb
3
+ metadata.gz: b095141e9e4ae6cecb11bfc80c7fe26503858909
4
+ data.tar.gz: e080ff03c7f54382761dfac6957807be0b278106
5
5
  SHA512:
6
- metadata.gz: c5c4693e79dcf825ecbeb879c72f18cedb9f094f8f86821a238337c8da0f96f86c4552ee36ddd464d0ebc7b9bc92e4dbd1810ac5e0f4516285aa9e876c21faa9
7
- data.tar.gz: c01a52a0c4f6875916437f2ca7111bada70c3372394004eca0fa03d00834ce34787b58f3f14e4d22b5b1a282ab58b00879103beba03fb84ea4747d57dc7c0676
6
+ metadata.gz: 1cbaa497638b467481b56f0472eb6eb20067784e88d6213baa8b74729194baa9fcfb5941f9e14fff3937d4d29ceed282dc36254810dc619d508cc599fe1eb54c
7
+ data.tar.gz: 8f5046116bd7fa08500b7b7b6ff0814cb46dd8b4b8ce269879cc6acc75f29ead9f64531972e1b5abad2c4a05d113e634d75fc74701529e087b7bbe2fe2c8fd22
@@ -1,3 +1,9 @@
1
+ ## 1.1
2
+
3
+ - Added send_event_as_json parameter to sent real json
4
+ - Added usejson parameter to have the option to sent raw data with time included
5
+ - Removed required from parameter definition
6
+
1
7
  ## 1.0.1
2
8
 
3
9
  Fixed config parameters used in Splunk URI.
data/README.md CHANGED
@@ -21,6 +21,8 @@ The Splunk HEC is running on a Heavy Forwarder or single instance. More info abo
21
21
  event_host fluentdhost #optional
22
22
  source fluentd #optional
23
23
  sourcetype data:type #optional
24
+ usejson true #optional defaults to true
25
+ send_event_as_json true #optional
24
26
  </source>
25
27
  ```
26
28
 
@@ -57,6 +59,14 @@ Specify the source-field for the event data in Splunk. If you don't specify this
57
59
 
58
60
  Specify the sourcetype-field for the event data in Splunk. If you don't specify this the plug-in will use the tag from the FluentD input plug-in.
59
61
 
62
+ ## config: send_event_as_json
63
+
64
+ Specify if an event should be sent as json rather than as a string. Can be 'true' or 'false'. If you don't specify then this will be 'false'.
65
+
66
+ ## config: usejson
67
+
68
+ Specify the event type as JSON (true|default) or raw (false) for sending Log4J messages so Splunk so it can parse the time field it self based on the format 'time' regex match found in the source, uses millisecond precision.
69
+
60
70
  ## Contributing
61
71
 
62
72
  1. Fork it
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
4
 
5
5
  Gem::Specification.new do |gem|
6
6
  gem.name = "fluent-plugin-splunkhec"
7
- gem.version = "1.0.1"
7
+ gem.version = "1.1"
8
8
  gem.authors = "Coen Meerbeek"
9
9
  gem.email = "cmeerbeek@gmail.com"
10
10
  gem.description = %q{Output plugin for the Splunk HTTP Event Collector.}
@@ -7,16 +7,18 @@ module Fluent
7
7
  Fluent::Plugin.register_output('splunkhec', self)
8
8
 
9
9
  # Primary Splunk HEC configuration parameters
10
- config_param :host, :string, :default => 'localhost', :required => true
11
- config_param :protocol, :string, :default => 'http', :required => true
12
- config_param :port, :string, :default => '8088', :required => true
13
- config_param :token, :string, :default => nil, :required => true
10
+ config_param :host, :string, :default => 'localhost'
11
+ config_param :protocol, :string, :default => 'http'
12
+ config_param :port, :string, :default => '8088'
13
+ config_param :token, :string, :default => nil
14
14
 
15
15
  # Splunk event parameters
16
16
  config_param :index, :string, :default => "main"
17
17
  config_param :event_host, :string, :default => nil
18
18
  config_param :source, :string, :default => "fluentd"
19
19
  config_param :sourcetype, :string, :default => nil
20
+ config_param :send_event_as_json, :string, :default => "false"
21
+ config_param :usejson, :string, :default => "true"
20
22
 
21
23
  # This method is called before starting.
22
24
  # Here we construct the Splunk HEC URL to POST data to
@@ -44,7 +46,13 @@ module Fluent
44
46
  else
45
47
  @event_sourcetype = conf['sourcetype']
46
48
  end
47
-
49
+
50
+ if conf['send_event_as_json'] == 'true'
51
+ @event_send_as_json = true
52
+ else
53
+ @event_send_as_json = false
54
+ end
55
+
48
56
  @event_index = @index
49
57
  @event_source = @source
50
58
  end
@@ -72,7 +80,11 @@ module Fluent
72
80
  when Fixnum
73
81
  event = record.to_s
74
82
  when Hash
75
- event = record.to_json.gsub("\"", %q(\\\"))
83
+ if @event_send_as_json
84
+ event = record.to_json
85
+ else
86
+ event = record.to_json.gsub("\"", %q(\\\"))
87
+ end
76
88
  else
77
89
  event = record
78
90
  end
@@ -82,7 +94,14 @@ module Fluent
82
94
  end
83
95
 
84
96
  # Build body for the POST request
85
- body = '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + @event_sourcetype + '", "source" :"' + @event_source + '", "index" :"' + @event_index + '", "host" : "' + @event_host + '"}'
97
+ if @usejson == 'false'
98
+ event = record["time"]+ " " + record["message"].to_json.gsub(/^"|"$/,"")
99
+ body = '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + @event_sourcetype + '", "source" :"' + @event_source + '", "index" :"' + @event_index + '", "host" : "' + @event_host + '"}'
100
+ elsif @event_send_as_json
101
+ body = '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + @event_sourcetype + '", "source" :"' + @event_source + '", "index" :"' + @event_index + '", "host" : "' + @event_host + '"}'
102
+ else
103
+ body = '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + @event_sourcetype + '", "source" :"' + @event_source + '", "index" :"' + @event_index + '", "host" : "' + @event_host + '"}'
104
+ end
86
105
  log.debug "splunkhec: " + body + "\n"
87
106
 
88
107
  uri = URI(@splunk_url)
@@ -24,7 +24,7 @@ unless ENV.has_key?("VERBOSE")
24
24
  $log = nulllogger
25
25
  end
26
26
 
27
- require "fluent/plugin/in_splunkhec"
27
+ require "fluent/plugin/out_splunkhec"
28
28
 
29
29
  class Test::Unit::TestCase
30
30
  end
@@ -13,7 +13,7 @@ class SplunkHECOutputTest < Test::Unit::TestCase
13
13
  token BAB747F3-744E-41BA
14
14
  ]
15
15
 
16
- def create_driver_ga(conf = CONFIG_SPLUNKHEC)
16
+ def create_driver_splunkhec(conf = CONFIG_SPLUNKHEC)
17
17
  Fluent::Test::InputTestDriver.new(Fluent::SplunkHECOutput).configure(conf)
18
18
  end
19
19
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fluent-plugin-splunkhec
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: '1.1'
5
5
  platform: ruby
6
6
  authors:
7
7
  - Coen Meerbeek
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2017-02-16 00:00:00.000000000 Z
11
+ date: 2017-08-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: fluentd