fluent-plugin-splunkhec 1.2 → 1.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/fluent-plugin-splunkhec.gemspec +1 -1
- data/lib/fluent/plugin/out_splunkhec.rb +39 -36
- data/test/plugin/test_out_splunkhec.rb +11 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 73ac781b3d7ac398bb6a036ac69e24a4d874a5ba
|
4
|
+
data.tar.gz: 23b30525291f733e9fd87f6a3e6c286154a8aeca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59cec44df59a2c92ed4b5ca31303fa653c35658aadf9ea5b2b1704b8fa23c15e1397a6b6261ab4b65ce43f93aafbf52094064ba608dea999516956581ed45958
|
7
|
+
data.tar.gz: 2ae83c18ee9e770f3e0e77e4d5221e986dcbe1718caf8f09b869df383baff3535b22a96e36004a8b6e505f78f3d5483cd7161acdc66b575ae6581c9073dbdf13
|
data/CHANGELOG.md
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
6
|
gem.name = "fluent-plugin-splunkhec"
|
7
|
-
gem.version = "1.
|
7
|
+
gem.version = "1.3"
|
8
8
|
gem.authors = "Coen Meerbeek"
|
9
9
|
gem.email = "cmeerbeek@gmail.com"
|
10
10
|
gem.description = %q{Output plugin for the Splunk HTTP Event Collector.}
|
@@ -54,49 +54,44 @@ module Fluent
|
|
54
54
|
|
55
55
|
# Loop through all records and sent them to Splunk
|
56
56
|
def write(chunk)
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
event = record.to_json
|
67
|
-
else
|
68
|
-
event = record.to_json.gsub("\"", %q(\\\"))
|
69
|
-
end
|
57
|
+
body = ''
|
58
|
+
chunk.msgpack_each {|(tag,time,record)|
|
59
|
+
# Parse record to Splunk event format
|
60
|
+
case record
|
61
|
+
when Fixnum
|
62
|
+
event = record.to_s
|
63
|
+
when Hash
|
64
|
+
if @send_event_as_json
|
65
|
+
event = record.to_json
|
70
66
|
else
|
71
|
-
event = record
|
67
|
+
event = record.to_json.gsub("\"", %q(\\\"))
|
72
68
|
end
|
69
|
+
else
|
70
|
+
event = record
|
71
|
+
end
|
73
72
|
|
74
|
-
|
75
|
-
|
76
|
-
# Build body for the POST request
|
77
|
-
if !@usejson
|
78
|
-
event = record["time"]+ " " + record["message"].to_json.gsub(/^"|"$/,"")
|
79
|
-
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
80
|
-
elsif @send_event_as_json
|
81
|
-
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
82
|
-
else
|
83
|
-
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
84
|
-
end
|
73
|
+
sourcetype = @sourcetype == 'tag' ? tag : @sourcetype
|
85
74
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
75
|
+
# Build body for the POST request
|
76
|
+
if !@usejson
|
77
|
+
event = record["time"]+ " " + record["message"].to_json.gsub(/^"|"$/,"")
|
78
|
+
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
79
|
+
elsif @send_event_as_json
|
80
|
+
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
81
|
+
else
|
82
|
+
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
83
|
+
end
|
93
84
|
|
94
85
|
if @send_batched_events
|
86
|
+
body << "\n"
|
87
|
+
else
|
95
88
|
send_to_splunk(body)
|
89
|
+
body = ''
|
96
90
|
end
|
97
|
-
|
98
|
-
|
99
|
-
|
91
|
+
}
|
92
|
+
|
93
|
+
if @send_batched_events
|
94
|
+
send_to_splunk(body)
|
100
95
|
end
|
101
96
|
end
|
102
97
|
|
@@ -126,8 +121,16 @@ module Fluent
|
|
126
121
|
res = http.request(req)
|
127
122
|
log.debug "splunkhec: response HTTP Status Code is #{res.code}"
|
128
123
|
if res.code.to_i != 200
|
129
|
-
|
124
|
+
body = JSON.parse(res.body)
|
125
|
+
raise SplunkHECOutputError.new(body['text'], body['code'], body['invalid-event-number'], res.code)
|
130
126
|
end
|
131
127
|
end
|
132
128
|
end
|
129
|
+
|
130
|
+
class SplunkHECOutputError < StandardError
|
131
|
+
def initialize(message, status_code, invalid_event_number, http_status_code)
|
132
|
+
super("#{message} (http status code #{http_status_code}, status code #{status_code}, invalid event number #{invalid_event_number})")
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
133
136
|
end
|
@@ -162,4 +162,15 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
162
162
|
assert_requested(splunk_request)
|
163
163
|
end
|
164
164
|
|
165
|
+
def test_should_raise_exception_when_splunk_returns_error_to_make_fluentd_retry_later
|
166
|
+
stub_request(:any, SPLUNK_URL).to_return(status: 403, body: {'text' => 'Token disabled', 'code' => 1}.to_json)
|
167
|
+
|
168
|
+
assert_raise Fluent::SplunkHECOutputError do
|
169
|
+
d = create_driver_splunkhec
|
170
|
+
d.run do
|
171
|
+
d.emit({'message' => 'data'})
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
165
176
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunkhec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '1.
|
4
|
+
version: '1.3'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Coen Meerbeek
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-09-
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|