fluent-plugin-splunkhec 1.6 → 2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/.gitignore +87 -0
- data/.travis.yml +5 -0
- data/CHANGELOG.md +26 -1
- data/Gemfile +1 -1
- data/LICENSE +1 -1
- data/README.md +1 -1
- data/fluent-plugin-splunkhec.gemspec +8 -8
- data/lib/fluent/plugin/out_splunkhec.rb +85 -26
- data/test/helper.rb +1 -10
- data/test/plugin/test_out_splunkhec.rb +23 -22
- metadata +21 -26
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
|
-
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 6d43a5befa93ae2c233ccfa42e69905cd45e444daa63a146efe15e542b82291a
|
4
|
+
data.tar.gz: f7b5089afeb769ea44c76d12ba90ad65f372bc52712e682c1b3cac94d7025568
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d6818709d5c3e554c970439ed92b099b38e643ae4bf11a6f527d8c5e7f5b6fdfece34a61c74e935dcefd988d18e4dc2cfab4a6f64d88c36dd63a6d53319bb33b
|
7
|
+
data.tar.gz: f82e49af1ca1bae2e0ef392faaf39d35879b78286d2684597f2eb5391273789435d21397cffe08be401b3407cb709518c5ab6eb1309937bac4c1d4a656ae513d
|
data/.gitignore
ADDED
@@ -0,0 +1,87 @@
|
|
1
|
+
|
2
|
+
# Created by https://www.gitignore.io/api/ruby,macos
|
3
|
+
# Edit at https://www.gitignore.io/?templates=ruby,macos
|
4
|
+
|
5
|
+
### macOS ###
|
6
|
+
# General
|
7
|
+
.DS_Store
|
8
|
+
.AppleDouble
|
9
|
+
.LSOverride
|
10
|
+
|
11
|
+
# Icon must end with two \r
|
12
|
+
Icon
|
13
|
+
|
14
|
+
# Thumbnails
|
15
|
+
._*
|
16
|
+
|
17
|
+
# Files that might appear in the root of a volume
|
18
|
+
.DocumentRevisions-V100
|
19
|
+
.fseventsd
|
20
|
+
.Spotlight-V100
|
21
|
+
.TemporaryItems
|
22
|
+
.Trashes
|
23
|
+
.VolumeIcon.icns
|
24
|
+
.com.apple.timemachine.donotpresent
|
25
|
+
|
26
|
+
# Directories potentially created on remote AFP share
|
27
|
+
.AppleDB
|
28
|
+
.AppleDesktop
|
29
|
+
Network Trash Folder
|
30
|
+
Temporary Items
|
31
|
+
.apdisk
|
32
|
+
|
33
|
+
### Ruby ###
|
34
|
+
*.gem
|
35
|
+
*.rbc
|
36
|
+
/.config
|
37
|
+
/coverage/
|
38
|
+
/InstalledFiles
|
39
|
+
/pkg/
|
40
|
+
/spec/reports/
|
41
|
+
/spec/examples.txt
|
42
|
+
/test/tmp/
|
43
|
+
/test/version_tmp/
|
44
|
+
/tmp/
|
45
|
+
|
46
|
+
# Used by dotenv library to load environment variables.
|
47
|
+
# .env
|
48
|
+
|
49
|
+
# Ignore Byebug command history file.
|
50
|
+
.byebug_history
|
51
|
+
|
52
|
+
## Specific to RubyMotion:
|
53
|
+
.dat*
|
54
|
+
.repl_history
|
55
|
+
build/
|
56
|
+
*.bridgesupport
|
57
|
+
build-iPhoneOS/
|
58
|
+
build-iPhoneSimulator/
|
59
|
+
|
60
|
+
## Specific to RubyMotion (use of CocoaPods):
|
61
|
+
#
|
62
|
+
# We recommend against adding the Pods directory to your .gitignore. However
|
63
|
+
# you should judge for yourself, the pros and cons are mentioned at:
|
64
|
+
# https://guides.cocoapods.org/using/using-cocoapods.html#should-i-check-the-pods-directory-into-source-control
|
65
|
+
# vendor/Pods/
|
66
|
+
|
67
|
+
## Documentation cache and generated files:
|
68
|
+
/.yardoc/
|
69
|
+
/_yardoc/
|
70
|
+
/doc/
|
71
|
+
/rdoc/
|
72
|
+
|
73
|
+
## Environment normalization:
|
74
|
+
/.bundle/
|
75
|
+
/vendor/bundle
|
76
|
+
/lib/bundler/man/
|
77
|
+
|
78
|
+
# for a library or gem, you might want to ignore these files since the code is
|
79
|
+
# intended to run in multiple environments; otherwise, check them in:
|
80
|
+
# Gemfile.lock
|
81
|
+
# .ruby-version
|
82
|
+
# .ruby-gemset
|
83
|
+
|
84
|
+
# unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
|
85
|
+
.rvmrc
|
86
|
+
|
87
|
+
# End of https://www.gitignore.io/api/ruby,macos
|
data/.travis.yml
ADDED
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,28 @@
|
|
1
|
+
## 2.2
|
2
|
+
|
3
|
+
Replaced deprecated packet statement
|
4
|
+
|
5
|
+
## 2.1
|
6
|
+
|
7
|
+
Replaced yajl/json_ge for regular yajl
|
8
|
+
|
9
|
+
## 2.0
|
10
|
+
|
11
|
+
Migrate to use FluentD v1 API. It doesn't support backwards compatibility.
|
12
|
+
|
13
|
+
## 1.9
|
14
|
+
|
15
|
+
Reverted source and sourcetpye settings. They now reflect the README.
|
16
|
+
|
17
|
+
## 1.8
|
18
|
+
|
19
|
+
- Add expand function used in ES plugin an get variables from kubernetes tags in fluent.conf
|
20
|
+
|
21
|
+
## 1.7
|
22
|
+
|
23
|
+
- Fixed HTTP request (removed verify none)
|
24
|
+
- udpated testscript
|
25
|
+
- implemented travis.yml
|
1
26
|
|
2
27
|
## 1.6
|
3
28
|
|
@@ -44,4 +69,4 @@ Replaced RestClient for net/http.
|
|
44
69
|
|
45
70
|
## 0.9.0
|
46
71
|
|
47
|
-
First version
|
72
|
+
First version
|
data/Gemfile
CHANGED
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -4,22 +4,22 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
6
|
gem.name = "fluent-plugin-splunkhec"
|
7
|
-
gem.version = "
|
7
|
+
gem.version = "2.2"
|
8
8
|
gem.authors = "Coen Meerbeek"
|
9
9
|
gem.email = "cmeerbeek@gmail.com"
|
10
10
|
gem.description = %q{Output plugin for the Splunk HTTP Event Collector.}
|
11
11
|
gem.homepage = "https://github.com/cmeerbeek/fluent-plugin-splunkhec"
|
12
12
|
gem.summary = %q{This plugin allows you to sent events to the Splunk HTTP Event Collector.}
|
13
|
-
|
13
|
+
|
14
14
|
gem.files = `git ls-files`.split($\)
|
15
15
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
16
16
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
17
17
|
gem.require_paths = ["lib"]
|
18
|
-
|
19
|
-
gem.add_dependency "fluentd", [">=
|
20
|
-
gem.add_dependency "yajl-ruby", '>= 1.
|
21
|
-
gem.add_development_dependency "rake", '
|
22
|
-
gem.add_development_dependency "test-unit", '~> 3.
|
23
|
-
gem.add_development_dependency "webmock", '>= 3.0'
|
18
|
+
|
19
|
+
gem.add_dependency "fluentd", [">= 1.9.0", "< 2"]
|
20
|
+
gem.add_dependency "yajl-ruby", '>= 1.4.0'
|
21
|
+
gem.add_development_dependency "rake", '>= 13.0.0'
|
22
|
+
gem.add_development_dependency "test-unit", '~> 3.4', '>= 3.4.0'
|
23
|
+
gem.add_development_dependency "webmock", '>= 3.8.0'
|
24
24
|
gem.license = 'MIT'
|
25
25
|
end
|
@@ -1,11 +1,15 @@
|
|
1
|
-
require 'fluent/output'
|
1
|
+
require 'fluent/plugin/output'
|
2
2
|
require 'net/http'
|
3
|
-
require 'yajl
|
3
|
+
require 'yajl'
|
4
4
|
|
5
|
-
module Fluent
|
6
|
-
class SplunkHECOutput <
|
5
|
+
module Fluent::Plugin
|
6
|
+
class SplunkHECOutput < Output
|
7
7
|
Fluent::Plugin.register_output('splunkhec', self)
|
8
8
|
|
9
|
+
helpers :compat_parameters, :event_emitter
|
10
|
+
|
11
|
+
DEFAULT_BUFFER_TYPE = "memory"
|
12
|
+
|
9
13
|
# Primary Splunk HEC configuration parameters
|
10
14
|
config_param :host, :string, :default => 'localhost'
|
11
15
|
config_param :protocol, :string, :default => 'http'
|
@@ -15,19 +19,24 @@ module Fluent
|
|
15
19
|
# Splunk event parameters
|
16
20
|
config_param :index, :string, :default => 'main'
|
17
21
|
config_param :event_host, :string, :default => nil
|
18
|
-
config_param :source, :string, :default => '
|
19
|
-
config_param :sourcetype, :string, :default => '
|
22
|
+
config_param :source, :string, :default => 'fluentd'
|
23
|
+
config_param :sourcetype, :string, :default => 'tag'
|
20
24
|
config_param :send_event_as_json, :bool, :default => false
|
21
25
|
config_param :usejson, :bool, :default => true
|
22
26
|
config_param :send_batched_events, :bool, :default => false
|
23
27
|
|
28
|
+
config_section :buffer do
|
29
|
+
config_set_default :@type, DEFAULT_BUFFER_TYPE
|
30
|
+
end
|
31
|
+
|
24
32
|
# This method is called before starting.
|
25
33
|
# Here we construct the Splunk HEC URL to POST data to
|
26
34
|
# If the configuration is invalid, raise Fluent::ConfigError.
|
27
35
|
def configure(conf)
|
36
|
+
compat_parameters_convert(conf, :buffer)
|
28
37
|
super
|
29
38
|
@splunk_url = @protocol + '://' + @host + ':' + @port + '/services/collector/event'
|
30
|
-
log.info 'splunkhec:
|
39
|
+
log.info 'splunkhec: sending data to ' + @splunk_url
|
31
40
|
|
32
41
|
if conf['event_host'] == nil
|
33
42
|
begin
|
@@ -36,6 +45,7 @@ module Fluent
|
|
36
45
|
@event_host = 'unknown'
|
37
46
|
end
|
38
47
|
end
|
48
|
+
@packer = Fluent::MessagePackFactory.engine_factory.packer
|
39
49
|
end
|
40
50
|
|
41
51
|
def start
|
@@ -46,82 +56,131 @@ module Fluent
|
|
46
56
|
super
|
47
57
|
end
|
48
58
|
|
59
|
+
def formatted_to_msgpack_binary?
|
60
|
+
true
|
61
|
+
end
|
62
|
+
|
63
|
+
def multi_workers_ready?
|
64
|
+
true
|
65
|
+
end
|
66
|
+
|
49
67
|
# This method is called when an event reaches to Fluentd.
|
50
68
|
# Use msgpack to serialize the object.
|
51
69
|
def format(tag, time, record)
|
52
|
-
[tag, time, record].
|
70
|
+
@packer.pack([tag, time, record]).to_s
|
71
|
+
end
|
72
|
+
|
73
|
+
def expand_param(param, tag, time, record)
|
74
|
+
# check for '${ ... }'
|
75
|
+
# yes => `eval`
|
76
|
+
# no => return param
|
77
|
+
return param if (param =~ /\${.+}/).nil?
|
78
|
+
|
79
|
+
# check for 'tag_parts[]'
|
80
|
+
# separated by a delimiter (default '.')
|
81
|
+
tag_parts = tag.split(@delimiter) unless (param =~ /tag_parts\[.+\]/).nil? || tag.nil?
|
82
|
+
|
83
|
+
# pull out section between ${} then eval
|
84
|
+
inner = param.clone
|
85
|
+
while inner.match(/\${.+}/)
|
86
|
+
to_eval = inner.match(/\${(.+?)}/){$1}
|
87
|
+
|
88
|
+
if !(to_eval =~ /record\[.+\]/).nil? && record.nil?
|
89
|
+
return to_eval
|
90
|
+
elsif !(to_eval =~/tag_parts\[.+\]/).nil? && tag_parts.nil?
|
91
|
+
return to_eval
|
92
|
+
elsif !(to_eval =~/time/).nil? && time.nil?
|
93
|
+
return to_eval
|
94
|
+
else
|
95
|
+
inner.sub!(/\${.+?}/, eval( to_eval ))
|
96
|
+
end
|
97
|
+
end
|
98
|
+
inner
|
53
99
|
end
|
54
100
|
|
55
101
|
# Loop through all records and sent them to Splunk
|
56
102
|
def write(chunk)
|
57
103
|
body = ''
|
58
104
|
chunk.msgpack_each {|(tag,time,record)|
|
105
|
+
|
106
|
+
# define index and sourcetype dynamically
|
107
|
+
begin
|
108
|
+
index = expand_param(@index, tag, time, record)
|
109
|
+
sourcetype = expand_param(@sourcetype, tag, time, record)
|
110
|
+
event_host = expand_param(@event_host, tag, time, record)
|
111
|
+
token = expand_param(@token, tag, time, record)
|
112
|
+
rescue => e
|
113
|
+
# handle dynamic parameters misconfigurations
|
114
|
+
router.emit_error_event(tag, time, record, e)
|
115
|
+
next
|
116
|
+
end
|
117
|
+
log.debug "routing event from #{event_host} to #{index} index"
|
118
|
+
log.debug "expanded token #{token}"
|
119
|
+
|
59
120
|
# Parse record to Splunk event format
|
60
121
|
case record
|
61
|
-
when
|
122
|
+
when Integer
|
62
123
|
event = record.to_s
|
63
124
|
when Hash
|
64
125
|
if @send_event_as_json
|
65
|
-
event = record
|
126
|
+
event = Yajl::Encoder.encode(record)
|
66
127
|
else
|
67
|
-
event = record.
|
128
|
+
event = Yajl::Encoder.encode(record).gsub("\"", %q(\\\"))
|
68
129
|
end
|
69
130
|
else
|
70
131
|
event = record
|
71
132
|
end
|
72
|
-
|
73
|
-
|
133
|
+
|
134
|
+
sourcetype = @sourcetype == 'tag' ? tag : @sourcetype
|
74
135
|
|
75
136
|
# Build body for the POST request
|
76
137
|
if !@usejson
|
77
|
-
event = record["time"]+ " " + record["message"].
|
78
|
-
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' +
|
138
|
+
event = record["time"]+ " " + Yajl::Encoder.encode(record["message"]).gsub(/^"|"$/,"")
|
139
|
+
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + index + '", "host" : "' + event_host + '"}'
|
79
140
|
elsif @send_event_as_json
|
80
|
-
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + source + '", "index" :"' +
|
141
|
+
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + source + '", "index" :"' + index + '", "host" : "' + event_host + '"}'
|
81
142
|
else
|
82
|
-
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + source + '", "index" :"' +
|
143
|
+
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + source + '", "index" :"' + index + '", "host" : "' + event_host + '"}'
|
83
144
|
end
|
84
145
|
|
85
146
|
if @send_batched_events
|
86
147
|
body << "\n"
|
87
148
|
else
|
88
|
-
send_to_splunk(body)
|
149
|
+
send_to_splunk(body, token)
|
89
150
|
body = ''
|
90
151
|
end
|
91
152
|
}
|
92
153
|
|
93
154
|
if @send_batched_events
|
94
|
-
send_to_splunk(body)
|
155
|
+
send_to_splunk(body, token)
|
95
156
|
end
|
96
157
|
end
|
97
158
|
|
98
|
-
def send_to_splunk(body)
|
159
|
+
def send_to_splunk(body, token)
|
99
160
|
log.debug "splunkhec: " + body + "\n"
|
100
161
|
|
101
162
|
uri = URI(@splunk_url)
|
102
163
|
|
103
164
|
# Create client
|
104
165
|
http = Net::HTTP.new(uri.host, uri.port)
|
166
|
+
http.set_debug_output(log.debug)
|
105
167
|
|
106
168
|
# Create request
|
107
|
-
req = Net::HTTP::Post.new(uri, "Content-Type" => "application/json", "Authorization" => "Splunk #{
|
169
|
+
req = Net::HTTP::Post.new(uri, "Content-Type" => "application/json; charset=utf-8", "Authorization" => "Splunk #{token}")
|
108
170
|
req.body = body
|
109
171
|
|
110
172
|
# Handle SSL
|
111
173
|
if @protocol == 'https'
|
112
174
|
http.use_ssl = true
|
113
|
-
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
114
175
|
end
|
115
176
|
|
116
177
|
# Send Request
|
117
|
-
res =
|
118
|
-
http.request(req)
|
119
|
-
end
|
178
|
+
res = http.request(req)
|
120
179
|
|
121
180
|
log.debug "splunkhec: HTTP Response Status Code is #{res.code}"
|
122
181
|
|
123
182
|
if res.code.to_i != 200
|
124
|
-
body =
|
183
|
+
body = Yajl::Parser.parse(res.body)
|
125
184
|
raise SplunkHECOutputError.new(body['text'], body['code'], body['invalid-event-number'], res.code)
|
126
185
|
end
|
127
186
|
end
|
data/test/helper.rb
CHANGED
@@ -14,18 +14,9 @@ require "test/unit"
|
|
14
14
|
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), "..", "lib"))
|
15
15
|
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
16
16
|
require "fluent/test"
|
17
|
-
|
18
|
-
nulllogger = Object.new
|
19
|
-
nulllogger.instance_eval {|obj|
|
20
|
-
def method_missing(method, *args)
|
21
|
-
#pass
|
22
|
-
end
|
23
|
-
}
|
24
|
-
$log = nulllogger
|
25
|
-
end
|
17
|
+
require "fluent/test/driver/output"
|
26
18
|
|
27
19
|
require "fluent/plugin/out_splunkhec"
|
28
20
|
|
29
21
|
class Test::Unit::TestCase
|
30
22
|
end
|
31
|
-
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# coding: utf-8
|
1
2
|
require 'helper'
|
2
3
|
require 'webmock/test_unit'
|
3
4
|
|
@@ -26,7 +27,7 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
26
27
|
]
|
27
28
|
|
28
29
|
def create_driver_splunkhec(conf = CONFIG)
|
29
|
-
Fluent::Test::
|
30
|
+
Fluent::Test::Driver::Output.new(Fluent::Plugin::SplunkHECOutput).configure(conf)
|
30
31
|
end
|
31
32
|
|
32
33
|
def setup
|
@@ -48,8 +49,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
48
49
|
assert_equal '8088', d.instance.port
|
49
50
|
assert_equal 'main', d.instance.index
|
50
51
|
assert_equal `hostname`.delete!("\n"), d.instance.event_host
|
51
|
-
assert_equal 'fluentd', d.instance.source
|
52
52
|
assert_equal 'tag', d.instance.sourcetype
|
53
|
+
assert_equal 'fluentd', d.instance.source
|
53
54
|
assert_equal false, d.instance.send_event_as_json
|
54
55
|
assert_equal true, d.instance.usejson
|
55
56
|
assert_equal false, d.instance.send_batched_events
|
@@ -73,7 +74,7 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
73
74
|
.with(
|
74
75
|
headers: {
|
75
76
|
'Authorization' => "Splunk #{TOKEN}",
|
76
|
-
'Content-Type' => 'application/json; charset=utf-8'
|
77
|
+
'Content-Type' => 'application/json; charset=utf-8',
|
77
78
|
},
|
78
79
|
body: {
|
79
80
|
'time' => time,
|
@@ -85,8 +86,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
85
86
|
})
|
86
87
|
|
87
88
|
d = create_driver_splunkhec(CONFIG + %[sourcetype #{sourcetype}])
|
88
|
-
d.run do
|
89
|
-
d.
|
89
|
+
d.run(default_tag: 'test') do
|
90
|
+
d.feed(time, record)
|
90
91
|
end
|
91
92
|
|
92
93
|
assert_requested(splunk_request)
|
@@ -95,9 +96,9 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
95
96
|
def test_should_use_tag_as_sourcetype_when_configured
|
96
97
|
splunk_request = stub_request(:post, SPLUNK_URL).with(body: hash_including({'sourcetype' => 'test'}))
|
97
98
|
|
98
|
-
d = create_driver_splunkhec(CONFIG + %[sourcetype
|
99
|
-
d.run do
|
100
|
-
d.
|
99
|
+
d = create_driver_splunkhec(CONFIG + %[sourcetype test])
|
100
|
+
d.run(default_tag: 'test') do
|
101
|
+
d.feed(123456, {'message' => 'data'})
|
101
102
|
end
|
102
103
|
|
103
104
|
assert_requested(splunk_request)
|
@@ -108,8 +109,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
108
109
|
splunk_request = stub_request(:post, SPLUNK_URL).with(body: hash_including({'event' => record.to_json}))
|
109
110
|
|
110
111
|
d = create_driver_splunkhec(CONFIG + %[send_event_as_json false])
|
111
|
-
d.run do
|
112
|
-
d.
|
112
|
+
d.run(default_tag: 'test') do
|
113
|
+
d.feed(record)
|
113
114
|
end
|
114
115
|
|
115
116
|
assert_requested(splunk_request)
|
@@ -124,8 +125,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
124
125
|
.with(body: hash_including({'time' => log_time_millis, 'event' => "#{log_time} #{log_event}"}))
|
125
126
|
|
126
127
|
d = create_driver_splunkhec(CONFIG + %[usejson false])
|
127
|
-
d.run do
|
128
|
-
d.
|
128
|
+
d.run(default_tag: 'test') do
|
129
|
+
d.feed({'time' => log_time, 'message' => log_event})
|
129
130
|
end
|
130
131
|
|
131
132
|
assert_requested(splunk_request)
|
@@ -137,8 +138,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
137
138
|
splunk_request = stub_request(:post, SPLUNK_URL).with(body: hash_including({'event' => record}))
|
138
139
|
|
139
140
|
d = create_driver_splunkhec(CONFIG + %[send_event_as_json true])
|
140
|
-
d.run do
|
141
|
-
d.
|
141
|
+
d.run(default_tag: 'test') do
|
142
|
+
d.feed(record)
|
142
143
|
end
|
143
144
|
|
144
145
|
assert_requested(splunk_request)
|
@@ -154,9 +155,9 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
154
155
|
send_event_as_json true
|
155
156
|
send_batched_events true])
|
156
157
|
|
157
|
-
d.run do
|
158
|
-
d.
|
159
|
-
d.
|
158
|
+
d.run(default_tag: 'test') do
|
159
|
+
d.feed(record1)
|
160
|
+
d.feed(record2)
|
160
161
|
end
|
161
162
|
|
162
163
|
assert_requested(splunk_request)
|
@@ -165,10 +166,10 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
165
166
|
def test_should_raise_exception_when_splunk_returns_error_to_make_fluentd_retry_later
|
166
167
|
stub_request(:any, SPLUNK_URL).to_return(status: 403, body: {'text' => 'Token disabled', 'code' => 1}.to_json)
|
167
168
|
|
168
|
-
assert_raise Fluent::SplunkHECOutputError do
|
169
|
+
assert_raise Fluent::Plugin::SplunkHECOutputError do
|
169
170
|
d = create_driver_splunkhec
|
170
|
-
d.run do
|
171
|
-
d.
|
171
|
+
d.run(default_tag: 'test') do
|
172
|
+
d.feed({'message' => 'data'})
|
172
173
|
end
|
173
174
|
end
|
174
175
|
end
|
@@ -179,8 +180,8 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
179
180
|
splunk_request = stub_request(:post, SPLUNK_URL).with(body: hash_including({'event' => {'message' => '©2017'}}))
|
180
181
|
|
181
182
|
d = create_driver_splunkhec(CONFIG + %[send_event_as_json true])
|
182
|
-
d.run do
|
183
|
-
d.
|
183
|
+
d.run(default_tag: 'test') do
|
184
|
+
d.feed(record)
|
184
185
|
end
|
185
186
|
|
186
187
|
assert_requested(splunk_request)
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunkhec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '
|
4
|
+
version: '2.2'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Coen Meerbeek
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-10-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|
@@ -16,7 +16,7 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 1.9.0
|
20
20
|
- - "<"
|
21
21
|
- !ruby/object:Gem::Version
|
22
22
|
version: '2'
|
@@ -26,7 +26,7 @@ dependencies:
|
|
26
26
|
requirements:
|
27
27
|
- - ">="
|
28
28
|
- !ruby/object:Gem::Version
|
29
|
-
version:
|
29
|
+
version: 1.9.0
|
30
30
|
- - "<"
|
31
31
|
- !ruby/object:Gem::Version
|
32
32
|
version: '2'
|
@@ -36,74 +36,70 @@ dependencies:
|
|
36
36
|
requirements:
|
37
37
|
- - ">="
|
38
38
|
- !ruby/object:Gem::Version
|
39
|
-
version: 1.
|
39
|
+
version: 1.4.0
|
40
40
|
type: :runtime
|
41
41
|
prerelease: false
|
42
42
|
version_requirements: !ruby/object:Gem::Requirement
|
43
43
|
requirements:
|
44
44
|
- - ">="
|
45
45
|
- !ruby/object:Gem::Version
|
46
|
-
version: 1.
|
46
|
+
version: 1.4.0
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: rake
|
49
49
|
requirement: !ruby/object:Gem::Requirement
|
50
50
|
requirements:
|
51
|
-
- - "~>"
|
52
|
-
- !ruby/object:Gem::Version
|
53
|
-
version: '0.9'
|
54
51
|
- - ">="
|
55
52
|
- !ruby/object:Gem::Version
|
56
|
-
version: 0.
|
53
|
+
version: 13.0.0
|
57
54
|
type: :development
|
58
55
|
prerelease: false
|
59
56
|
version_requirements: !ruby/object:Gem::Requirement
|
60
57
|
requirements:
|
61
|
-
- - "~>"
|
62
|
-
- !ruby/object:Gem::Version
|
63
|
-
version: '0.9'
|
64
58
|
- - ">="
|
65
59
|
- !ruby/object:Gem::Version
|
66
|
-
version: 0.
|
60
|
+
version: 13.0.0
|
67
61
|
- !ruby/object:Gem::Dependency
|
68
62
|
name: test-unit
|
69
63
|
requirement: !ruby/object:Gem::Requirement
|
70
64
|
requirements:
|
71
|
-
- - "~>"
|
72
|
-
- !ruby/object:Gem::Version
|
73
|
-
version: '3.1'
|
74
65
|
- - ">="
|
75
66
|
- !ruby/object:Gem::Version
|
76
|
-
version: 3.
|
67
|
+
version: 3.4.0
|
68
|
+
- - "~>"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '3.4'
|
77
71
|
type: :development
|
78
72
|
prerelease: false
|
79
73
|
version_requirements: !ruby/object:Gem::Requirement
|
80
74
|
requirements:
|
81
|
-
- - "~>"
|
82
|
-
- !ruby/object:Gem::Version
|
83
|
-
version: '3.1'
|
84
75
|
- - ">="
|
85
76
|
- !ruby/object:Gem::Version
|
86
|
-
version: 3.
|
77
|
+
version: 3.4.0
|
78
|
+
- - "~>"
|
79
|
+
- !ruby/object:Gem::Version
|
80
|
+
version: '3.4'
|
87
81
|
- !ruby/object:Gem::Dependency
|
88
82
|
name: webmock
|
89
83
|
requirement: !ruby/object:Gem::Requirement
|
90
84
|
requirements:
|
91
85
|
- - ">="
|
92
86
|
- !ruby/object:Gem::Version
|
93
|
-
version:
|
87
|
+
version: 3.8.0
|
94
88
|
type: :development
|
95
89
|
prerelease: false
|
96
90
|
version_requirements: !ruby/object:Gem::Requirement
|
97
91
|
requirements:
|
98
92
|
- - ">="
|
99
93
|
- !ruby/object:Gem::Version
|
100
|
-
version:
|
94
|
+
version: 3.8.0
|
101
95
|
description: Output plugin for the Splunk HTTP Event Collector.
|
102
96
|
email: cmeerbeek@gmail.com
|
103
97
|
executables: []
|
104
98
|
extensions: []
|
105
99
|
extra_rdoc_files: []
|
106
100
|
files:
|
101
|
+
- ".gitignore"
|
102
|
+
- ".travis.yml"
|
107
103
|
- CHANGELOG.md
|
108
104
|
- Gemfile
|
109
105
|
- LICENSE
|
@@ -132,8 +128,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
132
128
|
- !ruby/object:Gem::Version
|
133
129
|
version: '0'
|
134
130
|
requirements: []
|
135
|
-
|
136
|
-
rubygems_version: 2.6.8
|
131
|
+
rubygems_version: 3.0.3.1
|
137
132
|
signing_key:
|
138
133
|
specification_version: 4
|
139
134
|
summary: This plugin allows you to sent events to the Splunk HTTP Event Collector.
|