fluent-plugin-splunkhec 1.2 → 1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/fluent-plugin-splunkhec.gemspec +1 -1
- data/lib/fluent/plugin/out_splunkhec.rb +39 -36
- data/test/plugin/test_out_splunkhec.rb +11 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 73ac781b3d7ac398bb6a036ac69e24a4d874a5ba
|
4
|
+
data.tar.gz: 23b30525291f733e9fd87f6a3e6c286154a8aeca
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 59cec44df59a2c92ed4b5ca31303fa653c35658aadf9ea5b2b1704b8fa23c15e1397a6b6261ab4b65ce43f93aafbf52094064ba608dea999516956581ed45958
|
7
|
+
data.tar.gz: 2ae83c18ee9e770f3e0e77e4d5221e986dcbe1718caf8f09b869df383baff3535b22a96e36004a8b6e505f78f3d5483cd7161acdc66b575ae6581c9073dbdf13
|
data/CHANGELOG.md
CHANGED
@@ -4,7 +4,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
4
4
|
|
5
5
|
Gem::Specification.new do |gem|
|
6
6
|
gem.name = "fluent-plugin-splunkhec"
|
7
|
-
gem.version = "1.
|
7
|
+
gem.version = "1.3"
|
8
8
|
gem.authors = "Coen Meerbeek"
|
9
9
|
gem.email = "cmeerbeek@gmail.com"
|
10
10
|
gem.description = %q{Output plugin for the Splunk HTTP Event Collector.}
|
@@ -54,49 +54,44 @@ module Fluent
|
|
54
54
|
|
55
55
|
# Loop through all records and sent them to Splunk
|
56
56
|
def write(chunk)
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
event = record.to_json
|
67
|
-
else
|
68
|
-
event = record.to_json.gsub("\"", %q(\\\"))
|
69
|
-
end
|
57
|
+
body = ''
|
58
|
+
chunk.msgpack_each {|(tag,time,record)|
|
59
|
+
# Parse record to Splunk event format
|
60
|
+
case record
|
61
|
+
when Fixnum
|
62
|
+
event = record.to_s
|
63
|
+
when Hash
|
64
|
+
if @send_event_as_json
|
65
|
+
event = record.to_json
|
70
66
|
else
|
71
|
-
event = record
|
67
|
+
event = record.to_json.gsub("\"", %q(\\\"))
|
72
68
|
end
|
69
|
+
else
|
70
|
+
event = record
|
71
|
+
end
|
73
72
|
|
74
|
-
|
75
|
-
|
76
|
-
# Build body for the POST request
|
77
|
-
if !@usejson
|
78
|
-
event = record["time"]+ " " + record["message"].to_json.gsub(/^"|"$/,"")
|
79
|
-
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
80
|
-
elsif @send_event_as_json
|
81
|
-
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
82
|
-
else
|
83
|
-
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
84
|
-
end
|
73
|
+
sourcetype = @sourcetype == 'tag' ? tag : @sourcetype
|
85
74
|
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
75
|
+
# Build body for the POST request
|
76
|
+
if !@usejson
|
77
|
+
event = record["time"]+ " " + record["message"].to_json.gsub(/^"|"$/,"")
|
78
|
+
body << '{"time":"'+ DateTime.parse(record["time"]).strftime("%Q") +'", "event":"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
79
|
+
elsif @send_event_as_json
|
80
|
+
body << '{"time" :' + time.to_s + ', "event" :' + event + ', "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
81
|
+
else
|
82
|
+
body << '{"time" :' + time.to_s + ', "event" :"' + event + '", "sourcetype" :"' + sourcetype + '", "source" :"' + @source + '", "index" :"' + @index + '", "host" : "' + @event_host + '"}'
|
83
|
+
end
|
93
84
|
|
94
85
|
if @send_batched_events
|
86
|
+
body << "\n"
|
87
|
+
else
|
95
88
|
send_to_splunk(body)
|
89
|
+
body = ''
|
96
90
|
end
|
97
|
-
|
98
|
-
|
99
|
-
|
91
|
+
}
|
92
|
+
|
93
|
+
if @send_batched_events
|
94
|
+
send_to_splunk(body)
|
100
95
|
end
|
101
96
|
end
|
102
97
|
|
@@ -126,8 +121,16 @@ module Fluent
|
|
126
121
|
res = http.request(req)
|
127
122
|
log.debug "splunkhec: response HTTP Status Code is #{res.code}"
|
128
123
|
if res.code.to_i != 200
|
129
|
-
|
124
|
+
body = JSON.parse(res.body)
|
125
|
+
raise SplunkHECOutputError.new(body['text'], body['code'], body['invalid-event-number'], res.code)
|
130
126
|
end
|
131
127
|
end
|
132
128
|
end
|
129
|
+
|
130
|
+
class SplunkHECOutputError < StandardError
|
131
|
+
def initialize(message, status_code, invalid_event_number, http_status_code)
|
132
|
+
super("#{message} (http status code #{http_status_code}, status code #{status_code}, invalid event number #{invalid_event_number})")
|
133
|
+
end
|
134
|
+
end
|
135
|
+
|
133
136
|
end
|
@@ -162,4 +162,15 @@ class SplunkHECOutputTest < Test::Unit::TestCase
|
|
162
162
|
assert_requested(splunk_request)
|
163
163
|
end
|
164
164
|
|
165
|
+
def test_should_raise_exception_when_splunk_returns_error_to_make_fluentd_retry_later
|
166
|
+
stub_request(:any, SPLUNK_URL).to_return(status: 403, body: {'text' => 'Token disabled', 'code' => 1}.to_json)
|
167
|
+
|
168
|
+
assert_raise Fluent::SplunkHECOutputError do
|
169
|
+
d = create_driver_splunkhec
|
170
|
+
d.run do
|
171
|
+
d.emit({'message' => 'data'})
|
172
|
+
end
|
173
|
+
end
|
174
|
+
end
|
175
|
+
|
165
176
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: fluent-plugin-splunkhec
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: '1.
|
4
|
+
version: '1.3'
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Coen Meerbeek
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2017-09-
|
11
|
+
date: 2017-09-11 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: fluentd
|