logstash-output-splunk 0.0.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA1:
3
+ metadata.gz: cac250d08ffbd2a3ea8d4ae96055c0b32236f053
4
+ data.tar.gz: 5324435255ebc3c2d2ca5dd3f60e37104f1c3cfd
5
+ SHA512:
6
+ metadata.gz: 6581b385bfc216344467707ec0767179159518b9d77013c4be1a68efdc4f6a59f4a4fa6473f8f1630c3135079b30aa58a437a6b8a5084f6039a7ff690c08bcaf
7
+ data.tar.gz: 9ffdc739f6429eddf2dd132c21e038d2048a46597d530d7c61ec737913494474e3b83e6b3ce19bf9476ddd378b70322baa26149b8a766aa0b862c60bc28503cd
data/CHANGELOG.md ADDED
@@ -0,0 +1,2 @@
1
+ ## 0.0.1
2
+ - Initial
data/CONTRIBUTORS ADDED
@@ -0,0 +1,16 @@
1
+ The following is a list of people who have contributed ideas, code, bug
2
+ reports, or in general have helped logstash along its way.
3
+
4
+ Contributors:
5
+ * Christian S. (squiddle)
6
+ * Colin Surprenant (colinsurprenant)
7
+ * John E. Vincent (lusis)
8
+ * Jordan Sissel (jordansissel)
9
+ * Kurt Hurtado (kurtado)
10
+ * Pier-Hugues Pellerin (ph)
11
+ * Richard Pijnenburg (electrical)
12
+
13
+ Note: If you've sent us patches, bug reports, or otherwise contributed to
14
+ Logstash, and you aren't on the list above and want to be, please let us know
15
+ and we'll make sure you're here. Contributions from folks like you are what make
16
+ open source awesome.
data/Gemfile ADDED
@@ -0,0 +1,11 @@
1
+ source 'https://rubygems.org'
2
+
3
+ gemspec
4
+
5
+ logstash_path = ENV["LOGSTASH_PATH"] || "../../logstash"
6
+ use_logstash_source = ENV["LOGSTASH_SOURCE"] && ENV["LOGSTASH_SOURCE"].to_s == "1"
7
+
8
+ if Dir.exist?(logstash_path) && use_logstash_source
9
+ gem 'logstash-core', :path => "#{logstash_path}/logstash-core"
10
+ gem 'logstash-core-plugin-api', :path => "#{logstash_path}/logstash-core-plugin-api"
11
+ end
data/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright (c) 2012-2018 Elasticsearch <http://www.elastic.co>
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
data/NOTICE.TXT ADDED
@@ -0,0 +1,5 @@
1
+ Elasticsearch
2
+ Copyright 2012-2015 Elasticsearch
3
+
4
+ This product includes software developed by The Apache Software
5
+ Foundation (http://www.apache.org/).
data/README.md ADDED
@@ -0,0 +1,93 @@
1
+ # Logstash Plugin
2
+
3
+ [![Travis Build Status](https://travis-ci.org/logstash-plugins/logstash-output-http.svg)](https://travis-ci.org/logstash-plugins/logstash-output-splunk)
4
+
5
+ This is a plugin for [Logstash](https://github.com/elastic/logstash).
6
+
7
+ It is fully free and fully open source. The license is Apache 2.0, meaning you are pretty much free to use it however you want in whatever way.
8
+
9
+ ## Usage
10
+
11
+ <pre><code>
12
+ output {
13
+ splunk {
14
+ url => "https://localhost:8080/services/collector/event/1.0"
15
+ # HTTP Event Collector token
16
+ token => "xxxxxxx-xxxx-xxxx-xxxx-xxxxxx"
17
+ is_batch => true
18
+ mapping => {
19
+ "event" => "%{message}"
20
+ }
21
+ }
22
+ }
23
+ </code></pre>
24
+
25
+ ## Developing
26
+
27
+ ### 1. Plugin Developement and Testing
28
+
29
+ #### Code
30
+ - To get started, you'll need JRuby with the Bundler gem installed.
31
+
32
+ - Create a new plugin or clone and existing from the GitHub [logstash-plugins](https://github.com/logstash-plugins) organization. We also provide [example plugins](https://github.com/logstash-plugins?query=example).
33
+
34
+ - Install dependencies
35
+ ```sh
36
+ bundle install
37
+ ```
38
+
39
+ #### Test
40
+
41
+ - Update your dependencies
42
+
43
+ ```sh
44
+ bundle install
45
+ ```
46
+
47
+ - Run tests
48
+
49
+ ```sh
50
+ bundle exec rspec
51
+ ```
52
+
53
+ ### 2. Running your unpublished Plugin in Logstash
54
+
55
+ #### 2.1 Run in a local Logstash clone
56
+
57
+ - Edit Logstash `Gemfile` and add the local plugin path, for example:
58
+ ```ruby
59
+ gem "logstash-filter-awesome", :path => "/your/local/logstash-filter-awesome"
60
+ ```
61
+ - Install plugin
62
+ ```sh
63
+ # Logstash 2.3 and higher
64
+ bin/logstash-plugin install --no-verify
65
+
66
+ # Prior to Logstash 2.3
67
+ bin/plugin install --no-verify
68
+
69
+ ```
70
+ - Run Logstash with your plugin
71
+ ```sh
72
+ bin/logstash -e 'filter {awesome {}}'
73
+ ```
74
+ At this point any modifications to the plugin code will be applied to this local Logstash setup. After modifying the plugin, simply rerun Logstash.
75
+
76
+ #### 2.2 Run in an installed Logstash
77
+
78
+ You can use the same **2.1** method to run your plugin in an installed Logstash by editing its `Gemfile` and pointing the `:path` to your local plugin development directory or you can build the gem and install it using:
79
+
80
+ - Build your plugin gem
81
+ ```sh
82
+ gem build logstash-output-splunk.gemspec
83
+ ```
84
+ - Install the plugin from the Logstash home
85
+ ```sh
86
+ # Logstash 2.3 and higher
87
+ bin/logstash-plugin install --no-verify
88
+
89
+ # Prior to Logstash 2.3
90
+ bin/plugin install --no-verify
91
+
92
+ ```
93
+ - Start Logstash and proceed to test the plugin
@@ -0,0 +1,392 @@
1
+ :plugin: http
2
+ :type: output
3
+ :default_codec: plain
4
+
5
+ ///////////////////////////////////////////
6
+ START - GENERATED VARIABLES, DO NOT EDIT!
7
+ ///////////////////////////////////////////
8
+ :version: %VERSION%
9
+ :release_date: %RELEASE_DATE%
10
+ :changelog_url: %CHANGELOG_URL%
11
+ :include_path: ../../../../logstash/docs/include
12
+ ///////////////////////////////////////////
13
+ END - GENERATED VARIABLES, DO NOT EDIT!
14
+ ///////////////////////////////////////////
15
+
16
+ [id="plugins-{type}s-{plugin}"]
17
+
18
+ === Http output plugin
19
+
20
+ include::{include_path}/plugin_header.asciidoc[]
21
+
22
+ ==== Description
23
+
24
+ This output lets you send events to a generic HTTP(S) endpoint.
25
+
26
+ This output will execute up to 'pool_max' requests in parallel for performance.
27
+ Consider this when tuning this plugin for performance.
28
+
29
+ Additionally, note that when parallel execution is used strict ordering of events is not
30
+ guaranteed!
31
+
32
+ Beware, this gem does not yet support codecs. Please use the 'format' option for now.
33
+
34
+ [id="plugins-{type}s-{plugin}-options"]
35
+ ==== Http Output Configuration Options
36
+
37
+ This plugin supports the following configuration options plus the <<plugins-{type}s-{plugin}-common-options>> described later.
38
+
39
+ [cols="<,<,<",options="header",]
40
+ |=======================================================================
41
+ |Setting |Input type|Required
42
+ | <<plugins-{type}s-{plugin}-automatic_retries>> |<<number,number>>|No
43
+ | <<plugins-{type}s-{plugin}-cacert>> |a valid filesystem path|No
44
+ | <<plugins-{type}s-{plugin}-client_cert>> |a valid filesystem path|No
45
+ | <<plugins-{type}s-{plugin}-client_key>> |a valid filesystem path|No
46
+ | <<plugins-{type}s-{plugin}-connect_timeout>> |<<number,number>>|No
47
+ | <<plugins-{type}s-{plugin}-content_type>> |<<string,string>>|No
48
+ | <<plugins-{type}s-{plugin}-cookies>> |<<boolean,boolean>>|No
49
+ | <<plugins-{type}s-{plugin}-follow_redirects>> |<<boolean,boolean>>|No
50
+ | <<plugins-{type}s-{plugin}-format>> |<<string,string>>, one of `["json", "json_batch", "form", "message"]`|No
51
+ | <<plugins-{type}s-{plugin}-headers>> |<<hash,hash>>|No
52
+ | <<plugins-{type}s-{plugin}-http_compression>> |<<boolean,boolean>>|No
53
+ | <<plugins-{type}s-{plugin}-http_method>> |<<string,string>>, one of `["put", "post", "patch", "delete", "get", "head"]`|Yes
54
+ | <<plugins-{type}s-{plugin}-ignorable_codes>> |<<number,number>>|No
55
+ | <<plugins-{type}s-{plugin}-keepalive>> |<<boolean,boolean>>|No
56
+ | <<plugins-{type}s-{plugin}-keystore>> |a valid filesystem path|No
57
+ | <<plugins-{type}s-{plugin}-keystore_password>> |<<password,password>>|No
58
+ | <<plugins-{type}s-{plugin}-keystore_type>> |<<string,string>>|No
59
+ | <<plugins-{type}s-{plugin}-mapping>> |<<hash,hash>>|No
60
+ | <<plugins-{type}s-{plugin}-message>> |<<string,string>>|No
61
+ | <<plugins-{type}s-{plugin}-pool_max>> |<<number,number>>|No
62
+ | <<plugins-{type}s-{plugin}-pool_max_per_route>> |<<number,number>>|No
63
+ | <<plugins-{type}s-{plugin}-proxy>> |<<,>>|No
64
+ | <<plugins-{type}s-{plugin}-request_timeout>> |<<number,number>>|No
65
+ | <<plugins-{type}s-{plugin}-retry_failed>> |<<boolean,boolean>>|No
66
+ | <<plugins-{type}s-{plugin}-retry_non_idempotent>> |<<boolean,boolean>>|No
67
+ | <<plugins-{type}s-{plugin}-retryable_codes>> |<<number,number>>|No
68
+ | <<plugins-{type}s-{plugin}-socket_timeout>> |<<number,number>>|No
69
+ | <<plugins-{type}s-{plugin}-truststore>> |a valid filesystem path|No
70
+ | <<plugins-{type}s-{plugin}-truststore_password>> |<<password,password>>|No
71
+ | <<plugins-{type}s-{plugin}-truststore_type>> |<<string,string>>|No
72
+ | <<plugins-{type}s-{plugin}-url>> |<<string,string>>|Yes
73
+ | <<plugins-{type}s-{plugin}-token>> |<<string,string>>|Yes
74
+ | <<plugins-{type}s-{plugin}-validate_after_inactivity>> |<<number,number>>|No
75
+ |=======================================================================
76
+
77
+ Also see <<plugins-{type}s-{plugin}-common-options>> for a list of options supported by all
78
+ output plugins.
79
+
80
+ &nbsp;
81
+
82
+ [id="plugins-{type}s-{plugin}-automatic_retries"]
83
+ ===== `automatic_retries`
84
+
85
+ * Value type is <<number,number>>
86
+ * Default value is `1`
87
+
88
+ How many times should the client retry a failing URL. We highly recommend NOT setting this value
89
+ to zero if keepalive is enabled. Some servers incorrectly end keepalives early requiring a retry!
90
+ Only IO related failures will be retried, such as connection timeouts and unreachable hosts.
91
+ Valid but non 2xx HTTP responses will always be retried, regardless of the value of this setting,
92
+ unless `retry_failed` is set.
93
+ Note: if `retry_non_idempotent` is NOT set only GET, HEAD, PUT, DELETE, OPTIONS, and TRACE requests will be retried.
94
+
95
+ [id="plugins-{type}s-{plugin}-cacert"]
96
+ ===== `cacert`
97
+
98
+ * Value type is <<path,path>>
99
+ * There is no default value for this setting.
100
+
101
+ If you need to use a custom X.509 CA (.pem certs) specify the path to that here
102
+
103
+ [id="plugins-{type}s-{plugin}-client_cert"]
104
+ ===== `client_cert`
105
+
106
+ * Value type is <<path,path>>
107
+ * There is no default value for this setting.
108
+
109
+ If you'd like to use a client certificate (note, most people don't want this) set the path to the x509 cert here
110
+
111
+ [id="plugins-{type}s-{plugin}-client_key"]
112
+ ===== `client_key`
113
+
114
+ * Value type is <<path,path>>
115
+ * There is no default value for this setting.
116
+
117
+ If you're using a client certificate specify the path to the encryption key here
118
+
119
+ [id="plugins-{type}s-{plugin}-connect_timeout"]
120
+ ===== `connect_timeout`
121
+
122
+ * Value type is <<number,number>>
123
+ * Default value is `10`
124
+
125
+ Timeout (in seconds) to wait for a connection to be established. Default is `10s`
126
+
127
+ [id="plugins-{type}s-{plugin}-content_type"]
128
+ ===== `content_type`
129
+
130
+ * Value type is <<string,string>>
131
+ * There is no default value for this setting.
132
+
133
+ Content type
134
+
135
+ If not specified, this defaults to the following:
136
+
137
+ * if format is "json", "application/json"
138
+ * if format is "json_batch", "application/json". Each Logstash batch of events will be concatenated into a single array and sent in one request.
139
+ * if format is "form", "application/x-www-form-urlencoded"
140
+
141
+ [id="plugins-{type}s-{plugin}-cookies"]
142
+ ===== `cookies`
143
+
144
+ * Value type is <<boolean,boolean>>
145
+ * Default value is `true`
146
+
147
+ Enable cookie support. With this enabled the client will persist cookies
148
+ across requests as a normal web browser would. Enabled by default
149
+
150
+ [id="plugins-{type}s-{plugin}-follow_redirects"]
151
+ ===== `follow_redirects`
152
+
153
+ * Value type is <<boolean,boolean>>
154
+ * Default value is `true`
155
+
156
+ Should redirects be followed? Defaults to `true`
157
+
158
+ [id="plugins-{type}s-{plugin}-format"]
159
+ ===== `format`
160
+
161
+ * Value can be any of: `json`, `json_batch`, `form`, `message`
162
+ * Default value is `"json"`
163
+
164
+ Set the format of the http body.
165
+
166
+ If json_batch, each batch of events received by this output will be placed
167
+ into a single JSON array and sent in one request. This is particularly useful
168
+ for high throughput scenarios such as sending data between Logstash instaces.
169
+
170
+ If form, then the body will be the mapping (or whole event) converted
171
+ into a query parameter string, e.g. `foo=bar&baz=fizz...`
172
+
173
+ If message, then the body will be the result of formatting the event according to message
174
+
175
+ Otherwise, the event is sent as json.
176
+
177
+ [id="plugins-{type}s-{plugin}-headers"]
178
+ ===== `headers`
179
+
180
+ * Value type is <<hash,hash>>
181
+ * There is no default value for this setting.
182
+
183
+ Custom headers to use
184
+ format is `headers => ["X-My-Header", "%{host}"]`
185
+
186
+ [id="plugins-{type}s-{plugin}-http_compression"]
187
+ ===== `http_compression`
188
+
189
+ * Value type is <<boolean,boolean>>
190
+ * Default value is `false`
191
+
192
+ Enable request compression support. With this enabled the plugin will compress
193
+ http requests using gzip.
194
+
195
+ [id="plugins-{type}s-{plugin}-http_method"]
196
+ ===== `http_method`
197
+
198
+ * This is a required setting.
199
+ * Value can be any of: `put`, `post`, `patch`, `delete`, `get`, `head`
200
+ * There is no default value for this setting.
201
+
202
+ The HTTP Verb. One of "put", "post", "patch", "delete", "get", "head"
203
+
204
+ [id="plugins-{type}s-{plugin}-ignorable_codes"]
205
+ ===== `ignorable_codes`
206
+
207
+ * Value type is <<number,number>>
208
+ * There is no default value for this setting.
209
+
210
+ If you would like to consider some non-2xx codes to be successes
211
+ enumerate them here. Responses returning these codes will be considered successes
212
+
213
+ [id="plugins-{type}s-{plugin}-keepalive"]
214
+ ===== `keepalive`
215
+
216
+ * Value type is <<boolean,boolean>>
217
+ * Default value is `true`
218
+
219
+ Turn this on to enable HTTP keepalive support. We highly recommend setting `automatic_retries` to at least
220
+ one with this to fix interactions with broken keepalive implementations.
221
+
222
+ [id="plugins-{type}s-{plugin}-keystore"]
223
+ ===== `keystore`
224
+
225
+ * Value type is <<path,path>>
226
+ * There is no default value for this setting.
227
+
228
+ If you need to use a custom keystore (`.jks`) specify that here. This does not work with .pem keys!
229
+
230
+ [id="plugins-{type}s-{plugin}-keystore_password"]
231
+ ===== `keystore_password`
232
+
233
+ * Value type is <<password,password>>
234
+ * There is no default value for this setting.
235
+
236
+ Specify the keystore password here.
237
+ Note, most .jks files created with keytool require a password!
238
+
239
+ [id="plugins-{type}s-{plugin}-keystore_type"]
240
+ ===== `keystore_type`
241
+
242
+ * Value type is <<string,string>>
243
+ * Default value is `"JKS"`
244
+
245
+ Specify the keystore type here. One of `JKS` or `PKCS12`. Default is `JKS`
246
+
247
+ [id="plugins-{type}s-{plugin}-mapping"]
248
+ ===== `mapping`
249
+
250
+ * Value type is <<hash,hash>>
251
+ * There is no default value for this setting.
252
+
253
+ This lets you choose the structure and parts of the event that are sent.
254
+
255
+
256
+ For example:
257
+ [source,ruby]
258
+ mapping => {"foo" => "%{host}"
259
+ "bar" => "%{type}"}
260
+
261
+ [id="plugins-{type}s-{plugin}-message"]
262
+ ===== `message`
263
+
264
+ * Value type is <<string,string>>
265
+ * There is no default value for this setting.
266
+
267
+
268
+
269
+ [id="plugins-{type}s-{plugin}-pool_max"]
270
+ ===== `pool_max`
271
+
272
+ * Value type is <<number,number>>
273
+ * Default value is `50`
274
+
275
+ Max number of concurrent connections. Defaults to `50`
276
+
277
+ [id="plugins-{type}s-{plugin}-pool_max_per_route"]
278
+ ===== `pool_max_per_route`
279
+
280
+ * Value type is <<number,number>>
281
+ * Default value is `25`
282
+
283
+ Max number of concurrent connections to a single host. Defaults to `25`
284
+
285
+ [id="plugins-{type}s-{plugin}-proxy"]
286
+ ===== `proxy`
287
+
288
+ * Value type is <<string,string>>
289
+ * There is no default value for this setting.
290
+
291
+ If you'd like to use an HTTP proxy . This supports multiple configuration syntaxes:
292
+
293
+ 1. Proxy host in form: `http://proxy.org:1234`
294
+ 2. Proxy host in form: `{host => "proxy.org", port => 80, scheme => 'http', user => 'username@host', password => 'password'}`
295
+ 3. Proxy host in form: `{url => 'http://proxy.org:1234', user => 'username@host', password => 'password'}`
296
+
297
+ [id="plugins-{type}s-{plugin}-request_timeout"]
298
+ ===== `request_timeout`
299
+
300
+ * Value type is <<number,number>>
301
+ * Default value is `60`
302
+
303
+ This module makes it easy to add a very fully configured HTTP client to logstash
304
+ based on [Manticore](https://github.com/cheald/manticore).
305
+ For an example of its usage see https://github.com/logstash-plugins/logstash-input-http_poller
306
+ Timeout (in seconds) for the entire request
307
+
308
+ [id="plugins-{type}s-{plugin}-retry_failed"]
309
+ ===== `retry_failed`
310
+
311
+ * Value type is <<boolean,boolean>>
312
+ * Default value is `true`
313
+
314
+ Set this to false if you don't want this output to retry failed requests
315
+
316
+ [id="plugins-{type}s-{plugin}-retry_non_idempotent"]
317
+ ===== `retry_non_idempotent`
318
+
319
+ * Value type is <<boolean,boolean>>
320
+ * Default value is `false`
321
+
322
+ If `automatic_retries` is enabled this will cause non-idempotent HTTP verbs (such as POST) to be retried.
323
+ This only affects connectivity related errors (see related `automatic_retries` setting).
324
+
325
+ [id="plugins-{type}s-{plugin}-retryable_codes"]
326
+ ===== `retryable_codes`
327
+
328
+ * Value type is <<number,number>>
329
+ * Default value is `[429, 500, 502, 503, 504]`
330
+
331
+ If encountered as response codes this plugin will retry these requests
332
+
333
+ [id="plugins-{type}s-{plugin}-socket_timeout"]
334
+ ===== `socket_timeout`
335
+
336
+ * Value type is <<number,number>>
337
+ * Default value is `10`
338
+
339
+ Timeout (in seconds) to wait for data on the socket. Default is `10s`
340
+
341
+ [id="plugins-{type}s-{plugin}-truststore"]
342
+ ===== `truststore`
343
+
344
+ * Value type is <<path,path>>
345
+ * There is no default value for this setting.
346
+
347
+ If you need to use a custom truststore (`.jks`) specify that here. This does not work with .pem certs!
348
+
349
+ [id="plugins-{type}s-{plugin}-truststore_password"]
350
+ ===== `truststore_password`
351
+
352
+ * Value type is <<password,password>>
353
+ * There is no default value for this setting.
354
+
355
+ Specify the truststore password here.
356
+ Note, most .jks files created with keytool require a password!
357
+
358
+ [id="plugins-{type}s-{plugin}-truststore_type"]
359
+ ===== `truststore_type`
360
+
361
+ * Value type is <<string,string>>
362
+ * Default value is `"JKS"`
363
+
364
+ Specify the truststore type here. One of `JKS` or `PKCS12`. Default is `JKS`
365
+
366
+ [id="plugins-{type}s-{plugin}-url"]
367
+ ===== `url`
368
+
369
+ * This is a required setting.
370
+ * Value type is <<string,string>>
371
+ * There is no default value for this setting.
372
+
373
+ URL to use
374
+
375
+ [id="plugins-{type}s-{plugin}-validate_after_inactivity"]
376
+ ===== `validate_after_inactivity`
377
+
378
+ * Value type is <<number,number>>
379
+ * Default value is `200`
380
+
381
+ How long to wait before checking if the connection is stale before executing a request on a connection using keepalive.
382
+ You may want to set this lower, possibly to 0 if you get connection errors regularly
383
+ Quoting the Apache commons docs (this client is based Apache Commmons):
384
+ 'Defines period of inactivity in milliseconds after which persistent connections must be re-validated prior to being leased to the consumer. Non-positive value passed to this method disables connection validation. This check helps detect connections that have become stale (half-closed) while kept inactive in the pool.'
385
+ See https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/conn/PoolingHttpClientConnectionManager.html#setValidateAfterInactivity(int)[these docs for more info]
386
+
387
+
388
+
389
+ [id="plugins-{type}s-{plugin}-common-options"]
390
+ include::{include_path}/{type}.asciidoc[]
391
+
392
+ :default_codec!: