logstash-output-splunk 0.0.1 → 0.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +4 -1
- data/lib/logstash/outputs/splunk.rb +19 -3
- data/logstash-output-splunk.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b521d0bd83dfc50757e1c573198cf9d9721bb0ca
|
|
4
|
+
data.tar.gz: 00f6e480d8a1f75182f20775327ff0f885df31e3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81e4a852bae286a84f9ad3e564e56028f7e03665a27912d012925cb1532b9c965a97840c23867e7a0ae82ef5a2277c49fc1a35e3232a33202553ba2a70f5f99d
|
|
7
|
+
data.tar.gz: 12f316ee5e846ec5e30dbb141a91b00187b74a2424edaf612571acbb204e6d233b624460ebbb355e4759220c7388974b1063f3a6e3ab5b1fae8d84dd504d68a1
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -11,9 +11,12 @@ It is fully free and fully open source. The license is Apache 2.0, meaning you a
|
|
|
11
11
|
<pre><code>
|
|
12
12
|
output {
|
|
13
13
|
splunk {
|
|
14
|
-
url => "https://localhost:8080/services/collector/
|
|
14
|
+
url => "https://localhost:8080/services/collector/raw"
|
|
15
15
|
# HTTP Event Collector token
|
|
16
16
|
token => "xxxxxxx-xxxx-xxxx-xxxx-xxxxxx"
|
|
17
|
+
# Channel Identifier GUID
|
|
18
|
+
channel_identifier => "FE0ECFAD-13D5-401B-847D-77833BD77133"
|
|
19
|
+
is_raw => true
|
|
17
20
|
is_batch => true
|
|
18
21
|
mapping => {
|
|
19
22
|
"event" => "%{message}"
|
|
@@ -44,6 +44,12 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
44
44
|
# Splunk HTTP Event Collector tokens to use
|
|
45
45
|
config :token, :validate => :string, :required => :true
|
|
46
46
|
|
|
47
|
+
# Splunk HTTP body is raw data
|
|
48
|
+
config :is_raw, :validate => :boolean, :default => true
|
|
49
|
+
|
|
50
|
+
# Splunk Channel Identifier GUID
|
|
51
|
+
config :channel_identifier, :validate => :string, :required => false
|
|
52
|
+
|
|
47
53
|
# Content type
|
|
48
54
|
#
|
|
49
55
|
# If not specified, this defaults to the following:
|
|
@@ -94,10 +100,15 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
94
100
|
@requests = Array.new
|
|
95
101
|
@content_type = "application/json"
|
|
96
102
|
@is_batch = @is_batch
|
|
103
|
+
@is_raw = @is_raw
|
|
104
|
+
@channel_identifier = @channel_identifier
|
|
97
105
|
@headers["Content-Type"] = @content_type
|
|
98
106
|
|
|
99
107
|
# Splunk HEC token
|
|
100
108
|
@headers["Authorization"] = "Splunk " + @token
|
|
109
|
+
if @channel_identifier
|
|
110
|
+
@headers["X-Splunk-Request-Channel"] = @channel_identifier
|
|
111
|
+
end
|
|
101
112
|
|
|
102
113
|
# Run named Timer as daemon thread
|
|
103
114
|
@timer = java.util.Timer.new("Splunk Output #{self.params['id']}", true)
|
|
@@ -283,7 +294,11 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
283
294
|
def event_body(event)
|
|
284
295
|
# TODO: Create an HTTP post data codec, use that here
|
|
285
296
|
if @is_batch
|
|
286
|
-
|
|
297
|
+
if @is_raw
|
|
298
|
+
event.map {|e| map_event(e).fetch("message") }.join("\n")
|
|
299
|
+
else
|
|
300
|
+
event.map {|e| LogStash::Json.dump(map_event(e)) }.join("\n")
|
|
301
|
+
end
|
|
287
302
|
else
|
|
288
303
|
LogStash::Json.dump(map_event(event))
|
|
289
304
|
end
|
|
@@ -315,10 +330,11 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
315
330
|
|
|
316
331
|
def map_event(event)
|
|
317
332
|
if @mapping
|
|
318
|
-
convert_mapping(@mapping, event)
|
|
333
|
+
msg_body = convert_mapping(@mapping, event)
|
|
319
334
|
else
|
|
320
|
-
event.to_hash
|
|
335
|
+
msg_body = event.to_hash
|
|
321
336
|
end
|
|
337
|
+
{"event" => msg_body}
|
|
322
338
|
end
|
|
323
339
|
|
|
324
340
|
def event_headers(event)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-splunk'
|
|
3
|
-
s.version = '0.0.
|
|
3
|
+
s.version = '0.0.2'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "Sends events to a Splunk HTTP Event Collector REST API endpoints"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-splunk
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jian Chen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-02-
|
|
11
|
+
date: 2020-02-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|