logstash-output-splunk 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +3 -0
- data/README.md +4 -1
- data/lib/logstash/outputs/splunk.rb +19 -3
- data/logstash-output-splunk.gemspec +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: b521d0bd83dfc50757e1c573198cf9d9721bb0ca
|
|
4
|
+
data.tar.gz: 00f6e480d8a1f75182f20775327ff0f885df31e3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 81e4a852bae286a84f9ad3e564e56028f7e03665a27912d012925cb1532b9c965a97840c23867e7a0ae82ef5a2277c49fc1a35e3232a33202553ba2a70f5f99d
|
|
7
|
+
data.tar.gz: 12f316ee5e846ec5e30dbb141a91b00187b74a2424edaf612571acbb204e6d233b624460ebbb355e4759220c7388974b1063f3a6e3ab5b1fae8d84dd504d68a1
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
|
@@ -11,9 +11,12 @@ It is fully free and fully open source. The license is Apache 2.0, meaning you a
|
|
|
11
11
|
<pre><code>
|
|
12
12
|
output {
|
|
13
13
|
splunk {
|
|
14
|
-
url => "https://localhost:8080/services/collector/
|
|
14
|
+
url => "https://localhost:8080/services/collector/raw"
|
|
15
15
|
# HTTP Event Collector token
|
|
16
16
|
token => "xxxxxxx-xxxx-xxxx-xxxx-xxxxxx"
|
|
17
|
+
# Channel Identifier GUID
|
|
18
|
+
channel_identifier => "FE0ECFAD-13D5-401B-847D-77833BD77133"
|
|
19
|
+
is_raw => true
|
|
17
20
|
is_batch => true
|
|
18
21
|
mapping => {
|
|
19
22
|
"event" => "%{message}"
|
|
@@ -44,6 +44,12 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
44
44
|
# Splunk HTTP Event Collector tokens to use
|
|
45
45
|
config :token, :validate => :string, :required => :true
|
|
46
46
|
|
|
47
|
+
# Splunk HTTP body is raw data
|
|
48
|
+
config :is_raw, :validate => :boolean, :default => true
|
|
49
|
+
|
|
50
|
+
# Splunk Channel Identifier GUID
|
|
51
|
+
config :channel_identifier, :validate => :string, :required => false
|
|
52
|
+
|
|
47
53
|
# Content type
|
|
48
54
|
#
|
|
49
55
|
# If not specified, this defaults to the following:
|
|
@@ -94,10 +100,15 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
94
100
|
@requests = Array.new
|
|
95
101
|
@content_type = "application/json"
|
|
96
102
|
@is_batch = @is_batch
|
|
103
|
+
@is_raw = @is_raw
|
|
104
|
+
@channel_identifier = @channel_identifier
|
|
97
105
|
@headers["Content-Type"] = @content_type
|
|
98
106
|
|
|
99
107
|
# Splunk HEC token
|
|
100
108
|
@headers["Authorization"] = "Splunk " + @token
|
|
109
|
+
if @channel_identifier
|
|
110
|
+
@headers["X-Splunk-Request-Channel"] = @channel_identifier
|
|
111
|
+
end
|
|
101
112
|
|
|
102
113
|
# Run named Timer as daemon thread
|
|
103
114
|
@timer = java.util.Timer.new("Splunk Output #{self.params['id']}", true)
|
|
@@ -283,7 +294,11 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
283
294
|
def event_body(event)
|
|
284
295
|
# TODO: Create an HTTP post data codec, use that here
|
|
285
296
|
if @is_batch
|
|
286
|
-
|
|
297
|
+
if @is_raw
|
|
298
|
+
event.map {|e| map_event(e).fetch("message") }.join("\n")
|
|
299
|
+
else
|
|
300
|
+
event.map {|e| LogStash::Json.dump(map_event(e)) }.join("\n")
|
|
301
|
+
end
|
|
287
302
|
else
|
|
288
303
|
LogStash::Json.dump(map_event(event))
|
|
289
304
|
end
|
|
@@ -315,10 +330,11 @@ class LogStash::Outputs::Splunk < LogStash::Outputs::Base
|
|
|
315
330
|
|
|
316
331
|
def map_event(event)
|
|
317
332
|
if @mapping
|
|
318
|
-
convert_mapping(@mapping, event)
|
|
333
|
+
msg_body = convert_mapping(@mapping, event)
|
|
319
334
|
else
|
|
320
|
-
event.to_hash
|
|
335
|
+
msg_body = event.to_hash
|
|
321
336
|
end
|
|
337
|
+
{"event" => msg_body}
|
|
322
338
|
end
|
|
323
339
|
|
|
324
340
|
def event_headers(event)
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
Gem::Specification.new do |s|
|
|
2
2
|
s.name = 'logstash-output-splunk'
|
|
3
|
-
s.version = '0.0.
|
|
3
|
+
s.version = '0.0.2'
|
|
4
4
|
s.licenses = ['Apache License (2.0)']
|
|
5
5
|
s.summary = "Sends events to a Splunk HTTP Event Collector REST API endpoints"
|
|
6
6
|
s.description = "This gem is a Logstash plugin required to be installed on top of the Logstash core pipeline using $LS_HOME/bin/logstash-plugin install gemname. This gem is not a stand-alone program"
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: logstash-output-splunk
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.2
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Jian Chen
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2020-02-
|
|
11
|
+
date: 2020-02-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: logstash-core-plugin-api
|