logstash-output-splunk_hec 0.2.0 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/outputs/splunk_hec.rb +16 -15
  3. data/logstash-output-splunk_hec.gemspec +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c8c44287f9aa9bd45833d5cce538e60db131970141b39c951f64ccffe42e9bc3
4
- data.tar.gz: 240a8fb2b2abaa8f60aedd60e158531f21419d90cbc4f4d966096c7fe9eb82e5
3
+ metadata.gz: f12ba6a4c0c7bd31ea2444db3fa0c169c064f2ca57e3a84e99a6a302f9e730bf
4
+ data.tar.gz: 13b156bbb63461b8d5c5937ac413815e32de9d6912fc6572369c7157e974984f
5
5
  SHA512:
6
- metadata.gz: d35c322a512d12e456948eabdbc827dbdb324f6c42ac0114135ce2764f26795f6107f2a6540a82419a2a607ce3aa09585a48cf10e851ab7fd6dd412a3b9271d4
7
- data.tar.gz: e891f646147845fa33c5d872fe775afded22a49b41009785eebeb7ea18e0afc75f86cd7c8344dff7ad96cbc9bf651852ca3da369041682ef041136f6ca3d6997
6
+ metadata.gz: c0f8630726eb385d0b12eff6902889a18522b40dcb3bb9465e8203b26aabe2f0e68d5037a1af34f773f0ddb178a14d19bd953e01dd7ffa6776e3a162752c4763
7
+ data.tar.gz: 43136925203426b59f606b4190b255a2ef9f4fd92a2e6761e553ba0856e486459acf57e84e5717e64ab1c17177b14366c58b4c24309508e6107a2c1193da6bb0
data/lib/logstash/outputs/splunk_hec.rb CHANGED
@@ -11,21 +11,23 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
11
11
 
12
12
  concurrency :shared
13
13
 
14
- config :token, :validate => :string, :required => true
15
- config :host, :validate => :string, :required => true
14
+ config :hec_token, :validate => :string, :required => true
15
+ config :hec_host, :validate => :string, :required => true
16
+ config :host, :validate => :string, :default => "none"
17
+ config :source, :validate => :string, :default => "none"
18
+ config :sourcetype, :validate => :string, :default => "none"
16
19
  config :port, :validate => :number, :default => 443
17
20
  config :index, :validate => :string, :default => "main"
18
- config :sourcetype, :validate => :string, :default => "_json"
19
21
  config :batch_size, :validate => :number, :default => 100
20
22
  config :flush_interval, :validate => :number, :default => 5
21
23
  config :retry_count, :validate => :number, :default => 3
22
24
 
23
25
  public
24
26
  def register
25
- @http = Net::HTTP.new(@host, @port)
27
+ @http = Net::HTTP.new(@hec_host, @port)
26
28
  @http.use_ssl = true
27
29
  @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
28
- @uri = URI.parse("https://#{@host}:#{@port}/services/collector/event")
30
+ @uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
29
31
 
30
32
  @event_batch = Concurrent::Array.new
31
33
  @last_flush = Concurrent::AtomicReference.new(Time.now)
@@ -51,14 +53,13 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
51
53
  event_data.delete("@version")
52
54
 
53
55
  hec_event = {
54
- "time" => (event.get("@timestamp").to_f * 1000).to_i,
55
- "host" => event.get("[host][name]") || Socket.gethostname,
56
- "source" => event.get("source") || "logstash",
57
- "sourcetype" => @sourcetype,
58
- "index" => @index
59
- }
60
-
61
- hec_event.merge!(event_data)
56
+ "time" => event.get("@timestamp").to_i,
57
+ "host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
58
+ "source" => @source != "none" ? @source : event.get("source") { "logstash" },
59
+ "sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
60
+ "index" => @index,
61
+ "event" => event_data
62
+ }
62
63
 
63
64
  @event_batch << hec_event
64
65
  end
@@ -79,11 +80,11 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
79
80
 
80
81
  batch_to_send = @event_batch.slice!(0, @batch_size)
81
82
  request = Net::HTTP::Post.new(@uri.request_uri)
82
- request["Authorization"] = "Splunk #{@token}"
83
+ request["Authorization"] = "Splunk #{@hec_token}"
83
84
  request["Content-Type"] = "application/json"
84
85
  request.body = batch_to_send.map(&:to_json).join("\n")
85
86
 
86
- @logger.warn("Request body to be sent to Splunk:", :request_body => request.body)
87
+ @logger.warn("Request body to be sent to Splunk: #{request.body}")
87
88
 
88
89
  @retry_count.times do |attempt|
89
90
  begin
data/logstash-output-splunk_hec.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-output-splunk_hec'
3
- s.version = '0.2.0'
3
+ s.version = '0.2.2'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash Output Plugin for SplunkHec'
6
6
  s.authors = ['Elisha Mawson']
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-splunk_hec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elisha Mawson