logstash-output-splunk_hec 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/outputs/splunk_hec.rb +16 -15
  3. data/logstash-output-splunk_hec.gemspec +1 -1
  4. metadata +1 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c8c44287f9aa9bd45833d5cce538e60db131970141b39c951f64ccffe42e9bc3
4
- data.tar.gz: 240a8fb2b2abaa8f60aedd60e158531f21419d90cbc4f4d966096c7fe9eb82e5
3
+ metadata.gz: f12ba6a4c0c7bd31ea2444db3fa0c169c064f2ca57e3a84e99a6a302f9e730bf
4
+ data.tar.gz: 13b156bbb63461b8d5c5937ac413815e32de9d6912fc6572369c7157e974984f
5
5
  SHA512:
6
- metadata.gz: d35c322a512d12e456948eabdbc827dbdb324f6c42ac0114135ce2764f26795f6107f2a6540a82419a2a607ce3aa09585a48cf10e851ab7fd6dd412a3b9271d4
7
- data.tar.gz: e891f646147845fa33c5d872fe775afded22a49b41009785eebeb7ea18e0afc75f86cd7c8344dff7ad96cbc9bf651852ca3da369041682ef041136f6ca3d6997
6
+ metadata.gz: c0f8630726eb385d0b12eff6902889a18522b40dcb3bb9465e8203b26aabe2f0e68d5037a1af34f773f0ddb178a14d19bd953e01dd7ffa6776e3a162752c4763
7
+ data.tar.gz: 43136925203426b59f606b4190b255a2ef9f4fd92a2e6761e553ba0856e486459acf57e84e5717e64ab1c17177b14366c58b4c24309508e6107a2c1193da6bb0
data/lib/logstash/outputs/splunk_hec.rb CHANGED
@@ -11,21 +11,23 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
11
11
 
12
12
  concurrency :shared
13
13
 
14
- config :token, :validate => :string, :required => true
15
- config :host, :validate => :string, :required => true
14
+ config :hec_token, :validate => :string, :required => true
15
+ config :hec_host, :validate => :string, :required => true
16
+ config :host, :validate => :string, :default => "none"
17
+ config :source, :validate => :string, :default => "none"
18
+ config :sourcetype, :validate => :string, :default => "none"
16
19
  config :port, :validate => :number, :default => 443
17
20
  config :index, :validate => :string, :default => "main"
18
- config :sourcetype, :validate => :string, :default => "_json"
19
21
  config :batch_size, :validate => :number, :default => 100
20
22
  config :flush_interval, :validate => :number, :default => 5
21
23
  config :retry_count, :validate => :number, :default => 3
22
24
 
23
25
  public
24
26
  def register
25
- @http = Net::HTTP.new(@host, @port)
27
+ @http = Net::HTTP.new(@hec_host, @port)
26
28
  @http.use_ssl = true
27
29
  @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
28
- @uri = URI.parse("https://#{@host}:#{@port}/services/collector/event")
30
+ @uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
29
31
 
30
32
  @event_batch = Concurrent::Array.new
31
33
  @last_flush = Concurrent::AtomicReference.new(Time.now)
@@ -51,14 +53,13 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
51
53
  event_data.delete("@version")
52
54
 
53
55
  hec_event = {
54
- "time" => (event.get("@timestamp").to_f * 1000).to_i,
55
- "host" => event.get("[host][name]") || Socket.gethostname,
56
- "source" => event.get("source") || "logstash",
57
- "sourcetype" => @sourcetype,
58
- "index" => @index
59
- }
60
-
61
- hec_event.merge!(event_data)
56
+ "time" => event.get("@timestamp").to_i,
57
+ "host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
58
+ "source" => @source != "none" ? @source : event.get("source") { "logstash" },
59
+ "sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
60
+ "index" => @index,
61
+ "event" => event_data
62
+ }
62
63
 
63
64
  @event_batch << hec_event
64
65
  end
@@ -79,11 +80,11 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
79
80
 
80
81
  batch_to_send = @event_batch.slice!(0, @batch_size)
81
82
  request = Net::HTTP::Post.new(@uri.request_uri)
82
- request["Authorization"] = "Splunk #{@token}"
83
+ request["Authorization"] = "Splunk #{@hec_token}"
83
84
  request["Content-Type"] = "application/json"
84
85
  request.body = batch_to_send.map(&:to_json).join("\n")
85
86
 
86
- @logger.warn("Request body to be sent to Splunk:", :request_body => request.body)
87
+ @logger.warn("Request body to be sent to Splunk: #{request.body}")
87
88
 
88
89
  @retry_count.times do |attempt|
89
90
  begin
data/logstash-output-splunk_hec.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-output-splunk_hec'
3
- s.version = '0.2.0'
3
+ s.version = '0.2.2'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash Output Plugin for SplunkHec'
6
6
  s.authors = ['Elisha Mawson']
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-splunk_hec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elisha Mawson