logstash-output-splunk_hec 0.2.1 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/outputs/splunk_hec.rb +15 -29
- data/logstash-output-splunk_hec.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 77f41ae7b26b099e92fdef3e0cf4e41855a681bfa94f903d04d95a5907cb6a52
|
|
4
|
+
data.tar.gz: 525a3432cfddbf1a40fc951a62efd198f7901cb497fe750bce967a042c1d12ea
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f72c3bef105aa5604165b8ee718728cee25b4563292eb6459eaa7235bbed6da512770d1f60db9fa7a2eab8e128a3875e3d1a56aa12269728a3952556d00acea2
|
|
7
|
+
data.tar.gz: fdb77029972571cc683511113f89e599c963f47a381295b9dd87f4e50f7662e43b9cd05a6dbae3bcd9c0a0c239db31baf2667f535ac5bd8d68bccf149767a268
|
|
@@ -8,25 +8,23 @@ require "concurrent"
|
|
|
8
8
|
|
|
9
9
|
class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
10
10
|
config_name "splunk_hec"
|
|
11
|
-
|
|
12
11
|
concurrency :shared
|
|
13
|
-
|
|
14
|
-
config :
|
|
15
|
-
config :host, :validate => :string, :
|
|
12
|
+
config :hec_token, :validate => :string, :required => true
|
|
13
|
+
config :hec_host, :validate => :string, :required => true
|
|
14
|
+
config :host, :validate => :string, :default => "none"
|
|
15
|
+
config :source, :validate => :string, :default => "none"
|
|
16
|
+
config :sourcetype, :validate => :string, :default => "none"
|
|
16
17
|
config :port, :validate => :number, :default => 443
|
|
17
18
|
config :index, :validate => :string, :default => "main"
|
|
18
|
-
config :sourcetype, :validate => :string, :default => "_json"
|
|
19
19
|
config :batch_size, :validate => :number, :default => 100
|
|
20
20
|
config :flush_interval, :validate => :number, :default => 5
|
|
21
21
|
config :retry_count, :validate => :number, :default => 3
|
|
22
22
|
|
|
23
23
|
public
|
|
24
24
|
def register
|
|
25
|
-
@http = Net::HTTP.new(@
|
|
25
|
+
@http = Net::HTTP.new(@hec_host, @port)
|
|
26
26
|
@http.use_ssl = true
|
|
27
|
-
@
|
|
28
|
-
@uri = URI.parse("https://#{@host}:#{@port}/services/collector/event")
|
|
29
|
-
|
|
27
|
+
@uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
|
|
30
28
|
@event_batch = Concurrent::Array.new
|
|
31
29
|
@last_flush = Concurrent::AtomicReference.new(Time.now)
|
|
32
30
|
end
|
|
@@ -34,7 +32,6 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
34
32
|
public
|
|
35
33
|
def receive(event)
|
|
36
34
|
format_and_add_to_batch(event)
|
|
37
|
-
|
|
38
35
|
if batch_full? || time_to_flush?
|
|
39
36
|
flush_batch
|
|
40
37
|
end
|
|
@@ -49,16 +46,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
49
46
|
def format_and_add_to_batch(event)
|
|
50
47
|
event_data = event.to_hash
|
|
51
48
|
event_data.delete("@version")
|
|
52
|
-
|
|
53
49
|
hec_event = {
|
|
54
50
|
"time" => event.get("@timestamp").to_i,
|
|
55
|
-
"host" => event.get("host")&.fetch("name") { Socket.gethostname },
|
|
56
|
-
"source" => event.get("source") { "logstash" },
|
|
57
|
-
"sourcetype" => @sourcetype,
|
|
51
|
+
"host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
|
|
52
|
+
"source" => @source != "none" ? @source : event.get("source") { "logstash" },
|
|
53
|
+
"sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
|
|
58
54
|
"index" => @index,
|
|
59
55
|
"event" => event_data
|
|
60
|
-
}
|
|
61
|
-
|
|
56
|
+
}
|
|
62
57
|
@event_batch << hec_event
|
|
63
58
|
end
|
|
64
59
|
|
|
@@ -78,7 +73,7 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
78
73
|
|
|
79
74
|
batch_to_send = @event_batch.slice!(0, @batch_size)
|
|
80
75
|
request = Net::HTTP::Post.new(@uri.request_uri)
|
|
81
|
-
request["Authorization"] = "Splunk #{@
|
|
76
|
+
request["Authorization"] = "Splunk #{@hec_token}"
|
|
82
77
|
request["Content-Type"] = "application/json"
|
|
83
78
|
request.body = batch_to_send.map(&:to_json).join("\n")
|
|
84
79
|
|
|
@@ -92,23 +87,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
92
87
|
@last_flush.set(Time.now)
|
|
93
88
|
return
|
|
94
89
|
else
|
|
95
|
-
@logger.warn("Failed to send batch to Splunk, will retry",
|
|
96
|
-
:response_code => response.code,
|
|
97
|
-
:response_body => response.body,
|
|
98
|
-
:attempt => attempt + 1,
|
|
99
|
-
:batch_size => batch_to_send.size)
|
|
90
|
+
@logger.warn("Failed to send batch to Splunk, will retry", :response_code => response.code, :response_body => response.body, :attempt => attempt + 1, :batch_size => batch_to_send.size)
|
|
100
91
|
end
|
|
101
92
|
rescue StandardError => e
|
|
102
|
-
@logger.error("Error sending batch to Splunk, will retry",
|
|
103
|
-
:error => e.message,
|
|
104
|
-
:attempt => attempt + 1,
|
|
105
|
-
:batch_size => batch_to_send.size)
|
|
93
|
+
@logger.error("Error sending batch to Splunk, will retry", :error => e.message, :attempt => attempt + 1, :batch_size => batch_to_send.size)
|
|
106
94
|
end
|
|
107
95
|
sleep(1)
|
|
108
96
|
end
|
|
109
|
-
|
|
110
|
-
@logger.error("Failed to send batch to Splunk after #{@retry_count} attempts",
|
|
111
|
-
:batch_size => batch_to_send.size)
|
|
97
|
+
@logger.error("Failed to send batch to Splunk after #{@retry_count} attempts", :batch_size => batch_to_send.size)
|
|
112
98
|
@event_batch.concat(batch_to_send)
|
|
113
99
|
end
|
|
114
100
|
end
|