logstash-output-splunk_hec 0.2.1 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '09f53b9c010a8b0a598df047bd79b44358b8960c512897b58d02b6ca046b1b0c'
-  data.tar.gz: b6887b783ed1bfae45cc50850d3a59ccfd07e1a00a492462e1d7e518f9bda250
+  metadata.gz: 77f41ae7b26b099e92fdef3e0cf4e41855a681bfa94f903d04d95a5907cb6a52
+  data.tar.gz: 525a3432cfddbf1a40fc951a62efd198f7901cb497fe750bce967a042c1d12ea
 SHA512:
-  metadata.gz: 77d1fc5fbbef2c3e21367253f9add4451f5c512025d82cb3b21f15d3b2824e76605c301accf6e1eeeacd9fc13328a7770b6fbbbc3f1933af42e70ed69b7c12e6
-  data.tar.gz: c84e0e56254de9d4829d7aeacdf2bcfe7e3b80bdc949a9cabbe3b7fc23ed5fec4c141ea35fb07bc346f58f498b46010f366b883d1f54f5adf7becc26f50223d4
+  metadata.gz: f72c3bef105aa5604165b8ee718728cee25b4563292eb6459eaa7235bbed6da512770d1f60db9fa7a2eab8e128a3875e3d1a56aa12269728a3952556d00acea2
+  data.tar.gz: fdb77029972571cc683511113f89e599c963f47a381295b9dd87f4e50f7662e43b9cd05a6dbae3bcd9c0a0c239db31baf2667f535ac5bd8d68bccf149767a268

data/lib/logstash/outputs/splunk_hec.rb

@@ -8,25 +8,23 @@ require "concurrent"
 
 class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
   config_name "splunk_hec"
-
   concurrency :shared
-
-  config :token, :validate => :string, :required => true
-  config :host, :validate => :string, :required => true
+  config :hec_token, :validate => :string, :required => true
+  config :hec_host, :validate => :string, :required => true
+  config :host, :validate => :string, :default => "none"
+  config :source, :validate => :string, :default => "none"
+  config :sourcetype, :validate => :string, :default => "none"
   config :port, :validate => :number, :default => 443
   config :index, :validate => :string, :default => "main"
-  config :sourcetype, :validate => :string, :default => "_json"
   config :batch_size, :validate => :number, :default => 100
   config :flush_interval, :validate => :number, :default => 5
   config :retry_count, :validate => :number, :default => 3
 
   public
   def register
-    @http = Net::HTTP.new(@host, @port)
+    @http = Net::HTTP.new(@hec_host, @port)
     @http.use_ssl = true
-    @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-    @uri = URI.parse("https://#{@host}:#{@port}/services/collector/event")
-    
+    @uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
     @event_batch = Concurrent::Array.new
     @last_flush = Concurrent::AtomicReference.new(Time.now)
   end
@@ -34,7 +32,6 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
   public
   def receive(event)
     format_and_add_to_batch(event)
-    
     if batch_full? || time_to_flush?
       flush_batch
     end
@@ -49,16 +46,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
   def format_and_add_to_batch(event)
     event_data = event.to_hash
     event_data.delete("@version")
-
     hec_event = {
       "time" => event.get("@timestamp").to_i,
-      "host" => event.get("host")&.fetch("name") { Socket.gethostname },
-      "source" => event.get("source") { "logstash" },
-      "sourcetype" => @sourcetype,
+      "host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
+      "source" => @source != "none" ? @source : event.get("source") { "logstash" },
+      "sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
       "index" => @index,
       "event" => event_data
-    }
-
+    }    
     @event_batch << hec_event
   end
 
@@ -78,7 +73,7 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
 
     batch_to_send = @event_batch.slice!(0, @batch_size)
     request = Net::HTTP::Post.new(@uri.request_uri)
-    request["Authorization"] = "Splunk #{@token}"
+    request["Authorization"] = "Splunk #{@hec_token}"
     request["Content-Type"] = "application/json"
     request.body = batch_to_send.map(&:to_json).join("\n")
 
@@ -92,23 +87,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
           @last_flush.set(Time.now)
           return
         else
-          @logger.warn("Failed to send batch to Splunk, will retry",
-                       :response_code => response.code,
-                       :response_body => response.body,
-                       :attempt => attempt + 1,
-                       :batch_size => batch_to_send.size)
+          @logger.warn("Failed to send batch to Splunk, will retry", :response_code => response.code, :response_body => response.body, :attempt => attempt + 1, :batch_size => batch_to_send.size)
         end
       rescue StandardError => e
-        @logger.error("Error sending batch to Splunk, will retry",
-                      :error => e.message,
-                      :attempt => attempt + 1,
-                      :batch_size => batch_to_send.size)
+        @logger.error("Error sending batch to Splunk, will retry", :error => e.message, :attempt => attempt + 1, :batch_size => batch_to_send.size)
       end
       sleep(1)
     end
-
-    @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts",
-                  :batch_size => batch_to_send.size)
+    @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts", :batch_size => batch_to_send.size)
     @event_batch.concat(batch_to_send)
   end
 end

data/logstash-output-splunk_hec.gemspec

@@ -1,6 +1,6 @@
 Gem::Specification.new do |s|
   s.name          = 'logstash-output-splunk_hec'
-  s.version       = '0.2.1'
+  s.version       = '0.3.0'
   s.licenses      = ['Apache-2.0']
   s.summary       = 'Logstash Output Plugin for SplunkHec'
   s.authors       = ['Elisha Mawson']

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: logstash-output-splunk_hec
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.3.0
 platform: ruby
 authors:
 - Elisha Mawson