logstash-output-splunk_hec 0.2.2 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/outputs/splunk_hec.rb +16 -23
  3. data/logstash-output-splunk_hec.gemspec +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f12ba6a4c0c7bd31ea2444db3fa0c169c064f2ca57e3a84e99a6a302f9e730bf
4
- data.tar.gz: 13b156bbb63461b8d5c5937ac413815e32de9d6912fc6572369c7157e974984f
3
+ metadata.gz: d8e13e0d8fc9710b93c781847aea608d0465c1d1da0c09515672c03933c8ffaa
4
+ data.tar.gz: b153c7ec6cbf0c3089d88017d97d6fe0a255c84ce934f62f5f6690b8fa0a7a5c
5
5
  SHA512:
6
- metadata.gz: c0f8630726eb385d0b12eff6902889a18522b40dcb3bb9465e8203b26aabe2f0e68d5037a1af34f773f0ddb178a14d19bd953e01dd7ffa6776e3a162752c4763
7
- data.tar.gz: 43136925203426b59f606b4190b255a2ef9f4fd92a2e6761e553ba0856e486459acf57e84e5717e64ab1c17177b14366c58b4c24309508e6107a2c1193da6bb0
6
+ metadata.gz: a322311348c0a03d7b5ab34e6c172ef0b0c1871ac449bcbbdeb89dedcc17aacc2e09d6dc1fb2b12ec56aace9931b2785ad7f6c473aff4eae808704f3a46bbf64
7
+ data.tar.gz: f4a705ec8d6ca6ffe75efa6e2193c27f5bee4d8a05a06dc7a9c08e55802dd61ed1eeaf7725995102c351f126107960b8b9b6702160f482ca3dbd00e9001527da
data/lib/logstash/outputs/splunk_hec.rb CHANGED
@@ -8,9 +8,7 @@ require "concurrent"
8
8
 
9
9
  class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
10
10
  config_name "splunk_hec"
11
-
12
11
  concurrency :shared
13
-
14
12
  config :hec_token, :validate => :string, :required => true
15
13
  config :hec_host, :validate => :string, :required => true
16
14
  config :host, :validate => :string, :default => "none"
@@ -26,9 +24,7 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
26
24
  def register
27
25
  @http = Net::HTTP.new(@hec_host, @port)
28
26
  @http.use_ssl = true
29
- @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
30
27
  @uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
31
-
32
28
  @event_batch = Concurrent::Array.new
33
29
  @last_flush = Concurrent::AtomicReference.new(Time.now)
34
30
  end
@@ -36,7 +32,6 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
36
32
  public
37
33
  def receive(event)
38
34
  format_and_add_to_batch(event)
39
-
40
35
  if batch_full? || time_to_flush?
41
36
  flush_batch
42
37
  end
@@ -51,19 +46,26 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
51
46
  def format_and_add_to_batch(event)
52
47
  event_data = event.to_hash
53
48
  event_data.delete("@version")
54
-
55
49
  hec_event = {
56
50
  "time" => event.get("@timestamp").to_i,
57
- "host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
58
- "source" => @source != "none" ? @source : event.get("source") { "logstash" },
59
- "sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
60
- "index" => @index,
51
+ "host" => interpolate_field(@host, event),
52
+ "source" => interpolate_field(@source, event),
53
+ "sourcetype" => interpolate_field(@sourcetype, event),
54
+ "index" => interpolate_field(@index, event),
61
55
  "event" => event_data
62
56
  }
63
-
64
57
  @event_batch << hec_event
65
58
  end
66
59
 
60
+ private
61
+ def interpolate_field(field, event)
62
+ return field if field == "none"
63
+ event.sprintf(field)
64
+ rescue => e
65
+ @logger.warn("Error interpolating field", :field => field, :error => e.message)
66
+ field
67
+ end
68
+
67
69
  private
68
70
  def batch_full?
69
71
  @event_batch.size >= @batch_size
@@ -94,23 +96,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
94
96
  @last_flush.set(Time.now)
95
97
  return
96
98
  else
97
- @logger.warn("Failed to send batch to Splunk, will retry",
98
- :response_code => response.code,
99
- :response_body => response.body,
100
- :attempt => attempt + 1,
101
- :batch_size => batch_to_send.size)
99
+ @logger.warn("Failed to send batch to Splunk, will retry", :response_code => response.code, :response_body => response.body, :attempt => attempt + 1, :batch_size => batch_to_send.size)
102
100
  end
103
101
  rescue StandardError => e
104
- @logger.error("Error sending batch to Splunk, will retry",
105
- :error => e.message,
106
- :attempt => attempt + 1,
107
- :batch_size => batch_to_send.size)
102
+ @logger.error("Error sending batch to Splunk, will retry", :error => e.message, :attempt => attempt + 1, :batch_size => batch_to_send.size)
108
103
  end
109
104
  sleep(1)
110
105
  end
111
-
112
- @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts",
113
- :batch_size => batch_to_send.size)
106
+ @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts", :batch_size => batch_to_send.size)
114
107
  @event_batch.concat(batch_to_send)
115
108
  end
116
109
  end
data/logstash-output-splunk_hec.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-output-splunk_hec'
3
- s.version = '0.2.2'
3
+ s.version = '0.3.1'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash Output Plugin for SplunkHec'
6
6
  s.authors = ['Elisha Mawson']
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-splunk_hec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elisha Mawson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-29 00:00:00.000000000 Z
11
+ date: 2024-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logstash-core-plugin-api