logstash-output-splunk_hec 0.2.2 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. checksums.yaml +4 -4
  2. data/lib/logstash/outputs/splunk_hec.rb +16 -23
  3. data/logstash-output-splunk_hec.gemspec +1 -1
  4. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f12ba6a4c0c7bd31ea2444db3fa0c169c064f2ca57e3a84e99a6a302f9e730bf
4
- data.tar.gz: 13b156bbb63461b8d5c5937ac413815e32de9d6912fc6572369c7157e974984f
3
+ metadata.gz: d8e13e0d8fc9710b93c781847aea608d0465c1d1da0c09515672c03933c8ffaa
4
+ data.tar.gz: b153c7ec6cbf0c3089d88017d97d6fe0a255c84ce934f62f5f6690b8fa0a7a5c
5
5
  SHA512:
6
- metadata.gz: c0f8630726eb385d0b12eff6902889a18522b40dcb3bb9465e8203b26aabe2f0e68d5037a1af34f773f0ddb178a14d19bd953e01dd7ffa6776e3a162752c4763
7
- data.tar.gz: 43136925203426b59f606b4190b255a2ef9f4fd92a2e6761e553ba0856e486459acf57e84e5717e64ab1c17177b14366c58b4c24309508e6107a2c1193da6bb0
6
+ metadata.gz: a322311348c0a03d7b5ab34e6c172ef0b0c1871ac449bcbbdeb89dedcc17aacc2e09d6dc1fb2b12ec56aace9931b2785ad7f6c473aff4eae808704f3a46bbf64
7
+ data.tar.gz: f4a705ec8d6ca6ffe75efa6e2193c27f5bee4d8a05a06dc7a9c08e55802dd61ed1eeaf7725995102c351f126107960b8b9b6702160f482ca3dbd00e9001527da
data/lib/logstash/outputs/splunk_hec.rb CHANGED
@@ -8,9 +8,7 @@ require "concurrent"
8
8
 
9
9
  class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
10
10
  config_name "splunk_hec"
11
-
12
11
  concurrency :shared
13
-
14
12
  config :hec_token, :validate => :string, :required => true
15
13
  config :hec_host, :validate => :string, :required => true
16
14
  config :host, :validate => :string, :default => "none"
@@ -26,9 +24,7 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
26
24
  def register
27
25
  @http = Net::HTTP.new(@hec_host, @port)
28
26
  @http.use_ssl = true
29
- @http.verify_mode = OpenSSL::SSL::VERIFY_NONE
30
27
  @uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
31
-
32
28
  @event_batch = Concurrent::Array.new
33
29
  @last_flush = Concurrent::AtomicReference.new(Time.now)
34
30
  end
@@ -36,7 +32,6 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
36
32
  public
37
33
  def receive(event)
38
34
  format_and_add_to_batch(event)
39
-
40
35
  if batch_full? || time_to_flush?
41
36
  flush_batch
42
37
  end
@@ -51,19 +46,26 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
51
46
  def format_and_add_to_batch(event)
52
47
  event_data = event.to_hash
53
48
  event_data.delete("@version")
54
-
55
49
  hec_event = {
56
50
  "time" => event.get("@timestamp").to_i,
57
- "host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
58
- "source" => @source != "none" ? @source : event.get("source") { "logstash" },
59
- "sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
60
- "index" => @index,
51
+ "host" => interpolate_field(@host, event),
52
+ "source" => interpolate_field(@source, event),
53
+ "sourcetype" => interpolate_field(@sourcetype, event),
54
+ "index" => interpolate_field(@index, event),
61
55
  "event" => event_data
62
56
  }
63
-
64
57
  @event_batch << hec_event
65
58
  end
66
59
 
60
+ private
61
+ def interpolate_field(field, event)
62
+ return field if field == "none"
63
+ event.sprintf(field)
64
+ rescue => e
65
+ @logger.warn("Error interpolating field", :field => field, :error => e.message)
66
+ field
67
+ end
68
+
67
69
  private
68
70
  def batch_full?
69
71
  @event_batch.size >= @batch_size
@@ -94,23 +96,14 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
94
96
  @last_flush.set(Time.now)
95
97
  return
96
98
  else
97
- @logger.warn("Failed to send batch to Splunk, will retry",
98
- :response_code => response.code,
99
- :response_body => response.body,
100
- :attempt => attempt + 1,
101
- :batch_size => batch_to_send.size)
99
+ @logger.warn("Failed to send batch to Splunk, will retry", :response_code => response.code, :response_body => response.body, :attempt => attempt + 1, :batch_size => batch_to_send.size)
102
100
  end
103
101
  rescue StandardError => e
104
- @logger.error("Error sending batch to Splunk, will retry",
105
- :error => e.message,
106
- :attempt => attempt + 1,
107
- :batch_size => batch_to_send.size)
102
+ @logger.error("Error sending batch to Splunk, will retry", :error => e.message, :attempt => attempt + 1, :batch_size => batch_to_send.size)
108
103
  end
109
104
  sleep(1)
110
105
  end
111
-
112
- @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts",
113
- :batch_size => batch_to_send.size)
106
+ @logger.error("Failed to send batch to Splunk after #{@retry_count} attempts", :batch_size => batch_to_send.size)
114
107
  @event_batch.concat(batch_to_send)
115
108
  end
116
109
  end
data/logstash-output-splunk_hec.gemspec CHANGED
@@ -1,6 +1,6 @@
1
1
  Gem::Specification.new do |s|
2
2
  s.name = 'logstash-output-splunk_hec'
3
- s.version = '0.2.2'
3
+ s.version = '0.3.1'
4
4
  s.licenses = ['Apache-2.0']
5
5
  s.summary = 'Logstash Output Plugin for SplunkHec'
6
6
  s.authors = ['Elisha Mawson']
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: logstash-output-splunk_hec
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.2
4
+ version: 0.3.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elisha Mawson
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-08-29 00:00:00.000000000 Z
11
+ date: 2024-08-30 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: logstash-core-plugin-api