logstash-output-splunk_hec 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/logstash/outputs/splunk_hec.rb +12 -10
- data/logstash-output-splunk_hec.gemspec +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f12ba6a4c0c7bd31ea2444db3fa0c169c064f2ca57e3a84e99a6a302f9e730bf
|
|
4
|
+
data.tar.gz: 13b156bbb63461b8d5c5937ac413815e32de9d6912fc6572369c7157e974984f
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c0f8630726eb385d0b12eff6902889a18522b40dcb3bb9465e8203b26aabe2f0e68d5037a1af34f773f0ddb178a14d19bd953e01dd7ffa6776e3a162752c4763
|
|
7
|
+
data.tar.gz: 43136925203426b59f606b4190b255a2ef9f4fd92a2e6761e553ba0856e486459acf57e84e5717e64ab1c17177b14366c58b4c24309508e6107a2c1193da6bb0
|
|
@@ -11,21 +11,23 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
11
11
|
|
|
12
12
|
concurrency :shared
|
|
13
13
|
|
|
14
|
-
config :
|
|
15
|
-
config :
|
|
14
|
+
config :hec_token, :validate => :string, :required => true
|
|
15
|
+
config :hec_host, :validate => :string, :required => true
|
|
16
|
+
config :host, :validate => :string, :default => "none"
|
|
17
|
+
config :source, :validate => :string, :default => "none"
|
|
18
|
+
config :sourcetype, :validate => :string, :default => "none"
|
|
16
19
|
config :port, :validate => :number, :default => 443
|
|
17
20
|
config :index, :validate => :string, :default => "main"
|
|
18
|
-
config :sourcetype, :validate => :string, :default => "_json"
|
|
19
21
|
config :batch_size, :validate => :number, :default => 100
|
|
20
22
|
config :flush_interval, :validate => :number, :default => 5
|
|
21
23
|
config :retry_count, :validate => :number, :default => 3
|
|
22
24
|
|
|
23
25
|
public
|
|
24
26
|
def register
|
|
25
|
-
@http = Net::HTTP.new(@
|
|
27
|
+
@http = Net::HTTP.new(@hec_host, @port)
|
|
26
28
|
@http.use_ssl = true
|
|
27
29
|
@http.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
28
|
-
@uri = URI.parse("https://#{@
|
|
30
|
+
@uri = URI.parse("https://#{@hec_host}:#{@port}/services/collector/event")
|
|
29
31
|
|
|
30
32
|
@event_batch = Concurrent::Array.new
|
|
31
33
|
@last_flush = Concurrent::AtomicReference.new(Time.now)
|
|
@@ -52,12 +54,12 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
52
54
|
|
|
53
55
|
hec_event = {
|
|
54
56
|
"time" => event.get("@timestamp").to_i,
|
|
55
|
-
"host" => event.get("host")&.fetch("name") { Socket.gethostname },
|
|
56
|
-
"source" => event.get("source") { "logstash" },
|
|
57
|
-
"sourcetype" => @sourcetype,
|
|
57
|
+
"host" => @host != "none" ? @host : event.get("host")&.fetch("name") { Socket.gethostname } || "default_host",
|
|
58
|
+
"source" => @source != "none" ? @source : event.get("source") { "logstash" },
|
|
59
|
+
"sourcetype" => @sourcetype != "none" ? @sourcetype : "_json",
|
|
58
60
|
"index" => @index,
|
|
59
61
|
"event" => event_data
|
|
60
|
-
}
|
|
62
|
+
}
|
|
61
63
|
|
|
62
64
|
@event_batch << hec_event
|
|
63
65
|
end
|
|
@@ -78,7 +80,7 @@ class LogStash::Outputs::SplunkHec < LogStash::Outputs::Base
|
|
|
78
80
|
|
|
79
81
|
batch_to_send = @event_batch.slice!(0, @batch_size)
|
|
80
82
|
request = Net::HTTP::Post.new(@uri.request_uri)
|
|
81
|
-
request["Authorization"] = "Splunk #{@
|
|
83
|
+
request["Authorization"] = "Splunk #{@hec_token}"
|
|
82
84
|
request["Content-Type"] = "application/json"
|
|
83
85
|
request.body = batch_to_send.map(&:to_json).join("\n")
|
|
84
86
|
|