Class: SemanticLogger::Appender::SplunkHttp

Inherits:
Http show all
Defined in:
lib/semantic_logger/appender/splunk_http.rb

Instance Attribute Summary collapse

Attributes inherited from Http

#compress, #continue_timeout, #header, #http, #open_timeout, #path, #port, #proxy_url, #read_timeout, #server, #ssl_options, #url, #username

Attributes inherited from Subscriber

#application, #environment, #formatter, #host, #logger, #metrics

Instance Method Summary collapse

Methods inherited from Http

#batch, #batch_by_default?, #log, #reopen

Methods inherited from Subscriber

#batch_by_default?, #close, #console_output?, #console_stream, #default_formatter, #flush, #level, #log, #should_log?

Constructor Details

#initialize(token: nil, source_type: nil, index: nil, compress: true, **args) ⇒ SplunkHttp

Create Splunk appender over persistent HTTP(S)

Parameters:

token: [String]
Token created in Splunk for this HTTP Appender
Mandatory.

source_type: [String]
Optional: Source type to display in Splunk

index: [String]
Optional: Name of a valid index for this message in Splunk.

url: [String]
Valid URL to post to.
  Example: http://example.com
To enable SSL include https in the URL.
  Example: https://example.com
  verify_mode will default: OpenSSL::SSL::VERIFY_PEER

application: [String]
Name of this application to appear in log messages.
Default: SemanticLogger.application

host: [String]
Name of this host to appear in log messages.
Default: SemanticLogger.host

compress: [true|false]
Splunk supports HTTP Compression, enable by default.
Default: true

ssl: [Hash]
Specific SSL options: For more details see NET::HTTP.start
  ca_file, ca_path, cert, cert_store, ciphers, key, open_timeout, read_timeout, ssl_timeout,
  ssl_version, use_ssl, verify_callback, verify_depth and verify_mode.

level: [:trace | :debug | :info | :warn | :error | :fatal]
Override the log level for this appender.
Default: SemanticLogger.default_level

formatter: [Object|Proc]
An instance of a class that implements #call, or a Proc to be used to format
the output from this appender
Default: Use the built-in formatter (See: #call)

filter: [Regexp|Proc]
RegExp: Only include log messages where the class name matches the supplied.
regular expression. All other messages will be ignored.
Proc: Only include log messages where the supplied Proc returns true
      The Proc must return true or false.


71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 71

def initialize(token: nil,
               source_type: nil,
               index: nil,
               compress: true,
               **args,
               &)
  @source_type = source_type
  @index       = index

  super(compress: compress, **args, &)

  # Put splunk auth token in the header of every HTTP post.
  @header["Authorization"] = "Splunk #{token}"
end

Instance Attribute Details

#indexObject

Returns the value of attribute index.



18
19
20
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 18

def index
  @index
end

#source_typeObject

Returns the value of attribute source_type.



18
19
20
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 18

def source_type
  @source_type
end

Instance Method Details

#call(log, logger) ⇒ Object

Returns [String] JSON to send to Splunk.

For splunk format requirements see:

https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector


90
91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 90

def call(log, logger)
  h = SemanticLogger::Formatters::Raw.new(time_format: :seconds).call(log, logger)
  h.delete(:host)
  message = {
    source: logger.application,
    host:   logger.host,
    time:   h.delete(:time),
    event:  h
  }
  message[:sourcetype]  = source_type if source_type
  message[:index]       = index if index
  Utils.to_json(message)
end