Code Monkey home page Code Monkey logo

splunk-class-httpevent's Introduction

Python Class for Sending Events to Splunk HTTP Event Collector

Version/Date: 1.81 2020-08-15

Author: George Starcher (starcher) Email: [email protected]

Thanks to Chandler Newby for getting this into the threaded design. Thanks to Paul Miller for the pip support.

This code is presented AS IS under MIT license.

Description:

This is a python class file for use with other python scripts to send events to a Splunk http event collector.

Supported product(s):

  • Splunk v6.3.X+
  • Splunk v6.4.X+ for the raw input option

Using this Python Class

Configuration: Manual

You will need to put this with any other code and import the class as needed. Instantiate a copy of the http_event_collector object and use to generate and submit payloads as you see in the example main() method.

Configuration: With pip

pip install git+git://github.com/georgestarcher/Splunk-Class-httpevent.git

OR

pip3 install git+git://github.com/georgestarcher/Splunk-Class-httpevent.git

Once installed you can start python then

from splunk_http_event_collector import http_event_collector
help(http_event_collector)

HEC Collector level index and sourcetype

hec_server.index = "test"
hec_server.sourcetype = "syslog"

This works for either RAW or JSON. JSON has the option of the normal existing behavior to override per event by placing in the payload as shown in example.py

Logging

Logging has been improved to use a proper logger. Note that declaring the basicConfig is the job of your calling code. See main on the class py file for example. Because it is just using a logger you can call the setLevel function on it to the level you wish.

Notes:

  • You can use the sendEvent() method to send data immediately.
  • It is more efficient to use the batchEvent() and flushBatch() methods to submit multiple events at once across multiple threads.
  • You must call flushBatch() if using batchEvent() or you risk exiting your code before all threads have flushed their data to Splunk.
  • There is now an optional input_type when declaring your HEC server. It defaults to the normal JSON event format but adds raw support.
  • Added a pop null fields option. Defaults to False to preserve existing class behavior.
  • Added a check_connectivity method that is optional. See example.py for use and docstrings on the method for details.

Change Notes:

  • Fixed issue where eventtype on sendEvent and batchEvent was not properly assigned if time field missing from payload.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.