Documentation ¶
Index ¶
- Constants
- Variables
- func String(str string) *string
- type Client
- func (hec *Client) SetChannel(channel string)
- func (hec *Client) SetCompression(compression string)
- func (hec *Client) SetHTTPClient(client *http.Client)
- func (hec *Client) SetKeepAlive(enable bool)
- func (hec *Client) SetMaxContentLength(size int)
- func (hec *Client) SetMaxRetry(retries int)
- func (hec *Client) WaitForAcknowledgement() error
- func (hec *Client) WaitForAcknowledgementWithContext(ctx context.Context) error
- func (hec *Client) WriteBatch(events []*Event) error
- func (hec *Client) WriteBatchWithContext(ctx context.Context, events []*Event) error
- func (hec *Client) WriteEvent(event *Event) error
- func (hec *Client) WriteEventWithContext(ctx context.Context, event *Event) error
- func (hec *Client) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error
- func (hec *Client) WriteRawWithContext(ctx context.Context, reader io.ReadSeeker, metadata *EventMetadata) error
- type Cluster
- func (c *Cluster) SetChannel(channel string)
- func (c *Cluster) SetCompression(compression string)
- func (c *Cluster) SetHTTPClient(httpClient *http.Client)
- func (c *Cluster) SetKeepAlive(enable bool)
- func (c *Cluster) SetMaxContentLength(size int)
- func (c *Cluster) SetMaxRetry(retries int)
- func (c *Cluster) WriteBatch(events []*Event) error
- func (c *Cluster) WriteEvent(event *Event) error
- func (c *Cluster) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error
- type Event
- func (e *Event) SetField(fieldName string, val interface{})
- func (e *Event) SetFields(fields map[string]interface{})
- func (e *Event) SetHost(host string)
- func (e *Event) SetIndex(index string)
- func (e *Event) SetSource(source string)
- func (e *Event) SetSourceType(sourcetype string)
- func (e *Event) SetTime(time time.Time)
- type EventMetadata
- type HEC
- type Response
Constants ¶
View Source
const ( StatusSuccess = 0 StatusTokenDisabled = 1 StatusTokenRequired = 2 StatusInvalidAuthorization = 3 StatusInvalidToken = 4 StatusNoData = 5 StatusInvalidDataFormat = 6 StatusIncorrectIndex = 7 StatusInternalServerError = 8 StatusServerBusy = 9 StatusChannelMissing = 10 StatusInvalidChannel = 11 StatusEventFieldRequired = 12 StatusEventFieldBlank = 13 StatusAckDisabled = 14 )
Response status codes
Variables ¶
View Source
var ErrEventTooLong = errors.New("Event length is too long")
Functions ¶
Types ¶
type Client ¶
type Client struct { HEC // contains filtered or unexported fields }
func (*Client) SetChannel ¶
func (*Client) SetCompression ¶ added in v0.4.0
func (*Client) SetHTTPClient ¶
func (*Client) SetKeepAlive ¶
func (*Client) SetMaxContentLength ¶ added in v0.3.0
func (*Client) SetMaxRetry ¶ added in v0.2.0
func (*Client) WaitForAcknowledgement ¶ added in v0.4.0
WaitForAcknowledgement blocks until the Splunk indexer has acknowledged that all previously submitted data has been successfully indexed or if the default acknowledgement timeout is reached. This requires the HEC token configuration in Splunk to have indexer acknowledgement enabled.
func (*Client) WaitForAcknowledgementWithContext ¶ added in v0.4.0
WaitForAcknowledgementWithContext blocks until the Splunk indexer has acknowledged that all previously submitted data has been successfully indexed or if the provided context is cancelled. This requires the HEC token configuration in Splunk to have indexer acknowledgement enabled.
func (*Client) WriteBatch ¶
func (*Client) WriteBatchWithContext ¶ added in v0.4.0
func (*Client) WriteEvent ¶
func (*Client) WriteEventWithContext ¶ added in v0.4.0
func (*Client) WriteRaw ¶
func (hec *Client) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error
func (*Client) WriteRawWithContext ¶ added in v0.4.0
func (hec *Client) WriteRawWithContext(ctx context.Context, reader io.ReadSeeker, metadata *EventMetadata) error
type Cluster ¶
type Cluster struct { HEC // contains filtered or unexported fields }
func (*Cluster) SetChannel ¶
func (*Cluster) SetCompression ¶ added in v0.4.0
func (*Cluster) SetHTTPClient ¶
func (*Cluster) SetKeepAlive ¶
func (*Cluster) SetMaxContentLength ¶ added in v0.3.0
func (*Cluster) SetMaxRetry ¶ added in v0.2.0
func (*Cluster) WriteBatch ¶
func (*Cluster) WriteEvent ¶
func (*Cluster) WriteRaw ¶
func (c *Cluster) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error
type Event ¶
type Event struct { Host *string `json:"host,omitempty"` Index *string `json:"index,omitempty"` Source *string `json:"source,omitempty"` SourceType *string `json:"sourcetype,omitempty"` Time *string `json:"time,omitempty"` Fields map[string]interface{} `json:"fields,omitempty"` Event interface{} `json:"event"` }
func (*Event) SetSourceType ¶
type EventMetadata ¶
type HEC ¶
type HEC interface { SetHTTPClient(client *http.Client) SetKeepAlive(enable bool) SetChannel(channel string) SetMaxRetry(retries int) SetMaxContentLength(size int) SetCompression(compression string) // WriteEvent writes single event via HEC json mode WriteEvent(event *Event) error // WriteBatch writes multiple events via HCE batch mode WriteBatch(events []*Event) error // WriteBatchWithContext writes multiple events via HEC batch mode with a context for cancellation WriteBatchWithContext(ctx context.Context, events []*Event) error // WriteRaw writes raw data stream via HEC raw mode WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error // WriteRawWithContext writes raw data stream via HEC raw mode with a context for cancellation WriteRawWithContext(ctx context.Context, reader io.ReadSeeker, metadata *EventMetadata) error // WaitForAcknowledgement blocks until the Splunk indexer acknowledges data sent to it WaitForAcknowledgement() error // WaitForAcknowledgementWithContext blocks until the Splunk indexer acknowledges data sent to it with a context for cancellation WaitForAcknowledgementWithContext(ctx context.Context) error }
func NewCluster ¶
type Response ¶
type Response struct { Text string `json:"text"` Code int `json:"code"` AckID *int `json:"ackId"` // Use a pointer so we can differentiate between a 0 and an ack ID not being specified Acks map[string]bool `json:"acks"` // Splunk returns ack IDs as strings rather than ints }
Response is response message from HEC. For example, `{"text":"Success","code":0}`.
Click to show internal directories.
Click to hide internal directories.