hec

package module

v0.4.0 Latest Latest Go to latest Published: Sep 9, 2021 License: Apache-2.0 Imports: 14 Imported by: 17

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/fuyufjh/splunk-hec-go

Links

Open Source Insights

README ¶

Splunk HEC Golang Library

Golang library for Splunk HTTP Event Collector (HEC).

Build

You need install glide before build.

Install all dependencies

glide install

Build the example

go build -o build/example ./example/main.go

Features

Support HEC JSON mode and Raw mode
Send batch of events
Customize retrying times
Cut big batch into chunk less than MaxContentLength
Indexer acknowledgement
Streaming data via HEC Raw

Example

client := hec.NewCluster(
	[]string{"https://127.0.0.1:8088", "https://localhost:8088"},
	"00000000-0000-0000-0000-000000000000",
)
client.SetHTTPClient(&http.Client{Transport: &http.Transport{
	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}})

event1 := hec.NewEvent("event one")
event1.SetTime(time.Now())
event2 := hec.NewEvent("event two")
event2.SetTime(time.Now().Add(-time.Minute))

err := client.WriteBatch([]*hec.Event{event1, event2})
if err != nil {
	log.Fatal(err)
}

See hec.go for more usages.

Documentation ¶

Index ¶

Constants
Variables
func String(str string) *string
type Client
type Cluster
type Event
- func NewEvent(data interface{}) *Event
type EventMetadata
type HEC
- func NewClient(serverURL string, token string) HEC
- func NewCluster(serverURLs []string, token string) HEC
type Response
- func (res *Response) Error() string
- func (res *Response) String() string

Constants ¶

View Source

const (
	StatusSuccess              = 0
	StatusTokenDisabled        = 1
	StatusTokenRequired        = 2
	StatusInvalidAuthorization = 3
	StatusInvalidToken         = 4
	StatusNoData               = 5
	StatusInvalidDataFormat    = 6
	StatusIncorrectIndex       = 7
	StatusInternalServerError  = 8
	StatusServerBusy           = 9
	StatusChannelMissing       = 10
	StatusInvalidChannel       = 11
	StatusEventFieldRequired   = 12
	StatusEventFieldBlank      = 13
	StatusAckDisabled          = 14
)

Response status codes

Variables ¶

View Source

var ErrEventTooLong = errors.New("Event length is too long")

Functions ¶

func String ¶

func String(str string) *string

Types ¶

type Client ¶

type Client struct {
	HEC
	// contains filtered or unexported fields
}

func (*Client) SetChannel ¶

func (hec *Client) SetChannel(channel string)

func (*Client) SetCompression ¶ added in v0.4.0

func (hec *Client) SetCompression(compression string)

func (*Client) SetHTTPClient ¶

func (hec *Client) SetHTTPClient(client *http.Client)

func (*Client) SetKeepAlive ¶

func (hec *Client) SetKeepAlive(enable bool)

func (*Client) SetMaxContentLength ¶ added in v0.3.0

func (hec *Client) SetMaxContentLength(size int)

func (*Client) SetMaxRetry ¶ added in v0.2.0

func (hec *Client) SetMaxRetry(retries int)

func (*Client) WaitForAcknowledgement ¶ added in v0.4.0

func (hec *Client) WaitForAcknowledgement() error

WaitForAcknowledgement blocks until the Splunk indexer has acknowledged that all previously submitted data has been successfully indexed or if the default acknowledgement timeout is reached. This requires the HEC token configuration in Splunk to have indexer acknowledgement enabled.

func (*Client) WaitForAcknowledgementWithContext ¶ added in v0.4.0

func (hec *Client) WaitForAcknowledgementWithContext(ctx context.Context) error

WaitForAcknowledgementWithContext blocks until the Splunk indexer has acknowledged that all previously submitted data has been successfully indexed or if the provided context is cancelled. This requires the HEC token configuration in Splunk to have indexer acknowledgement enabled.

func (*Client) WriteBatch ¶

func (hec *Client) WriteBatch(events []*Event) error

func (*Client) WriteBatchWithContext ¶ added in v0.4.0

func (hec *Client) WriteBatchWithContext(ctx context.Context, events []*Event) error

func (*Client) WriteEvent ¶

func (hec *Client) WriteEvent(event *Event) error

func (*Client) WriteEventWithContext ¶ added in v0.4.0

func (hec *Client) WriteEventWithContext(ctx context.Context, event *Event) error

func (*Client) WriteRaw ¶

func (hec *Client) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error

func (*Client) WriteRawWithContext ¶ added in v0.4.0

func (hec *Client) WriteRawWithContext(ctx context.Context, reader io.ReadSeeker, metadata *EventMetadata) error

type Cluster ¶

type Cluster struct {
	HEC
	// contains filtered or unexported fields
}

func (*Cluster) SetChannel ¶

func (c *Cluster) SetChannel(channel string)

func (*Cluster) SetCompression ¶ added in v0.4.0

func (c *Cluster) SetCompression(compression string)

func (*Cluster) SetHTTPClient ¶

func (c *Cluster) SetHTTPClient(httpClient *http.Client)

func (*Cluster) SetKeepAlive ¶

func (c *Cluster) SetKeepAlive(enable bool)

func (*Cluster) SetMaxContentLength ¶ added in v0.3.0

func (c *Cluster) SetMaxContentLength(size int)

func (*Cluster) SetMaxRetry ¶ added in v0.2.0

func (c *Cluster) SetMaxRetry(retries int)

func (*Cluster) WriteBatch ¶

func (c *Cluster) WriteBatch(events []*Event) error

func (*Cluster) WriteEvent ¶

func (c *Cluster) WriteEvent(event *Event) error

func (*Cluster) WriteRaw ¶

func (c *Cluster) WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error

type Event ¶

type Event struct {
	Host       *string                `json:"host,omitempty"`
	Index      *string                `json:"index,omitempty"`
	Source     *string                `json:"source,omitempty"`
	SourceType *string                `json:"sourcetype,omitempty"`
	Time       *string                `json:"time,omitempty"`
	Fields     map[string]interface{} `json:"fields,omitempty"`
	Event      interface{}            `json:"event"`
}

func NewEvent ¶

func NewEvent(data interface{}) *Event

func (*Event) SetField ¶ added in v0.4.0

func (e *Event) SetField(fieldName string, val interface{})

func (*Event) SetFields ¶ added in v0.4.0

func (e *Event) SetFields(fields map[string]interface{})

func (*Event) SetHost ¶

func (e *Event) SetHost(host string)

func (*Event) SetIndex ¶

func (e *Event) SetIndex(index string)

func (*Event) SetSource ¶

func (e *Event) SetSource(source string)

func (*Event) SetSourceType ¶

func (e *Event) SetSourceType(sourcetype string)

func (*Event) SetTime ¶

func (e *Event) SetTime(time time.Time)

type EventMetadata ¶

type EventMetadata struct {
	Host       *string
	Index      *string
	Source     *string
	SourceType *string
	Time       *time.Time
}

type HEC ¶

type HEC interface {
	SetHTTPClient(client *http.Client)
	SetKeepAlive(enable bool)
	SetChannel(channel string)
	SetMaxRetry(retries int)
	SetMaxContentLength(size int)
	SetCompression(compression string)

	// WriteEvent writes single event via HEC json mode
	WriteEvent(event *Event) error

	// WriteBatch writes multiple events via HCE batch mode
	WriteBatch(events []*Event) error

	// WriteBatchWithContext writes multiple events via HEC batch mode with a context for cancellation
	WriteBatchWithContext(ctx context.Context, events []*Event) error

	// WriteRaw writes raw data stream via HEC raw mode
	WriteRaw(reader io.ReadSeeker, metadata *EventMetadata) error

	// WriteRawWithContext writes raw data stream via HEC raw mode with a context for cancellation
	WriteRawWithContext(ctx context.Context, reader io.ReadSeeker, metadata *EventMetadata) error

	// WaitForAcknowledgement blocks until the Splunk indexer acknowledges data sent to it
	WaitForAcknowledgement() error

	// WaitForAcknowledgementWithContext blocks until the Splunk indexer acknowledges data sent to it with a context for cancellation
	WaitForAcknowledgementWithContext(ctx context.Context) error
}

func NewClient ¶

func NewClient(serverURL string, token string) HEC

func NewCluster ¶

func NewCluster(serverURLs []string, token string) HEC

type Response ¶

type Response struct {
	Text  string          `json:"text"`
	Code  int             `json:"code"`
	AckID *int            `json:"ackId"` // Use a pointer so we can differentiate between a 0 and an ack ID not being specified
	Acks  map[string]bool `json:"acks"`  // Splunk returns ack IDs as strings rather than ints
}

Response is response message from HEC. For example, `{"text":"Success","code":0}`.

func (*Response) Error ¶

func (res *Response) Error() string

func (*Response) String ¶

func (res *Response) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL