gosplunk

module
v0.0.0-...-173f345 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2018 License: Apache-2.0

README

Go Report Card Build Status Hex.pm

Golang Client Libraries for Splunk

HTTP Event Collector Client Library

Splunk's HTTP Event Collector (HEC) is an endpoint allowing sending messages to Splunk via RESTful API using HTTP/S transport. The endpoint identifies its clients based on a token the clients' provide. A Splunk administrator configures tokens under "Add Data", "HTTP Event Collector". Once configured, the administrator provides the token to a client application.

By default, the HTTP Event Collector receives data over HTTPS on TCP port 8088.

If necessary, enable HEC tokens by running the following command on the server:

curl -k -X "POST" -u admin:password https://localhost:8089/servicesNS/admin/splunk_httpinput/data/inputs/http/http/enable
Getting Started

If necessary, create HEC token:

HTTP Event Collector Tokens

The "Input Settings" for the HEC are:

  • Source Type: Automatic
  • App context: Search & Reporting
  • Index: main

HTTP Event Collector Token Configuration

Prior to connecting to HEC, check its availability:

echo -n | openssl s_client -showcerts -connect splunk:8088

The expected result would look like this:

CONNECTED(00000003)
depth=1 C = US, ST = CA, L = San Francisco, O = Splunk, CN = SplunkCommonCA, emailAddress = [email protected]
verify error:num=19:self signed certificate in certificate chain
---
Certificate chain
 0 s:/CN=SplunkServerDefaultCert/O=SplunkUser
    i:/C=US/ST=CA/L=San Francisco/O=Splunk/CN=SplunkCommonCA/[email protected]

Next, create a configuration file at ~/.splunk.hec.yaml with the following contents:

---
collector:
  host: 'splunk'
  port: 8088
  token: '61876693-4758-4f45-bca7-c910ccc746eb'

Then, compile and run this example:

make
bin/http-event-collector-client

The expected output follows. Here, the client sends a message, plus two event fields: foo and bar:

$ bin/http-event-collector-client
DEBU[0000] splunk-http-collector-client: proto=https
DEBU[0000] splunk-http-collector-client: host=splunk
DEBU[0000] splunk-http-collector-client: port=8088
DEBU[0000] splunk-http-collector-client: token=61876693-4758-4f45-bca7-c910ccc746eb
DEBU[0000] splunk-http-collector-client: timeout=5
DEBU[0000] splunk-http-collector-client: endpoint.health=https://splunk:8088/services/collector/health
DEBU[0000] splunk-http-collector-client: endpoint.event=https://splunk:8088/services/collector/event
DEBU[0000] splunk-http-collector-client: endpoint.raw=https://splunk:8088/services/collector/raw
DEBU[0000] splunk-http-collector-client: url=https://splunk:8088/services/collector/health
DEBU[0000] splunk-http-collector-client: status=200 OK
DEBU[0000] splunk-http-collector-client: HEC is available and accepting input
DEBU[0000] splunk-http-collector-client: code=17, text=HEC is healthy
DEBU[0000] message="{ test message on 2018-08-07 09:42:03.651128622 -0400 EDT m=+0.067162200" map[foo:bar bar:foo]     0}"
DEBU[0000] splunk-http-collector-client: url=https://splunk:8088/services/collector/event
DEBU[0000] splunk-http-collector-client: status=200 OK
DEBU[0000] splunk-http-collector-client: code=0, text=Success

Once successful, the Splunk would have the following indexed event:

HTTP Event Collector Indexed Event

References

Directories

Path Synopsis
http-event-collector
client
Package client implements Splunk's HTTP Event Collector (EC) client.
 Package client implements Splunk's HTTP Event Collector (EC) client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.