class SemanticLogger::Appender::SplunkHttp
Attributes
index[RW]
source_type[RW]
Public Class Methods
new(token: nil, source_type: nil, index: nil, compress: true, **args, &block)
click to toggle source
Create Splunk
appender over persistent HTTP(S)
Parameters:
token: [String] Token created in Splunk for this HTTP Appender Mandatory. source_type: [String] Optional: Source type to display in Splunk index: [String] Optional: Name of a valid index for this message in Splunk. url: [String] Valid URL to post to. Example: http://example.com To enable SSL include https in the URL. Example: https://example.com verify_mode will default: OpenSSL::SSL::VERIFY_PEER application: [String] Name of this application to appear in log messages. Default: SemanticLogger.application host: [String] Name of this host to appear in log messages. Default: SemanticLogger.host compress: [true|false] Splunk supports HTTP Compression, enable by default. Default: true ssl: [Hash] Specific SSL options: For more details see NET::HTTP.start ca_file, ca_path, cert, cert_store, ciphers, key, open_timeout, read_timeout, ssl_timeout, ssl_version, use_ssl, verify_callback, verify_depth and verify_mode. level: [:trace | :debug | :info | :warn | :error | :fatal] Override the log level for this appender. Default: SemanticLogger.default_level formatter: [Object|Proc] An instance of a class that implements #call, or a Proc to be used to format the output from this appender Default: Use the built-in formatter (See: #call) filter: [Regexp|Proc] RegExp: Only include log messages where the class name matches the supplied. regular expression. All other messages will be ignored. Proc: Only include log messages where the supplied Proc returns true The Proc must return true or false.
Calls superclass method
SemanticLogger::Appender::Http::new
# File lib/semantic_logger/appender/splunk_http.rb, line 71 def initialize(token: nil, source_type: nil, index: nil, compress: true, **args, &block) @source_type = source_type @index = index super(compress: compress, **args, &block) # Put splunk auth token in the header of every HTTP post. @header["Authorization"] = "Splunk #{token}" end
Public Instance Methods
call(log, logger)
click to toggle source
Returns [String] JSON to send to Splunk
.
For splunk format requirements see:
https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector
# File lib/semantic_logger/appender/splunk_http.rb, line 91 def call(log, logger) h = SemanticLogger::Formatters::Raw.new(time_format: :seconds).call(log, logger) h.delete(:host) message = { source: logger.application, host: logger.host, time: h.delete(:time), event: h } message[:sourcetype] = source_type if source_type message[:index] = index if index message.to_json end