splunk

package module
Version: v2.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 19, 2021 License: MIT Imports: 13 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Client

type Client struct {
	HTTPClient *http.Client // HTTP client used to communicate with the API
	URL        string
	Hostname   string
	Token      string
	Source     string //Default source
	SourceType string //Default source type
	Index      string //Default index
}

Client manages communication with Splunk's HTTP Event Collector. New client objects should be created using the NewClient function.

The URL field must be defined and pointed at a Splunk servers Event Collector port (i.e. https://{your-splunk-URL}:8088/services/collector). The Token field must be defined with your access token to the Event Collector.

func NewClient

func NewClient(httpClient *http.Client, URL string, Token string, Source string, SourceType string, Index string) *Client

NewClient creates a new client to Splunk. This should be the primary way a Splunk client object is constructed.

If an httpClient object is specified it will be used instead of the default http.DefaultClient.

func (*Client) Log

func (c *Client) Log(event interface{}) error

Client.Log is used to construct a new log event and POST it to the Splunk server.

All that must be provided for a log event are the desired map[string]string key/val pairs. These can be anything that provide context or information for the situation you are trying to log (i.e. err messages, status codes, etc). The function auto-generates the event timestamp and hostname for you.

func (*Client) LogEvent

func (c *Client) LogEvent(e *Event) error

Client.LogEvent is used to POST a single event to the Splunk server.

func (*Client) LogEvents

func (c *Client) LogEvents(events []*Event) error

Client.LogEvents is used to POST multiple events with a single request to the Splunk server.

func (*Client) LogWithTime

func (c *Client) LogWithTime(t time.Time, event interface{}) error

Client.LogWithTime is used to construct a new log event with a specified timestamp and POST it to the Splunk server.

This is similar to Client.Log, just with the t parameter.

func (*Client) NewEvent

func (c *Client) NewEvent(event interface{}, source string, sourcetype string, index string) *Event

NewEvent creates a new log event to send to Splunk. This should be the primary way a Splunk log object is constructed, and is automatically called by the Log function attached to the client. This method takes the current timestamp for the event, meaning that the event is generated at runtime.

func (*Client) NewEventWithTime

func (c *Client) NewEventWithTime(t time.Time, event interface{}, source string, sourcetype string, index string) *Event

NewEventWithTime creates a new log event with a specified timetamp to send to Splunk. This is similar to NewEvent but if you want to log in a different time rather than time.Now this becomes handy. If that's the case, use this function to create the Event object and the the LogEvent function.

func (*Client) Writer

func (c *Client) Writer() io.Writer

Writer is a convience method for creating an io.Writer from a Writer with default values

type Event

type Event struct {
	Time       EventTime   `json:"time"`                 // when the event happened
	Host       string      `json:"host"`                 // hostname
	Source     string      `json:"source,omitempty"`     // optional description of the source of the event; typically the app's name
	SourceType string      `json:"sourcetype,omitempty"` // optional name of a Splunk parsing configuration; this is usually inferred by Splunk
	Index      string      `json:"index,omitempty"`      // optional name of the Splunk index to store the event in; not required if the token has a default index set in Splunk
	Event      interface{} `json:"event"`                // throw any useful key/val pairs here
}

Event represents the log event object that is sent to Splunk when Client.Log is called.

type EventCollectorResponse

type EventCollectorResponse struct {
	Text               string     `json:"text"`
	Code               StatusCode `json:"code"`
	InvalidEventNumber *int       `json:"invalid-event-number"`
	AckID              *int       `json:"ackId"`
}

EventCollectorResponse is the payload returned by the HTTP Event Collector in response to requests. https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector

func (*EventCollectorResponse) Error

func (r *EventCollectorResponse) Error() string

Error implements the error interface.

type EventTime

type EventTime struct {
	time.Time
}

EventTime marshals timestamps using the Splunk HTTP Event Collector's default format.

func (EventTime) MarshalJSON

func (t EventTime) MarshalJSON() ([]byte, error)

type StatusCode

type StatusCode int8

StatusCode defines the meaning of responses returned by HTTP Event Collector endpoints.

const (
	Success StatusCode = iota
	TokenDisabled
	TokenRequired
	InvalidAuthz
	InvalidToken
	NoData
	InvalidDataFormat
	IncorrectIndex
	InternalServerError
	ServerBusy
	DataChannelMissing
	InvalidDataChannel
	EventFieldRequired
	EventFieldBlank
	ACKDisabled
	ErrorHandlingIndexedFields
	QueryStringAuthzNotEnabled
)

func (StatusCode) HTTPCode

func (c StatusCode) HTTPCode() (code int, err error)

HTTPCode returns the HTTP code corresponding to the given StatusCode. It returns -1 and an error in case the HTTP status code can not be determined.

type Writer

type Writer struct {
	Client *Client
	// How often the write buffer should be flushed to splunk
	FlushInterval time.Duration
	// How many Write()'s before buffer should be flushed to splunk
	FlushThreshold int
	// Max number of retries we should do when we flush the buffer
	MaxRetries int
	// contains filtered or unexported fields
}

Writer is a threadsafe, aysnchronous splunk writer. It implements io.Writer for usage in logging libraries, or whatever you want to send to splunk :) Writer.Client's configuration determines what source, sourcetype & index will be used for events Example for logrus:

splunkWriter := &splunk.Writer {Client: client}
logrus.SetOutput(io.MultiWriter(os.Stdout, splunkWriter))

func (*Writer) Errors

func (w *Writer) Errors() <-chan error

Errors returns a buffered channel of errors. Might be filled over time, might not Useful if you want to record any errors hit when sending data to splunk

func (*Writer) Write

func (w *Writer) Write(b []byte) (int, error)

Writer asynchronously writes to splunk in batches

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL