Class: SemanticLogger::Appender::SplunkHttp

Inherits:
Http show all
Defined in:
lib/semantic_logger/appender/splunk_http.rb

Instance Attribute Summary collapse

Attributes inherited from Http

#compress, #continue_timeout, #header, #http, #open_timeout, #path, #port, #read_timeout, #server, #ssl_options, #url, #username

Attributes inherited from Subscriber

#application, #formatter, #host, #logger, #metrics

Attributes inherited from Base

#filter, #name

Instance Method Summary collapse

Methods inherited from Http

#log, #reopen

Methods inherited from Subscriber

#close, #default_formatter, #flush, #level, #should_log?

Methods inherited from Base

#backtrace, #fast_tag, #level, #level=, #log, #measure, #payload, #pop_tags, #push_tags, #should_log?, #silence, #tagged, #tags, #with_payload

Constructor Details

#initialize(token: nil, source_type: nil, index: nil, compress: true, **args, &block) ⇒ SplunkHttp

Create Splunk appender over persistent HTTP(S)

Parameters:

token: [String]
  Token created in Splunk for this HTTP Appender
  Mandatory.

source_type: [String]
  Optional: Source type to display in Splunk

index: [String]
  Optional: Name of a valid index for this message in Splunk.

url: [String]
  Valid URL to post to.
    Example: http://example.com
  To enable SSL include https in the URL.
    Example: https://example.com
    verify_mode will default: OpenSSL::SSL::VERIFY_PEER

application: [String]
  Name of this application to appear in log messages.
  Default: SemanticLogger.application

host: [String]
  Name of this host to appear in log messages.
  Default: SemanticLogger.host

compress: [true|false]
  Splunk supports HTTP Compression, enable by default.
  Default: true

ssl: [Hash]
  Specific SSL options: For more details see NET::HTTP.start
    ca_file, ca_path, cert, cert_store, ciphers, key, open_timeout, read_timeout, ssl_timeout,
    ssl_version, use_ssl, verify_callback, verify_depth and verify_mode.

level: [:trace | :debug | :info | :warn | :error | :fatal]
  Override the log level for this appender.
  Default: SemanticLogger.default_level

formatter: [Object|Proc]
  An instance of a class that implements #call, or a Proc to be used to format
  the output from this appender
  Default: Use the built-in formatter (See: #call)

filter: [Regexp|Proc]
  RegExp: Only include log messages where the class name matches the supplied.
  regular expression. All other messages will be ignored.
  Proc: Only include log messages where the supplied Proc returns true
        The Proc must return true or false.



71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 71

def initialize(token: nil,
               source_type: nil,
               index: nil,
               compress: true,
               **args,
               &block)

  @source_type = source_type
  @index       = index

  super(compress: compress, **args, &block)

  # Put splunk auth token in the header of every HTTP post.
  @header['Authorization'] = "Splunk #{token}"
end

Instance Attribute Details

#indexObject

Returns the value of attribute index.



18
19
20
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 18

def index
  @index
end

#source_typeObject

Returns the value of attribute source_type.



18
19
20
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 18

def source_type
  @source_type
end

Instance Method Details

#call(log, logger) ⇒ Object

Returns [String] JSON to send to Splunk.

For splunk format requirements see:

http://dev.splunk.com/view/event-collector/SP-CAAAE6P



91
92
93
94
95
96
97
98
99
100
101
102
 
# File 'lib/semantic_logger/appender/splunk_http.rb', line 91

def call(log, logger)
  h                     = SemanticLogger::Formatters::Raw.new(time_format: :seconds).call(log, logger)
  message               = {
    source: logger.application,
    host:   logger.host,
    time:   h.delete(:time),
    event:  h
  }
  message[:source_type] = source_type if source_type
  message[:index]       = index if index
  message.to_json
end