Method: Splunk::Index#attach

Defined in:

lib/splunk-sdk-ruby/entity/index.rb

#attach(args = {}) ⇒ Object

Opens a socket to write events to this index.

Write events to the returned stream Socket, and Splunk will index the data. You can optionally pass a hash of host, source, and sourcetype arguments to be sent with every event.

Splunk may not index submitted events until the socket is closed or at least 1MB of data has been submitted.

You are responsible for closing the socket.

Note that SSLSocket and TCPSocket have incompatible APIs.

Returns: an SSLSocket or TCPSocket.

Example:

service = Splunk::connect(:username => 'admin', :password => 'foo')
stream = service.indexes['main'].attach(:sourcetype => 'mysourcetype')
(1..5).each { stream.write("This is a cheezy event\r\n") }
stream.close()

# File 'lib/splunk-sdk-ruby/entity/index.rb', line 53

def attach(args={})
  args[:index] = @name

  path = (@service.namespace.to_path_fragment() + ["receivers","stream"]).
      map {|fragment| URI::encode(fragment)}.
      join("/")
  query = URI.encode_www_form(args)

  cn = @service.connect
  headers = "POST /#{path}?#{query} HTTP/1.1\r\n" +
      "Host: #{@service.host}:#{@service.port}\r\n" +
      "Accept-Encoding: identity\r\n" +
      "Authorization: Splunk #{@service.token}\r\n" +
      "X-Splunk-Input-Mode: Streaming\r\n" +
      "\r\n"
  cn.write(headers)
  cn
end