diff options
Diffstat (limited to 'fluent-bit/plugins/out_splunk/splunk.h')
-rw-r--r-- | fluent-bit/plugins/out_splunk/splunk.h | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/fluent-bit/plugins/out_splunk/splunk.h b/fluent-bit/plugins/out_splunk/splunk.h new file mode 100644 index 00000000..eef8fa8b --- /dev/null +++ b/fluent-bit/plugins/out_splunk/splunk.h @@ -0,0 +1,119 @@ +/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ + +/* Fluent Bit + * ========== + * Copyright (C) 2015-2022 The Fluent Bit Authors + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef FLB_OUT_SPLUNK +#define FLB_OUT_SPLUNK + +#define FLB_SPLUNK_DEFAULT_HOST "127.0.0.1" +#define FLB_SPLUNK_DEFAULT_PORT 8088 +#define FLB_SPLUNK_DEFAULT_URI_RAW "/services/collector/raw" +#define FLB_SPLUNK_DEFAULT_URI_EVENT "/services/collector/event" +#define FLB_SPLUNK_DEFAULT_TIME "time" +#define FLB_SPLUNK_DEFAULT_EVENT_HOST "host" +#define FLB_SPLUNK_DEFAULT_EVENT_SOURCE "source" +#define FLB_SPLUNK_DEFAULT_EVENT_SOURCET "sourcetype" +#define FLB_SPLUNK_DEFAULT_EVENT_INDEX "index" +#define FLB_SPLUNK_DEFAULT_EVENT_FIELDS "fields" +#define FLB_SPLUNK_DEFAULT_EVENT "event" +#define FLB_SPLUNK_DEFAULT_HTTP_MAX "2M" + +#define FLB_SPLUNK_CHANNEL_IDENTIFIER_HEADER "X-Splunk-Request-Channel" + +#include <fluent-bit/flb_output_plugin.h> +#include <fluent-bit/flb_sds.h> +#include <fluent-bit/flb_record_accessor.h> + +struct flb_splunk_field { + flb_sds_t key_name; + struct flb_record_accessor *ra; + struct mk_list _head; +}; + +struct flb_splunk { + /* Payload compression */ + int compress_gzip; + + /* HTTP Auth */ + char *http_user; + char *http_passwd; + + /* Event key */ + flb_sds_t event_key; + struct flb_record_accessor *ra_event_key; + + /* Event host */ + flb_sds_t event_host; + struct flb_record_accessor *ra_event_host; + + /* Event source */ + flb_sds_t event_source; + struct flb_record_accessor *ra_event_source; + + /* + * NOTE: EVENT SOURCE + * ------------------- + * we use two separate variables since we aim to specify a default in case + * a record accessor pattern is given but not found. The event_sourcetype_key + * has precedence over th the 'event_sourcetype' variable. + */ + + /* Event sourcetype */ + flb_sds_t event_sourcetype; + + /* Event sourcetype record key */ + flb_sds_t event_sourcetype_key; + struct flb_record_accessor *ra_event_sourcetype_key; + + /* Event index */ + flb_sds_t event_index; + + /* Event sourcetype record key */ + flb_sds_t event_index_key; + struct flb_record_accessor *ra_event_index_key; + + /* Event fields */ + struct mk_list *event_fields; + + /* Internal/processed event fields */ + struct mk_list fields; + + /* Token Auth */ + flb_sds_t auth_header; + + /* Channel identifier */ + flb_sds_t channel; + size_t channel_len; + + /* Send fields directly or pack data into "event" object */ + int splunk_send_raw; + + /* HTTP Client Setup */ + size_t buffer_size; + + /* HTTP: Debug bad requests (HTTP status 400) to stdout */ + int http_debug_bad_request; + + /* Upstream connection to the backend server */ + struct flb_upstream *u; + + /* Plugin instance */ + struct flb_output_instance *ins; +}; + +#endif |