summaryrefslogtreecommitdiffstats
path: root/fluent-bit/plugins/out_splunk/splunk.h
diff options
context:
space:
mode:
Diffstat (limited to 'fluent-bit/plugins/out_splunk/splunk.h')
-rw-r--r--fluent-bit/plugins/out_splunk/splunk.h119
1 files changed, 119 insertions, 0 deletions
diff --git a/fluent-bit/plugins/out_splunk/splunk.h b/fluent-bit/plugins/out_splunk/splunk.h
new file mode 100644
index 00000000..eef8fa8b
--- /dev/null
+++ b/fluent-bit/plugins/out_splunk/splunk.h
@@ -0,0 +1,119 @@
+/* -*- Mode: C; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+
+/* Fluent Bit
+ * ==========
+ * Copyright (C) 2015-2022 The Fluent Bit Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef FLB_OUT_SPLUNK
+#define FLB_OUT_SPLUNK
+
+#define FLB_SPLUNK_DEFAULT_HOST "127.0.0.1"
+#define FLB_SPLUNK_DEFAULT_PORT 8088
+#define FLB_SPLUNK_DEFAULT_URI_RAW "/services/collector/raw"
+#define FLB_SPLUNK_DEFAULT_URI_EVENT "/services/collector/event"
+#define FLB_SPLUNK_DEFAULT_TIME "time"
+#define FLB_SPLUNK_DEFAULT_EVENT_HOST "host"
+#define FLB_SPLUNK_DEFAULT_EVENT_SOURCE "source"
+#define FLB_SPLUNK_DEFAULT_EVENT_SOURCET "sourcetype"
+#define FLB_SPLUNK_DEFAULT_EVENT_INDEX "index"
+#define FLB_SPLUNK_DEFAULT_EVENT_FIELDS "fields"
+#define FLB_SPLUNK_DEFAULT_EVENT "event"
+#define FLB_SPLUNK_DEFAULT_HTTP_MAX "2M"
+
+#define FLB_SPLUNK_CHANNEL_IDENTIFIER_HEADER "X-Splunk-Request-Channel"
+
+#include <fluent-bit/flb_output_plugin.h>
+#include <fluent-bit/flb_sds.h>
+#include <fluent-bit/flb_record_accessor.h>
+
+struct flb_splunk_field {
+ flb_sds_t key_name;
+ struct flb_record_accessor *ra;
+ struct mk_list _head;
+};
+
+struct flb_splunk {
+ /* Payload compression */
+ int compress_gzip;
+
+ /* HTTP Auth */
+ char *http_user;
+ char *http_passwd;
+
+ /* Event key */
+ flb_sds_t event_key;
+ struct flb_record_accessor *ra_event_key;
+
+ /* Event host */
+ flb_sds_t event_host;
+ struct flb_record_accessor *ra_event_host;
+
+ /* Event source */
+ flb_sds_t event_source;
+ struct flb_record_accessor *ra_event_source;
+
+ /*
+ * NOTE: EVENT SOURCE
+ * -------------------
+ * we use two separate variables since we aim to specify a default in case
+ * a record accessor pattern is given but not found. The event_sourcetype_key
+ * has precedence over th the 'event_sourcetype' variable.
+ */
+
+ /* Event sourcetype */
+ flb_sds_t event_sourcetype;
+
+ /* Event sourcetype record key */
+ flb_sds_t event_sourcetype_key;
+ struct flb_record_accessor *ra_event_sourcetype_key;
+
+ /* Event index */
+ flb_sds_t event_index;
+
+ /* Event sourcetype record key */
+ flb_sds_t event_index_key;
+ struct flb_record_accessor *ra_event_index_key;
+
+ /* Event fields */
+ struct mk_list *event_fields;
+
+ /* Internal/processed event fields */
+ struct mk_list fields;
+
+ /* Token Auth */
+ flb_sds_t auth_header;
+
+ /* Channel identifier */
+ flb_sds_t channel;
+ size_t channel_len;
+
+ /* Send fields directly or pack data into "event" object */
+ int splunk_send_raw;
+
+ /* HTTP Client Setup */
+ size_t buffer_size;
+
+ /* HTTP: Debug bad requests (HTTP status 400) to stdout */
+ int http_debug_bad_request;
+
+ /* Upstream connection to the backend server */
+ struct flb_upstream *u;
+
+ /* Plugin instance */
+ struct flb_output_instance *ins;
+};
+
+#endif