Documentation
¶
Index ¶
- type Client
- func (c *Client) Log(event interface{}) error
- func (c *Client) LogEvent(e *Event) error
- func (c *Client) LogEvents(events []*Event) error
- func (c *Client) LogWithTime(t time.Time, event interface{}) error
- func (c *Client) NewEvent(event interface{}, source string, sourcetype string, index string) *Event
- func (c *Client) NewEventWithTime(t time.Time, event interface{}, source string, sourcetype string, index string) *Event
- func (c *Client) Writer() io.Writer
- type Event
- type EventCollectorResponse
- type EventTime
- type StatusCode
- type Writer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
HTTPClient *http.Client // HTTP client used to communicate with the API
URL string
Hostname string
Token string
Source string //Default source
SourceType string //Default source type
Index string //Default index
}
Client manages communication with Splunk's HTTP Event Collector. New client objects should be created using the NewClient function.
The URL field must be defined and pointed at a Splunk servers Event Collector port (i.e. https://{your-splunk-URL}:8088/services/collector). The Token field must be defined with your access token to the Event Collector.
func NewClient ¶
func NewClient(httpClient *http.Client, URL string, Token string, Source string, SourceType string, Index string) *Client
NewClient creates a new client to Splunk. This should be the primary way a Splunk client object is constructed.
If an httpClient object is specified it will be used instead of the default http.DefaultClient.
func (*Client) Log ¶
Client.Log is used to construct a new log event and POST it to the Splunk server.
All that must be provided for a log event are the desired map[string]string key/val pairs. These can be anything that provide context or information for the situation you are trying to log (i.e. err messages, status codes, etc). The function auto-generates the event timestamp and hostname for you.
func (*Client) LogEvents ¶
Client.LogEvents is used to POST multiple events with a single request to the Splunk server.
func (*Client) LogWithTime ¶
Client.LogWithTime is used to construct a new log event with a specified timestamp and POST it to the Splunk server.
This is similar to Client.Log, just with the t parameter.
func (*Client) NewEvent ¶
NewEvent creates a new log event to send to Splunk. This should be the primary way a Splunk log object is constructed, and is automatically called by the Log function attached to the client. This method takes the current timestamp for the event, meaning that the event is generated at runtime.
func (*Client) NewEventWithTime ¶
func (c *Client) NewEventWithTime(t time.Time, event interface{}, source string, sourcetype string, index string) *Event
NewEventWithTime creates a new log event with a specified timetamp to send to Splunk. This is similar to NewEvent but if you want to log in a different time rather than time.Now this becomes handy. If that's the case, use this function to create the Event object and the the LogEvent function.
type Event ¶
type Event struct {
Time EventTime `json:"time"` // when the event happened
Host string `json:"host"` // hostname
Source string `json:"source,omitempty"` // optional description of the source of the event; typically the app's name
SourceType string `json:"sourcetype,omitempty"` // optional name of a Splunk parsing configuration; this is usually inferred by Splunk
Index string `json:"index,omitempty"` // optional name of the Splunk index to store the event in; not required if the token has a default index set in Splunk
Event interface{} `json:"event"` // throw any useful key/val pairs here
}
Event represents the log event object that is sent to Splunk when Client.Log is called.
type EventCollectorResponse ¶
type EventCollectorResponse struct {
Text string `json:"text"`
Code StatusCode `json:"code"`
InvalidEventNumber *int `json:"invalid-event-number"`
AckID *int `json:"ackId"`
}
EventCollectorResponse is the payload returned by the HTTP Event Collector in response to requests. https://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector
func (*EventCollectorResponse) Error ¶
func (r *EventCollectorResponse) Error() string
Error implements the error interface.
type EventTime ¶
EventTime marshals timestamps using the Splunk HTTP Event Collector's default format.
func (EventTime) MarshalJSON ¶
type StatusCode ¶
type StatusCode int8
StatusCode defines the meaning of responses returned by HTTP Event Collector endpoints.
const ( Success StatusCode = iota TokenDisabled TokenRequired InvalidAuthz InvalidToken NoData InvalidDataFormat IncorrectIndex InternalServerError ServerBusy DataChannelMissing InvalidDataChannel EventFieldRequired EventFieldBlank ACKDisabled ErrorHandlingIndexedFields QueryStringAuthzNotEnabled )
func (StatusCode) HTTPCode ¶
func (c StatusCode) HTTPCode() (code int, err error)
HTTPCode returns the HTTP code corresponding to the given StatusCode. It returns -1 and an error in case the HTTP status code can not be determined.
type Writer ¶
type Writer struct {
Client *Client
// How often the write buffer should be flushed to splunk
FlushInterval time.Duration
// How many Write()'s before buffer should be flushed to splunk
FlushThreshold int
// Max number of retries we should do when we flush the buffer
MaxRetries int
// contains filtered or unexported fields
}
Writer is a threadsafe, aysnchronous splunk writer. It implements io.Writer for usage in logging libraries, or whatever you want to send to splunk :) Writer.Client's configuration determines what source, sourcetype & index will be used for events Example for logrus:
splunkWriter := &splunk.Writer {Client: client}
logrus.SetOutput(io.MultiWriter(os.Stdout, splunkWriter))
Source Files
Directories