splunk

package
v14.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2021 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewSplunkSpanSink

func NewSplunkSpanSink(server string, token string, localHostname string, validateServerName string, log *logrus.Logger, ingestTimeout time.Duration, sendTimeout time.Duration, batchSize int, workers int, spanSampleRate int, maxConnLifetime time.Duration, connLifetimeJitter time.Duration) (sinks.SpanSink, error)

NewSplunkSpanSink constructs a new splunk span sink from the server name and token provided, using the local hostname configured for veneur. An optional argument, validateServerName is used (if non-empty) to instruct go to validate a different hostname than the one on the server URL. The spanSampleRate is an integer. For any given trace ID, the probability that all spans in the trace will be chosen for the sample is 1/spanSampleRate. Sampling is performed on the trace ID, so either all spans within a given trace will be chosen, or none will.

func String

func String(str string) *string

Types

type Event

type Event struct {
	Host       *string     `json:"host,omitempty"`
	Index      *string     `json:"index,omitempty"`
	Source     *string     `json:"source,omitempty"`
	SourceType *string     `json:"sourcetype,omitempty"`
	Time       *string     `json:"time,omitempty"`
	Event      interface{} `json:"event"`
}

func NewEvent

func NewEvent(data interface{}) *Event

func (*Event) SetHost

func (e *Event) SetHost(host string)

func (*Event) SetIndex

func (e *Event) SetIndex(index string)

func (*Event) SetSource

func (e *Event) SetSource(source string)

func (*Event) SetSourceType

func (e *Event) SetSourceType(sourcetype string)

func (*Event) SetTime

func (e *Event) SetTime(time time.Time)

type Response

type Response struct {
	Text               string `json:"text,omitempty"`
	Code               int    `json:"code"`
	InvalidEventNumber *int   `json:"invalid-event-number,omitempty"`
}

Response represents the JSON-parseable response from a splunk HEC server.

type SerializedSSF

type SerializedSSF struct {
	TraceId        string            `json:"trace_id"`
	Id             string            `json:"id"`
	ParentId       string            `json:"parent_id"`
	StartTimestamp float64           `json:"start_timestamp"`
	EndTimestamp   float64           `json:"end_timestamp"`
	Duration       int64             `json:"duration_ns"`
	Error          bool              `json:"error"`
	Service        string            `json:"service"`
	Tags           map[string]string `json:"tags"`
	Indicator      bool              `json:"indicator"`
	Name           string            `json:"name"`
	Partial        *bool             `json:"partial,omitempty"`
}

SerializedSSF holds a set of fields in a format that Splunk can handle (it can't handle int64s, and we don't want to round our traceID to the thousands place). This is mildly redundant, but oh well.

type TestableSplunkSpanSink

type TestableSplunkSpanSink interface {
	sinks.SpanSink

	// Stop shuts down the sink's submission workers by finishing
	// each worker's last submission HTTP request.
	Stop()

	// Sync instructs all submission workers to finish submitting
	// their current request and start a new one. It returns when
	// the last worker's submission is done.
	Sync()
}

TestableSplunkSpanSink provides methods that are useful for testing a splunk span sink.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL