:py:mod:`flow.record.adapter.splunk` ==================================== .. py:module:: flow.record.adapter.splunk Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: flow.record.adapter.splunk.Protocol flow.record.adapter.splunk.SourceType flow.record.adapter.splunk.SplunkWriter flow.record.adapter.splunk.SplunkReader Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: flow.record.adapter.splunk.escape_field_name flow.record.adapter.splunk.record_to_splunk_kv_line flow.record.adapter.splunk.record_to_splunk_json flow.record.adapter.splunk.record_to_splunk_http_api_json flow.record.adapter.splunk.record_to_splunk_tcp_api_json Attributes ~~~~~~~~~~ .. autoapisummary:: flow.record.adapter.splunk.HAS_HTTPX flow.record.adapter.splunk.__usage__ flow.record.adapter.splunk.log flow.record.adapter.splunk.RECORD_BUFFER_LIMIT flow.record.adapter.splunk.RESERVED_SPLUNK_FIELDS flow.record.adapter.splunk.RESERVED_SPLUNK_APP_FIELDS flow.record.adapter.splunk.RESERVED_RDUMP_FIELDS flow.record.adapter.splunk.RESERVED_FIELDS flow.record.adapter.splunk.ESCAPE .. py:data:: HAS_HTTPX :value: True .. py:data:: __usage__ :value: Multiline-String .. raw:: html
Show Value .. code-block:: python """ Splunk output adapter (writer only) --- Write usage: rdump -w splunk+[PROTOCOL]://[IP]:[PORT]?tag=[TAG]&token=[TOKEN]&sourcetype=[SOURCETYPE] [PROTOCOL]: Protocol to use for forwarding data. Can be tcp, http or https, defaults to tcp if omitted. [IP]:[PORT]: ip and port to a splunk instance [TAG]: optional value to add as "rdtag" output field when writing [TOKEN]: Authentication token for sending data over HTTP(S) [SOURCETYPE]: Set sourcetype of data. Defaults to records, but can also be set to JSON. [SSL_VERIFY]: Whether to verify the server certificate when sending data over HTTPS. Defaults to True. """ .. raw:: html
.. py:data:: log .. py:data:: RECORD_BUFFER_LIMIT :value: 20 .. py:data:: RESERVED_SPLUNK_FIELDS .. py:data:: RESERVED_SPLUNK_APP_FIELDS .. py:data:: RESERVED_RDUMP_FIELDS .. py:data:: RESERVED_FIELDS .. py:data:: ESCAPE :value: 'rd_' .. py:class:: Protocol Bases: :py:obj:`enum.Enum` Generic enumeration. Derive from this class to define new enumerations. .. py:attribute:: HTTP :value: 'http' .. py:attribute:: HTTPS :value: 'https' .. py:attribute:: TCP :value: 'tcp' .. py:class:: SourceType Bases: :py:obj:`enum.Enum` Generic enumeration. Derive from this class to define new enumerations. .. py:attribute:: JSON :value: 'json' .. py:attribute:: RECORDS :value: 'records' .. py:function:: escape_field_name(field: str) -> str .. py:function:: record_to_splunk_kv_line(record: flow.record.base.Record, tag: str | None = None) -> str .. py:function:: record_to_splunk_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) -> dict .. py:function:: record_to_splunk_http_api_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) -> str .. py:function:: record_to_splunk_tcp_api_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) -> str .. py:class:: SplunkWriter(uri: str, tag: str | None = None, token: str | None = None, sourcetype: str | None = None, ssl_verify: bool = True, **kwargs) Bases: :py:obj:`flow.record.adapter.AbstractWriter` .. py:attribute:: sock :value: None .. py:attribute:: session :value: None .. py:attribute:: protocol .. py:attribute:: host :value: None .. py:attribute:: port .. py:attribute:: tag :value: None .. py:attribute:: record_buffer :value: [] .. py:attribute:: packer :value: None .. py:attribute:: json_converter :value: None .. py:method:: write(record: flow.record.base.Record) -> None Write a record. .. py:method:: flush() -> None Flush any buffered writes. .. py:method:: close() -> None Close the Writer, no more writes will be possible. .. py:class:: SplunkReader(path: str, selector: str | None = None, **kwargs) Bases: :py:obj:`flow.record.adapter.AbstractReader`