flow.record.adapter.splunk

Module Contents

Classes

Protocol

Generic enumeration.

SourceType

Generic enumeration.

SplunkWriter

SplunkReader

Functions

escape_field_name

record_to_splunk_kv_line

record_to_splunk_json

record_to_splunk_http_api_json

record_to_splunk_tcp_api_json

Attributes

HAS_HTTPX

__usage__

log

RECORD_BUFFER_LIMIT

RESERVED_SPLUNK_FIELDS

RESERVED_SPLUNK_APP_FIELDS

RESERVED_RDUMP_FIELDS

RESERVED_FIELDS

ESCAPE

flow.record.adapter.splunk.HAS_HTTPX = True
flow.record.adapter.splunk.__usage__ = Multiline-String
Show Value
"""
Splunk output adapter (writer only)
---
Write usage: rdump -w splunk+[PROTOCOL]://[IP]:[PORT]?tag=[TAG]&token=[TOKEN]&sourcetype=[SOURCETYPE]
[PROTOCOL]: Protocol to use for forwarding data. Can be tcp, http or https, defaults to tcp if omitted.
[IP]:[PORT]: ip and port to a splunk instance
[TAG]: optional value to add as "rdtag" output field when writing
[TOKEN]: Authentication token for sending data over HTTP(S)
[SOURCETYPE]: Set sourcetype of data. Defaults to records, but can also be set to JSON.
[SSL_VERIFY]: Whether to verify the server certificate when sending data over HTTPS. Defaults to True.
"""
flow.record.adapter.splunk.log
flow.record.adapter.splunk.RECORD_BUFFER_LIMIT = 20
flow.record.adapter.splunk.RESERVED_SPLUNK_FIELDS
flow.record.adapter.splunk.RESERVED_SPLUNK_APP_FIELDS
flow.record.adapter.splunk.RESERVED_RDUMP_FIELDS
flow.record.adapter.splunk.RESERVED_FIELDS
flow.record.adapter.splunk.ESCAPE = 'rd_'
class flow.record.adapter.splunk.Protocol

Bases: enum.Enum

Generic enumeration.

Derive from this class to define new enumerations.

HTTP = 'http'
HTTPS = 'https'
TCP = 'tcp'
class flow.record.adapter.splunk.SourceType

Bases: enum.Enum

Generic enumeration.

Derive from this class to define new enumerations.

JSON = 'json'
RECORDS = 'records'
flow.record.adapter.splunk.escape_field_name(field: str) str
flow.record.adapter.splunk.record_to_splunk_kv_line(record: flow.record.base.Record, tag: str | None = None) str
flow.record.adapter.splunk.record_to_splunk_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) dict
flow.record.adapter.splunk.record_to_splunk_http_api_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) str
flow.record.adapter.splunk.record_to_splunk_tcp_api_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) str
class flow.record.adapter.splunk.SplunkWriter(uri: str, tag: str | None = None, token: str | None = None, sourcetype: str | None = None, ssl_verify: bool = True, **kwargs)

Bases: flow.record.adapter.AbstractWriter

sock = None
session = None
protocol
host
port
tag = None
record_buffer = []
packer = None
json_converter = None
write(record: flow.record.base.Record) None

Write a record.

flush() None

Flush any buffered writes.

close() None

Close the Writer, no more writes will be possible.

class flow.record.adapter.splunk.SplunkReader(path: str, selector: str | None = None, **kwargs)

Bases: flow.record.adapter.AbstractReader