This repository contains a small Flask app that acts as a Webhook. When this app receives a HTTP POST it will deserialize the form data and convert it into a Splunk Storm log event.
This app also supports receiving POSTs from the Cloudkick Changelog Tool 'ckl' via the /ckl/ endpoint.
- A Splunk Storm Account.
- A Python operating environment.
- A server on which to host this app.
- Possible servers are local, Heroku, App Engine, et al.
To use this app on Heroku:
-
Retrieve your Splunk Storm Access Token and Project ID.
-
Install & Configure the Heroku Toolbelt.
-
From within this directory create a Heroku app:
heroku create --stack cedar -
Set your Splunk Storm Access Token and Project ID as Heroku Config Variables:
heroku config:add SPLUNKSTORM_ACCESS_TOKEN=xxx heroku config:add SPLUNKSTORM_PROJECT_ID=yyy -
Optional Set a secret key for use with ckl clients:
heroku config:add CKL_SECRET_KEY=zzz -
Push this app to Heroku's git repository:
git push heroku master -
Your app will now be accessible to HTTP POST requests!
-
Set ckl's cloudkick.conf configuration to use this endpoint:
ckl_endpoint https://hot-dogs-123.herokuapp.com/ckl secret my-secret -
ckl away:
ckl -m 'this is a test message' ckl -sm 'this is a script recording session'
- Add a WebHook URL to a projects Service Hooks: https://hot-dogs-123.herokuapp.com/
To test and ensure this app is functioning properly you can try
variations of the following curl commands (given that your app is
hot-dogs-123.herokuapp.com):
curl -d '{"test_data": "this is test json data"}' http://hot-dogs-123.herokuapp.com/Should return: {"length": 39}
Your event should be viewable from the 'Explore Data' search:
Greg Albrecht gba@splunk.com
Website: http://ampledata.org/
Apache License 2.0.
Copyright 2012 Splunk, Inc.
ckl endpoint derived from Cloudkick's webapp.py. Copyright 2012 Cloudkick, Inc.
Splunk Storm Webhook 2.0.0