Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding splunk HEC support #179

Merged
merged 2 commits into from Sep 14, 2018
Merged

Adding splunk HEC support #179

merged 2 commits into from Sep 14, 2018

Conversation

FutureSharks
Copy link
Contributor

I built the container and tested it in our environment and it works well 馃檪

brennoo
brennoo approved these changes Aug 7, 2018
View reviewed changes
Copy link

@brennoo brennoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

馃帀

@max-rocket-internet
Copy link
Contributor

Hi @repeatedly could we get this PR merged?

@max-rocket-internet
Copy link
Contributor

Any update @repeatedly?

@repeatedly
Copy link
Member

Need debian images and please add your name to README's maintainer section:

https://github.com/fluent/fluentd-kubernetes-daemonset#maintainers

@FutureSharks @max-rocket-internet
Adding splunk HEC
3f8787e 
Signed-off-by: Max Williams <futuresharks@gmail.com>
@max-rocket-internet
Copy link
Contributor

@repeatedly done and done

@FutureSharks @max-rocket-internet
adding myself as maintainer for splunkhec
2d67abf 
adding Debian image

updating config for alpine image

Signed-off-by: Max Williams <max.williams@deliveryhero.com>
@repeatedly repeatedly merged commit f370b74 into fluent:master Sep 14, 2018
@repeatedly
Copy link
Member

sorry for the late. Merged!

@max-rocket-internet
Copy link
Contributor

No worries, thanks @repeatedly 馃檪

@cdaringe
Copy link

a little more documentation would go a long way here. ive been scratchin at this for a bit. i see in -vv mode some contact being made (but not showing up in my indicies), but not sure what else is needed. not sure what all switches i need to flip on for everything to be zen. anyway, thx for making the effort to get something out at all :)

@cdaringe
Copy link 

2018-12-15 07:16:03 +0000 [debug]: plugin/out_splunk_hec.rb:143:post_payload: Splunk response: {"text":"Success","code":0}

^ hundreds of these in the logs, but indicies all empty :( . i'd be super grateful for any hints!

@max-rocket-internet
Copy link
Contributor

@cdaringe it might help to rule out fluentd for now and just test your HEC with curl: http://dev.splunk.com/view/event-collector/SP-CAAAE7F

Then find your message in your Splunk, work out the index etc.

@cdaringe
Copy link

Thanks. I meant to follow up. This plugin was doing great work, but splunk was tossing away the data due to an issue I'm still working out. Thanks for the feedback!

@repeatedly repeatedly mentioned this pull request Jan 30, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@brennoo brennoo brennoo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@FutureSharks @max-rocket-internet @repeatedly @cdaringe @brennoo