Python Class for Sending Events to Splunk HTTP Event Collector
Version/Date: 1.5 2018-03-16
Author: George Starcher (starcher) Email: email@example.com
Thanks to Chandler Newby for getting this into the threaded design. Thanks to Paul Miller for the pip support.
This code is presented AS IS under MIT license.
This is a python class file for use with other python scripts to send events to a Splunk http event collector.
- Splunk v6.3.X+
- Splunk v6.4.X+ for the raw input option
Using this Python Class
You will need to put this with any other code and import the class as needed. Instantiate a copy of the http_event_collector object and use to generate and submit payloads as you see in the example main() method.
Configuration: With pip
pip install git+git://github.com/georgestarcher/Splunk-Class-httpevent.git
Once installed you can start python then
from splunk_http_event_collector import http_event_collector help(http_event_collector)
HEC Collector level index and sourcetype
hec_server.index = "test" hec_server.sourcetype = "syslog"
This works for either RAW or JSON. JSON has the option of the normal existing behavior to override per event by placing in the payload as shown in example.py
- You can use the sendEvent() method to send data immediately.
- It is more efficient to use the batchEvent() and flushBatch() methods to submit multiple events at once across multiple threads.
- You must call flushBatch() if using batchEvent() or you risk exiting your code before all threads have flushed their data to Splunk.
- There is now an optional input_type when declaring your HEC server. It defaults to the normal JSON event format but adds raw support.
- Added a pop null fields option. Defaults to False to preserve existing class behavior.