Skip to content
This repository has been archived by the owner on Dec 17, 2021. It is now read-only.

Commit

Permalink
fix: Add sourcetype to metrics
Browse files Browse the repository at this point in the history
fixup

Update hec_sender.py

Update hec_sender.py
  • Loading branch information
rfaircloth-splunk committed Nov 3, 2021
1 parent f890582 commit 6cf06e2
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ def build(self) -> dict:
class EventField(Enum):
TIME = "time"
SOURCETYPE = "sourcetype"
SOURCE = "source"
HOST = "host"
INDEX = "index"
EVENT = "event"
Expand Down
11 changes: 9 additions & 2 deletions splunk_connect_for_snmp_poller/manager/hec_sender.py
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,8 @@ def post_data_to_splunk_hec(
ir,
additional_metric_fields,
server_config,
mib_enricher,
one_time_flag=one_time_flag,
mib_enricher=mib_enricher,
)
else:
logger.debug("event index - %s", index["event_index"])
Expand Down Expand Up @@ -131,6 +132,7 @@ def init_builder_with_common_data(current_time, host, index) -> EventBuilder:
builder.add(EventField.TIME, current_time)
builder.add(EventField.HOST, host)
builder.add(EventField.INDEX, index)
builder.add(EventField.SOURCE, "sc4snmp")
return builder


Expand Down Expand Up @@ -183,13 +185,14 @@ def build_metric_data(
ir: InventoryRecord,
additional_metric_fields,
server_config,
one_time_flag=one_time_flag,
mib_enricher=None,
):
json_val = json.loads(variables_binds)
metric_name = json_val["metric_name"]
metric_value = json_val["_value"]
fields = {
"metric_name:" + metric_name: metric_value,
f"metric_name:{metric_name}": metric_value,
EventField.FREQUENCY.value: ir.frequency_str,
}
if mib_enricher:
Expand All @@ -200,6 +203,10 @@ def build_metric_data(

builder = init_builder_with_common_data(time.time(), host, index)
builder.add(EventField.EVENT, EventType.METRIC.value)
if one_time_flag:
builder.add(EventField.SOURCETYPE, "sc4snmp:metric:walk")
else:
builder.add(EventField.SOURCETYPE, "sc4snmp:metric")

extract_additional_properties(fields, metric_name, metric_value, server_config)

Expand Down

0 comments on commit 6cf06e2

Please sign in to comment.