fix: Add sourcetype to metrics

fixup Update hec_sender.py
splunk · Nov 3, 2021 · e32fc88 · e32fc88
1 parent f890582
commit e32fc88
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/splunk_connect_for_snmp_poller/manager/data/event_builder.py b/splunk_connect_for_snmp_poller/manager/data/event_builder.py
@@ -47,6 +47,7 @@ def build(self) -> dict:
 class EventField(Enum):
     TIME = "time"
     SOURCETYPE = "sourcetype"
+    SOURCE = "source"
     HOST = "host"
     INDEX = "index"
     EVENT = "event"

diff --git a/splunk_connect_for_snmp_poller/manager/hec_sender.py b/splunk_connect_for_snmp_poller/manager/hec_sender.py
@@ -131,6 +131,7 @@ def init_builder_with_common_data(current_time, host, index) -> EventBuilder:
     builder.add(EventField.TIME, current_time)
     builder.add(EventField.HOST, host)
     builder.add(EventField.INDEX, index)
+    builder.add(EventField.SOURCE, "sc4snmp")
     return builder
 
 
@@ -189,7 +190,7 @@ def build_metric_data(
     metric_name = json_val["metric_name"]
     metric_value = json_val["_value"]
     fields = {
-        "metric_name:" + metric_name: metric_value,
+        f"metric_name:{metric_name}": metric_value,
         EventField.FREQUENCY.value: ir.frequency_str,
     }
     if mib_enricher:
@@ -200,6 +201,7 @@ def build_metric_data(
 
     builder = init_builder_with_common_data(time.time(), host, index)
     builder.add(EventField.EVENT, EventType.METRIC.value)
+    builder.add(EventField.SOURCETYPE, "sc4snmp:metric")
 
     extract_additional_properties(fields, metric_name, metric_value, server_config)