From e32fc88360ea0287164871b894a9fcadea22c1f0 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Wed, 3 Nov 2021 07:57:18 -0400 Subject: [PATCH] fix: Add sourcetype to metrics fixup Update hec_sender.py --- splunk_connect_for_snmp_poller/manager/data/event_builder.py | 1 + splunk_connect_for_snmp_poller/manager/hec_sender.py | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/splunk_connect_for_snmp_poller/manager/data/event_builder.py b/splunk_connect_for_snmp_poller/manager/data/event_builder.py index 0dbb70b..f7b5c39 100644 --- a/splunk_connect_for_snmp_poller/manager/data/event_builder.py +++ b/splunk_connect_for_snmp_poller/manager/data/event_builder.py @@ -47,6 +47,7 @@ def build(self) -> dict: class EventField(Enum): TIME = "time" SOURCETYPE = "sourcetype" + SOURCE = "source" HOST = "host" INDEX = "index" EVENT = "event" diff --git a/splunk_connect_for_snmp_poller/manager/hec_sender.py b/splunk_connect_for_snmp_poller/manager/hec_sender.py index 611193b..532cd7e 100644 --- a/splunk_connect_for_snmp_poller/manager/hec_sender.py +++ b/splunk_connect_for_snmp_poller/manager/hec_sender.py @@ -131,6 +131,7 @@ def init_builder_with_common_data(current_time, host, index) -> EventBuilder: builder.add(EventField.TIME, current_time) builder.add(EventField.HOST, host) builder.add(EventField.INDEX, index) + builder.add(EventField.SOURCE, "sc4snmp") return builder @@ -189,7 +190,7 @@ def build_metric_data( metric_name = json_val["metric_name"] metric_value = json_val["_value"] fields = { - "metric_name:" + metric_name: metric_value, + f"metric_name:{metric_name}": metric_value, EventField.FREQUENCY.value: ir.frequency_str, } if mib_enricher: @@ -200,6 +201,7 @@ def build_metric_data( builder = init_builder_with_common_data(time.time(), host, index) builder.add(EventField.EVENT, EventType.METRIC.value) + builder.add(EventField.SOURCETYPE, "sc4snmp:metric") extract_additional_properties(fields, metric_name, metric_value, server_config)