-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(splunk_hec sink): Rewrite Splunk HEC metrics sink into the new style #9813
Conversation
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
✔️ Deploy Preview for vector-project canceled. 🔨 Explore the source changes: ac5375a 🔍 Inspect the deploy log: https://app.netlify.com/sites/vector-project/deploys/6179b57ef999db000723de02 |
Signed-off-by: 001wwang <will.wang@datadoghq.com>
@001wwang adding a soak that removes transforms would be interesting, yeah. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice work. No concerns at all from me.
[transforms.remap] | ||
type = "remap" | ||
inputs = ["syslog"] | ||
source = """ | ||
. = parse_syslog!(.message) | ||
""" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could avoid this step entirely if you used, say, datadog_agent
ingress.
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Signed-off-by: 001wwang <will.wang@datadoghq.com>
Closes #9735
This PR rewrites the Splunk HEC metrics sink into the new style and consolidates some common functionality between the
logs
andmetrics
sink. Namely, the two share theirService
related code (HecRequest
,HecResponse
,HecRetryLogic
,HecService
, etc.) as they communicate with Splunk in the same way. I plan to add some more integration tests (sending multiple events), but the overall approach is ready for review.Soak test results for
syslog -> remap -> log_to_metric -> splunk_hec_metrics
:(wow, what are the chances that the
VALUE_min
is a commit SHA)The results are similar/slightly improved. The similarity of this soak with the
syslog_log2metric_humio_metrics
soak and the similar throughput results again lead me to believe the transforms are the limitation here. I may add a new soak that avoids transforms.