summaryrefslogtreecommitdiff
path: root/python-splunk-hec-handler.spec
diff options
context:
space:
mode:
Diffstat (limited to 'python-splunk-hec-handler.spec')
-rw-r--r--python-splunk-hec-handler.spec383
1 files changed, 383 insertions, 0 deletions
diff --git a/python-splunk-hec-handler.spec b/python-splunk-hec-handler.spec
new file mode 100644
index 0000000..1a52ef7
--- /dev/null
+++ b/python-splunk-hec-handler.spec
@@ -0,0 +1,383 @@
+%global _empty_manifest_terminate_build 0
+Name: python-splunk-hec-handler
+Version: 1.2.0
+Release: 1
+Summary: A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
+License: MIT License
+URL: https://github.com/vavarachen/splunk_hec_handler
+Source0: https://mirrors.nju.edu.cn/pypi/web/packages/67/f8/ebdee911502f7dc21be0d253083ce89e18dd0addcb53f2d8cd11e0010743/splunk_hec_handler-1.2.0.tar.gz
+BuildArch: noarch
+
+Requires: python3-requests
+Requires: python3-requests
+
+%description
+# Installation
+
+```
+pip install splunk-hec-handler
+```
+
+# Features
+1. Log messages to Splunk via HTTP Event Collector (HEC).
+See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
+2. All messages are logged as '_json' sourcetype by default.
+3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.
+
+![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)
+
+4. Dictionary objects are preserved as JSON.
+
+![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)
+
+5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time.
+
+# Examples
+
+## Basic
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+# If using self-signed certificate, set ssl_verify to False
+# If using http, set proto to http
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
+ port=8888, proto='https', ssl_verify=True,
+ source="HEC_example")
+logger.addHandler(splunk_handler)
+```
+
+Following should result in a Splunk entry with _time set to current timestamp.
+
+```python
+logger.info("Testing Splunk HEC Info message")
+```
+
+![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)
+
+Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
+custom fields (color, api_endpoint). Custom fields can be seen in verbose mode.
+
+```python
+dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.error(dict_obj)
+```
+
+![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)
+
+:warning: In order to use custom fields, 'sourcetype' property must be specified in the event
+and sourcetype definition must enable *indexed field extractions*.
+
+
+See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'
+
+## Advanced
+Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new
+fields, which are not part of the event, can be also added.
+
+In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
+and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').
+
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+stream_handler = logging.StreamHandler()
+stream_handler.level = logging.DEBUG
+logger.addHandler(stream_handler)
+
+token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ token, index="hec",
+ port=8080, proto='https', ssl_verify=False
+ source="evtx2json", sourcetype='xxxxxxxx_json')
+logger.addHandler(splunk_handler)
+
+
+dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.info(dict_obj)
+
+log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
+logger.debug(log_summary_evt)
+```
+
+![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)
+
+
+# Todo
+1. Event acknowledgement support
+
+
+
+%package -n python3-splunk-hec-handler
+Summary: A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
+Provides: python-splunk-hec-handler
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-pip
+%description -n python3-splunk-hec-handler
+# Installation
+
+```
+pip install splunk-hec-handler
+```
+
+# Features
+1. Log messages to Splunk via HTTP Event Collector (HEC).
+See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
+2. All messages are logged as '_json' sourcetype by default.
+3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.
+
+![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)
+
+4. Dictionary objects are preserved as JSON.
+
+![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)
+
+5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time.
+
+# Examples
+
+## Basic
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+# If using self-signed certificate, set ssl_verify to False
+# If using http, set proto to http
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
+ port=8888, proto='https', ssl_verify=True,
+ source="HEC_example")
+logger.addHandler(splunk_handler)
+```
+
+Following should result in a Splunk entry with _time set to current timestamp.
+
+```python
+logger.info("Testing Splunk HEC Info message")
+```
+
+![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)
+
+Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
+custom fields (color, api_endpoint). Custom fields can be seen in verbose mode.
+
+```python
+dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.error(dict_obj)
+```
+
+![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)
+
+:warning: In order to use custom fields, 'sourcetype' property must be specified in the event
+and sourcetype definition must enable *indexed field extractions*.
+
+
+See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'
+
+## Advanced
+Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new
+fields, which are not part of the event, can be also added.
+
+In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
+and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').
+
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+stream_handler = logging.StreamHandler()
+stream_handler.level = logging.DEBUG
+logger.addHandler(stream_handler)
+
+token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ token, index="hec",
+ port=8080, proto='https', ssl_verify=False
+ source="evtx2json", sourcetype='xxxxxxxx_json')
+logger.addHandler(splunk_handler)
+
+
+dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.info(dict_obj)
+
+log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
+logger.debug(log_summary_evt)
+```
+
+![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)
+
+
+# Todo
+1. Event acknowledgement support
+
+
+
+%package help
+Summary: Development documents and examples for splunk-hec-handler
+Provides: python3-splunk-hec-handler-doc
+%description help
+# Installation
+
+```
+pip install splunk-hec-handler
+```
+
+# Features
+1. Log messages to Splunk via HTTP Event Collector (HEC).
+See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
+2. All messages are logged as '_json' sourcetype by default.
+3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.
+
+![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)
+
+4. Dictionary objects are preserved as JSON.
+
+![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)
+
+5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time.
+
+# Examples
+
+## Basic
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+# If using self-signed certificate, set ssl_verify to False
+# If using http, set proto to http
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
+ port=8888, proto='https', ssl_verify=True,
+ source="HEC_example")
+logger.addHandler(splunk_handler)
+```
+
+Following should result in a Splunk entry with _time set to current timestamp.
+
+```python
+logger.info("Testing Splunk HEC Info message")
+```
+
+![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)
+
+Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
+custom fields (color, api_endpoint). Custom fields can be seen in verbose mode.
+
+```python
+dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.error(dict_obj)
+```
+
+![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)
+
+:warning: In order to use custom fields, 'sourcetype' property must be specified in the event
+and sourcetype definition must enable *indexed field extractions*.
+
+
+See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'
+
+## Advanced
+Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new
+fields, which are not part of the event, can be also added.
+
+In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
+and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').
+
+```python
+import logging
+from splunk_hec_handler import SplunkHecHandler
+
+logger = logging.getLogger('SplunkHecHandlerExample')
+logger.setLevel(logging.DEBUG)
+
+stream_handler = logging.StreamHandler()
+stream_handler.level = logging.DEBUG
+logger.addHandler(stream_handler)
+
+token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
+splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
+ token, index="hec",
+ port=8080, proto='https', ssl_verify=False
+ source="evtx2json", sourcetype='xxxxxxxx_json')
+logger.addHandler(splunk_handler)
+
+
+dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
+ 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
+logger.info(dict_obj)
+
+log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
+logger.debug(log_summary_evt)
+```
+
+![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)
+
+
+# Todo
+1. Event acknowledgement support
+
+
+
+%prep
+%autosetup -n splunk-hec-handler-1.2.0
+
+%build
+%py3_build
+
+%install
+%py3_install
+install -d -m755 %{buildroot}/%{_pkgdocdir}
+if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
+if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
+if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
+if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
+pushd %{buildroot}
+if [ -d usr/lib ]; then
+ find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/lib64 ]; then
+ find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/bin ]; then
+ find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+if [ -d usr/sbin ]; then
+ find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
+fi
+touch doclist.lst
+if [ -d usr/share/man ]; then
+ find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
+fi
+popd
+mv %{buildroot}/filelist.lst .
+mv %{buildroot}/doclist.lst .
+
+%files -n python3-splunk-hec-handler -f filelist.lst
+%dir %{python3_sitelib}/*
+
+%files help -f doclist.lst
+%{_docdir}/*
+
+%changelog
+* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 1.2.0-1
+- Package Spec generated
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-19 09:31:35 +0000