From 88d436a8348f25d5d61c04b2b3d263d0998b0375 Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Wed, 10 May 2023 04:43:19 +0000 Subject: automatic import of python-splunk-hec-handler --- .gitignore | 1 + python-splunk-hec-handler.spec | 383 +++++++++++++++++++++++++++++++++++++++++ sources | 1 + 3 files changed, 385 insertions(+) create mode 100644 python-splunk-hec-handler.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore index e69de29..64d5db1 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/splunk_hec_handler-1.2.0.tar.gz diff --git a/python-splunk-hec-handler.spec b/python-splunk-hec-handler.spec new file mode 100644 index 0000000..1a52ef7 --- /dev/null +++ b/python-splunk-hec-handler.spec @@ -0,0 +1,383 @@ +%global _empty_manifest_terminate_build 0 +Name: python-splunk-hec-handler +Version: 1.2.0 +Release: 1 +Summary: A Python logging handler to sends logs to Splunk using HTTP event collector (HEC) +License: MIT License +URL: https://github.com/vavarachen/splunk_hec_handler +Source0: https://mirrors.nju.edu.cn/pypi/web/packages/67/f8/ebdee911502f7dc21be0d253083ce89e18dd0addcb53f2d8cd11e0010743/splunk_hec_handler-1.2.0.tar.gz +BuildArch: noarch + +Requires: python3-requests +Requires: python3-requests + +%description +# Installation + +``` +pip install splunk-hec-handler +``` + +# Features +1. Log messages to Splunk via HTTP Event Collector (HEC). +See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC) +2. All messages are logged as '_json' sourcetype by default. +3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string. + +![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png) + +4. Dictionary objects are preserved as JSON. + +![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png) + +5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time. + +# Examples + +## Basic +```python +import logging +from splunk_hec_handler import SplunkHecHandler +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +# If using self-signed certificate, set ssl_verify to False +# If using http, set proto to http +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3', + port=8888, proto='https', ssl_verify=True, + source="HEC_example") +logger.addHandler(splunk_handler) +``` + +Following should result in a Splunk entry with _time set to current timestamp. + +```python +logger.info("Testing Splunk HEC Info message") +``` + +![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png) + +Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two +custom fields (color, api_endpoint). Custom fields can be seen in verbose mode. + +```python +dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.error(dict_obj) +``` + +![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png) + +:warning: In order to use custom fields, 'sourcetype' property must be specified in the event +and sourcetype definition must enable *indexed field extractions*. + + +See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields' + +## Advanced +Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new +fields, which are not part of the event, can be also added. + +In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting) +and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint'). + +```python +import logging +from splunk_hec_handler import SplunkHecHandler + +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +stream_handler = logging.StreamHandler() +stream_handler.level = logging.DEBUG +logger.addHandler(stream_handler) + +token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3' +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + token, index="hec", + port=8080, proto='https', ssl_verify=False + source="evtx2json", sourcetype='xxxxxxxx_json') +logger.addHandler(splunk_handler) + + +dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.info(dict_obj) + +log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100} +logger.debug(log_summary_evt) +``` + +![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png) + + +# Todo +1. Event acknowledgement support + + + +%package -n python3-splunk-hec-handler +Summary: A Python logging handler to sends logs to Splunk using HTTP event collector (HEC) +Provides: python-splunk-hec-handler +BuildRequires: python3-devel +BuildRequires: python3-setuptools +BuildRequires: python3-pip +%description -n python3-splunk-hec-handler +# Installation + +``` +pip install splunk-hec-handler +``` + +# Features +1. Log messages to Splunk via HTTP Event Collector (HEC). +See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC) +2. All messages are logged as '_json' sourcetype by default. +3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string. + +![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png) + +4. Dictionary objects are preserved as JSON. + +![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png) + +5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time. + +# Examples + +## Basic +```python +import logging +from splunk_hec_handler import SplunkHecHandler +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +# If using self-signed certificate, set ssl_verify to False +# If using http, set proto to http +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3', + port=8888, proto='https', ssl_verify=True, + source="HEC_example") +logger.addHandler(splunk_handler) +``` + +Following should result in a Splunk entry with _time set to current timestamp. + +```python +logger.info("Testing Splunk HEC Info message") +``` + +![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png) + +Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two +custom fields (color, api_endpoint). Custom fields can be seen in verbose mode. + +```python +dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.error(dict_obj) +``` + +![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png) + +:warning: In order to use custom fields, 'sourcetype' property must be specified in the event +and sourcetype definition must enable *indexed field extractions*. + + +See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields' + +## Advanced +Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new +fields, which are not part of the event, can be also added. + +In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting) +and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint'). + +```python +import logging +from splunk_hec_handler import SplunkHecHandler + +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +stream_handler = logging.StreamHandler() +stream_handler.level = logging.DEBUG +logger.addHandler(stream_handler) + +token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3' +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + token, index="hec", + port=8080, proto='https', ssl_verify=False + source="evtx2json", sourcetype='xxxxxxxx_json') +logger.addHandler(splunk_handler) + + +dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.info(dict_obj) + +log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100} +logger.debug(log_summary_evt) +``` + +![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png) + + +# Todo +1. Event acknowledgement support + + + +%package help +Summary: Development documents and examples for splunk-hec-handler +Provides: python3-splunk-hec-handler-doc +%description help +# Installation + +``` +pip install splunk-hec-handler +``` + +# Features +1. Log messages to Splunk via HTTP Event Collector (HEC). +See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC) +2. All messages are logged as '_json' sourcetype by default. +3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string. + +![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png) + +4. Dictionary objects are preserved as JSON. + +![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png) + +5. If log record (dict) does not contains a 'time' field, one is added with the value set to current time. + +# Examples + +## Basic +```python +import logging +from splunk_hec_handler import SplunkHecHandler +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +# If using self-signed certificate, set ssl_verify to False +# If using http, set proto to http +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + 'EA33046C-6FEC-4DC0-AC66-4326E58B54C3', + port=8888, proto='https', ssl_verify=True, + source="HEC_example") +logger.addHandler(splunk_handler) +``` + +Following should result in a Splunk entry with _time set to current timestamp. + +```python +logger.info("Testing Splunk HEC Info message") +``` + +![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png) + +Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two +custom fields (color, api_endpoint). Custom fields can be seen in verbose mode. + +```python +dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.error(dict_obj) +``` + +![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png) + +:warning: In order to use custom fields, 'sourcetype' property must be specified in the event +and sourcetype definition must enable *indexed field extractions*. + + +See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields' + +## Advanced +Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new +fields, which are not part of the event, can be also added. + +In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting) +and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint'). + +```python +import logging +from splunk_hec_handler import SplunkHecHandler + +logger = logging.getLogger('SplunkHecHandlerExample') +logger.setLevel(logging.DEBUG) + +stream_handler = logging.StreamHandler() +stream_handler.level = logging.DEBUG +logger.addHandler(stream_handler) + +token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3' +splunk_handler = SplunkHecHandler('splunkfw.domain.tld', + token, index="hec", + port=8080, proto='https', ssl_verify=False + source="evtx2json", sourcetype='xxxxxxxx_json') +logger.addHandler(splunk_handler) + + +dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'}, + 'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]} +logger.info(dict_obj) + +log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100} +logger.debug(log_summary_evt) +``` + +![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png) + + +# Todo +1. Event acknowledgement support + + + +%prep +%autosetup -n splunk-hec-handler-1.2.0 + +%build +%py3_build + +%install +%py3_install +install -d -m755 %{buildroot}/%{_pkgdocdir} +if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi +if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi +if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi +if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi +pushd %{buildroot} +if [ -d usr/lib ]; then + find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/lib64 ]; then + find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/bin ]; then + find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst +fi +if [ -d usr/sbin ]; then + find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst +fi +touch doclist.lst +if [ -d usr/share/man ]; then + find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst +fi +popd +mv %{buildroot}/filelist.lst . +mv %{buildroot}/doclist.lst . + +%files -n python3-splunk-hec-handler -f filelist.lst +%dir %{python3_sitelib}/* + +%files help -f doclist.lst +%{_docdir}/* + +%changelog +* Wed May 10 2023 Python_Bot - 1.2.0-1 +- Package Spec generated diff --git a/sources b/sources new file mode 100644 index 0000000..3369025 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +f0c9e2a6b9793794d22d89a129a4c52c splunk_hec_handler-1.2.0.tar.gz -- cgit v1.2.3