%global _empty_manifest_terminate_build 0
Name:		python-splunk-hec-handler
Version:	1.2.0
Release:	1
Summary:	A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
License:	MIT License
URL:		https://github.com/vavarachen/splunk_hec_handler
Source0:	https://mirrors.nju.edu.cn/pypi/web/packages/67/f8/ebdee911502f7dc21be0d253083ce89e18dd0addcb53f2d8cd11e0010743/splunk_hec_handler-1.2.0.tar.gz
BuildArch:	noarch

Requires:	python3-requests
Requires:	python3-requests

%description
# Installation

```
pip install splunk-hec-handler
```

# Features
1. Log messages to Splunk via HTTP Event Collector (HEC).
See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
2. All messages are logged as '_json' sourcetype by default.
3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.

![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)

4. Dictionary objects are preserved as JSON.

![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)

5. If log record (dict) does not contains a 'time' field,  one is added with the value set to current time.

# Examples

## Basic
```python
import logging
from splunk_hec_handler import SplunkHecHandler
logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

# If using self-signed certificate, set ssl_verify to False
# If using http, set proto to http
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                    'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
                    port=8888, proto='https', ssl_verify=True,
                    source="HEC_example")
logger.addHandler(splunk_handler)
```

Following should result in a Splunk entry with _time set to current timestamp.

```python
logger.info("Testing Splunk HEC Info message")
```

![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)

Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
custom fields (color, api_endpoint).  Custom fields can be seen in verbose mode. 

```python
dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
                    'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.error(dict_obj)
```

![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)

:warning: In order to use custom fields, 'sourcetype' property must be specified in the event 
and sourcetype definition must enable *indexed field extractions*.


See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'

## Advanced
Using 'fields', many of the metadata fields associated with an event can be changed from the default.  Additionally, new
fields, which are not part of the event, can be also added.

In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').

```python
import logging
from splunk_hec_handler import SplunkHecHandler

logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

stream_handler = logging.StreamHandler()
stream_handler.level = logging.DEBUG
logger.addHandler(stream_handler)

token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                                 token, index="hec",
                                 port=8080, proto='https', ssl_verify=False
                                 source="evtx2json", sourcetype='xxxxxxxx_json')
logger.addHandler(splunk_handler)


dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
            'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.info(dict_obj)

log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
logger.debug(log_summary_evt)
```

![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)


# Todo
1. Event acknowledgement support



%package -n python3-splunk-hec-handler
Summary:	A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
Provides:	python-splunk-hec-handler
BuildRequires:	python3-devel
BuildRequires:	python3-setuptools
BuildRequires:	python3-pip
%description -n python3-splunk-hec-handler
# Installation

```
pip install splunk-hec-handler
```

# Features
1. Log messages to Splunk via HTTP Event Collector (HEC).
See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
2. All messages are logged as '_json' sourcetype by default.
3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.

![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)

4. Dictionary objects are preserved as JSON.

![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)

5. If log record (dict) does not contains a 'time' field,  one is added with the value set to current time.

# Examples

## Basic
```python
import logging
from splunk_hec_handler import SplunkHecHandler
logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

# If using self-signed certificate, set ssl_verify to False
# If using http, set proto to http
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                    'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
                    port=8888, proto='https', ssl_verify=True,
                    source="HEC_example")
logger.addHandler(splunk_handler)
```

Following should result in a Splunk entry with _time set to current timestamp.

```python
logger.info("Testing Splunk HEC Info message")
```

![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)

Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
custom fields (color, api_endpoint).  Custom fields can be seen in verbose mode. 

```python
dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
                    'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.error(dict_obj)
```

![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)

:warning: In order to use custom fields, 'sourcetype' property must be specified in the event 
and sourcetype definition must enable *indexed field extractions*.


See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'

## Advanced
Using 'fields', many of the metadata fields associated with an event can be changed from the default.  Additionally, new
fields, which are not part of the event, can be also added.

In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').

```python
import logging
from splunk_hec_handler import SplunkHecHandler

logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

stream_handler = logging.StreamHandler()
stream_handler.level = logging.DEBUG
logger.addHandler(stream_handler)

token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                                 token, index="hec",
                                 port=8080, proto='https', ssl_verify=False
                                 source="evtx2json", sourcetype='xxxxxxxx_json')
logger.addHandler(splunk_handler)


dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
            'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.info(dict_obj)

log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
logger.debug(log_summary_evt)
```

![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)


# Todo
1. Event acknowledgement support



%package help
Summary:	Development documents and examples for splunk-hec-handler
Provides:	python3-splunk-hec-handler-doc
%description help
# Installation

```
pip install splunk-hec-handler
```

# Features
1. Log messages to Splunk via HTTP Event Collector (HEC).
See [Splunk HEC Documentation](http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC)
2. All messages are logged as '_json' sourcetype by default.
3. A dictionary with 'log_level' and 'message' keys are constructed for logging records of type string.

![String log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/str_record.png)

4. Dictionary objects are preserved as JSON.

![Dictionary log record representation in Splunk](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/dict_record.png)

5. If log record (dict) does not contains a 'time' field,  one is added with the value set to current time.

# Examples

## Basic
```python
import logging
from splunk_hec_handler import SplunkHecHandler
logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

# If using self-signed certificate, set ssl_verify to False
# If using http, set proto to http
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                    'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
                    port=8888, proto='https', ssl_verify=True,
                    source="HEC_example")
logger.addHandler(splunk_handler)
```

Following should result in a Splunk entry with _time set to current timestamp.

```python
logger.info("Testing Splunk HEC Info message")
```

![Basic Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/basic_example.png)

Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two
custom fields (color, api_endpoint).  Custom fields can be seen in verbose mode. 

```python
dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
                    'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.error(dict_obj)
```

![Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/fields_example.png)

:warning: In order to use custom fields, 'sourcetype' property must be specified in the event 
and sourcetype definition must enable *indexed field extractions*.


See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'

## Advanced
Using 'fields', many of the metadata fields associated with an event can be changed from the default.  Additionally, new
fields, which are not part of the event, can be also added.

In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting)
and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').

```python
import logging
from splunk_hec_handler import SplunkHecHandler

logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)

stream_handler = logging.StreamHandler()
stream_handler.level = logging.DEBUG
logger.addHandler(stream_handler)

token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
                                 token, index="hec",
                                 port=8080, proto='https', ssl_verify=False
                                 source="evtx2json", sourcetype='xxxxxxxx_json')
logger.addHandler(splunk_handler)


dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
            'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.info(dict_obj)

log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
logger.debug(log_summary_evt)
```

![Advanced Fields Example](https://github.com/vavarachen/splunk_http_handler/blob/master/resources/advanced_example.png)


# Todo
1. Event acknowledgement support



%prep
%autosetup -n splunk-hec-handler-1.2.0

%build
%py3_build

%install
%py3_install
install -d -m755 %{buildroot}/%{_pkgdocdir}
if [ -d doc ]; then cp -arf doc %{buildroot}/%{_pkgdocdir}; fi
if [ -d docs ]; then cp -arf docs %{buildroot}/%{_pkgdocdir}; fi
if [ -d example ]; then cp -arf example %{buildroot}/%{_pkgdocdir}; fi
if [ -d examples ]; then cp -arf examples %{buildroot}/%{_pkgdocdir}; fi
pushd %{buildroot}
if [ -d usr/lib ]; then
	find usr/lib -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/lib64 ]; then
	find usr/lib64 -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/bin ]; then
	find usr/bin -type f -printf "/%h/%f\n" >> filelist.lst
fi
if [ -d usr/sbin ]; then
	find usr/sbin -type f -printf "/%h/%f\n" >> filelist.lst
fi
touch doclist.lst
if [ -d usr/share/man ]; then
	find usr/share/man -type f -printf "/%h/%f.gz\n" >> doclist.lst
fi
popd
mv %{buildroot}/filelist.lst .
mv %{buildroot}/doclist.lst .

%files -n python3-splunk-hec-handler -f filelist.lst
%dir %{python3_sitelib}/*

%files help -f doclist.lst
%{_docdir}/*

%changelog
* Wed May 10 2023 Python_Bot <Python_Bot@openeuler.org> - 1.2.0-1
- Package Spec generated