`flow.record.adapter.splunk`¶

Module Contents¶

Classes¶

`Protocol`	Generic enumeration.
`SourceType`	Generic enumeration.
`SplunkWriter`
`SplunkReader`

Functions¶

`splunkify_key_value`
`splunkify_json`

Attributes¶

`HAS_HTTPX`
`__usage__`
`log`
`RECORD_BUFFER_LIMIT`
`RESERVED_SPLUNK_FIELDS`
`RESERVED_RECORD_FIELDS`
`PREFIX_WITH_RD`

flow.record.adapter.splunk.HAS_HTTPX = True¶

flow.record.adapter.splunk.__usage__ = Multiline-String¶

Show Value

"""
Splunk output adapter (writer only)
---
Write usage: rdump -w splunk+[PROTOCOL]://[IP]:[PORT]?tag=[TAG]&token=[TOKEN]&sourcetype=[SOURCETYPE]
[PROTOCOL]: Protocol to use for forwarding data. Can be tcp, http or https, defaults to tcp if omitted.
[IP]:[PORT]: ip and port to a splunk instance
[TAG]: optional value to add as "rdtag" output field when writing
[TOKEN]: Authentication token for sending data over HTTP(S)
[SOURCETYPE]: Set sourcetype of data. Defaults to records, but can also be set to JSON.
[SSL_VERIFY]: Whether to verify the server certificate when sending data over HTTP(S). Defaults to True.
"""

flow.record.adapter.splunk.log¶

flow.record.adapter.splunk.RECORD_BUFFER_LIMIT = 20¶

flow.record.adapter.splunk.RESERVED_SPLUNK_FIELDS = ['_indextime', '_time', 'index', 'punct', 'source', 'sourcetype', 'tag', 'type']¶

flow.record.adapter.splunk.RESERVED_RECORD_FIELDS = ['_classification', '_generated', '_source']¶

flow.record.adapter.splunk.PREFIX_WITH_RD¶

class flow.record.adapter.splunk.Protocol¶

Bases: enum.Enum

Generic enumeration.

Derive from this class to define new enumerations.

HTTP = 'http'¶

HTTPS = 'https'¶

TCP = 'tcp'¶

class flow.record.adapter.splunk.SourceType¶