flow.record.adapter.splunk
¶
Module Contents¶
Classes¶
Generic enumeration. |
|
Generic enumeration. |
|
Functions¶
Attributes¶
- flow.record.adapter.splunk.HAS_HTTPX = True¶
- flow.record.adapter.splunk.__usage__ = Multiline-String¶
Show Value
""" Splunk output adapter (writer only) --- Write usage: rdump -w splunk+[PROTOCOL]://[IP]:[PORT]?tag=[TAG]&token=[TOKEN]&sourcetype=[SOURCETYPE] [PROTOCOL]: Protocol to use for forwarding data. Can be tcp, http or https, defaults to tcp if omitted. [IP]:[PORT]: ip and port to a splunk instance [TAG]: optional value to add as "rdtag" output field when writing [TOKEN]: Authentication token for sending data over HTTP(S) [SOURCETYPE]: Set sourcetype of data. Defaults to records, but can also be set to JSON. [SSL_VERIFY]: Whether to verify the server certificate when sending data over HTTP(S). Defaults to True. """
- flow.record.adapter.splunk.log¶
- flow.record.adapter.splunk.RECORD_BUFFER_LIMIT = 20¶
- flow.record.adapter.splunk.RESERVED_SPLUNK_FIELDS = ['_indextime', '_time', 'index', 'punct', 'source', 'sourcetype', 'tag', 'type']¶
- flow.record.adapter.splunk.RESERVED_RECORD_FIELDS = ['_classification', '_generated', '_source']¶
- flow.record.adapter.splunk.PREFIX_WITH_RD¶
- class flow.record.adapter.splunk.Protocol¶
Bases:
enum.Enum
Generic enumeration.
Derive from this class to define new enumerations.
- HTTP = 'http'¶
- HTTPS = 'https'¶
- TCP = 'tcp'¶
- class flow.record.adapter.splunk.SourceType¶
Bases:
enum.Enum
Generic enumeration.
Derive from this class to define new enumerations.
- JSON = 'json'¶
- RECORDS = 'records'¶
- flow.record.adapter.splunk.splunkify_key_value(record: flow.record.base.Record, tag: str | None = None) str ¶
- flow.record.adapter.splunk.splunkify_json(packer: flow.record.jsonpacker.JsonRecordPacker, record: flow.record.base.Record, tag: str | None = None) str ¶
- class flow.record.adapter.splunk.SplunkWriter(uri: str, tag: str | None = None, token: str | None = None, sourcetype: str | None = None, ssl_verify: bool = True, **kwargs)¶
Bases:
flow.record.adapter.AbstractWriter
- sock¶
- session¶
- write(record: flow.record.base.Record) None ¶
Write a record.
- flush() None ¶
Flush any buffered writes.
- close() None ¶
Close the Writer, no more writes will be possible.
- class flow.record.adapter.splunk.SplunkReader(path, selector=None, **kwargs)¶