Add writer types to schema for Outbound Adapter and upgraded to Splunk 1.0.0
Update README
This commit is contained in:
committed by
Gunnar Hillert
parent
1adcce712e
commit
43f9246f54
117
README.md
117
README.md
@@ -5,8 +5,8 @@ The SI adapter includes Outbound Channel Adapter and Inbound Channel Adapter.
|
||||
|
||||
Inbound channel adapter :
|
||||
-----------------------------------------------------------------------------
|
||||
Inbound channel adapter is used to get data out of Splunk and put into
|
||||
Spring Integration's channel. There are 5 ways to get data out of Splunk:
|
||||
The Inbound channel adapter is used to read data from Splunk and output a message containing the data to a Spring Integration channel. There are 5 ways to get data from Splunk:
|
||||
|
||||
* Blocking
|
||||
* Non blocking
|
||||
* Saved search
|
||||
@@ -15,99 +15,134 @@ Spring Integration's channel. There are 5 ways to get data out of Splunk:
|
||||
|
||||
|
||||
### Blocking search:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="true" search="search spring:example"
|
||||
search="search spring:example"
|
||||
splunk-server-ref="splunkServer"
|
||||
channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
|
||||
<int:poller fixed-rate="5" time-unit="SECONDS"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
~~~~~
|
||||
```
|
||||
|
||||
|
||||
### Non blocking search:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="true" search="search spring:example"
|
||||
search="search spring:example"
|
||||
splunk-server-ref="splunkServer"
|
||||
channel="inputFromSplunk" mode="NORMAL" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
|
||||
<int:poller fixed-rate="5" time-unit="SECONDS"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
~~~~~
|
||||
```
|
||||
|
||||
|
||||
### Saved search:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="true" savedSearch="test" splunk-server-ref="splunkServer"
|
||||
savedSearch="test" splunk-server-ref="splunkServer"
|
||||
channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
|
||||
<int:poller fixed-rate="5" time-unit="SECONDS"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
~~~~~
|
||||
```
|
||||
|
||||
|
||||
### Realtime search:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
|
||||
search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
|
||||
mode="REALTIME" earliestTime="-5s" latestTime="rt" initEarliestTime="-1d">
|
||||
<int:poller fixed-rate="5" time-unit="SECONDS"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
~~~~~
|
||||
```
|
||||
|
||||
### Export:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
|
||||
mode="EXPORT" earliestTime="-5d" latestTime="now" initEarliestTime="-1d">
|
||||
<int:poller fixed-rate="5" time-unit="SECONDS"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
~~~~~
|
||||
```
|
||||
|
||||
Outbound channel adapter:
|
||||
----------------------------------------------------------------------------------------------
|
||||
Outbound channel adapter is used to put data into Splunk from
|
||||
channels in Spring Integration. There are 3 kinds of method to put data
|
||||
* REST(submit)
|
||||
* stream
|
||||
* tcp
|
||||
|
||||
The Outbound channel adapter is used to write data to Splunk from a Spring Integration message channel. There are 3 types of data writers provided:
|
||||
|
||||
* submit - Use's Splunk's REST API. Appropriate for small or infrequent data loads. Posts data to a named index or the default if not specified.
|
||||
* index - Streams data to a named index or the default if not specified.
|
||||
* tcp - Streams data to a tcp port associated with a defined tcp input.
|
||||
|
||||
The outbound channel adapter requires a child *-writer element which defines related attributes:
|
||||
|
||||
### Submit:
|
||||
~~~~~xml
|
||||
|
||||
```xml
|
||||
<int-splunk:outbound-channel-adapter
|
||||
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
|
||||
id="splunkOutboundChannelAdapter"
|
||||
channel="outputToSplunk"
|
||||
splunk-server-ref="splunkServer" pool-server-connection="true"
|
||||
sourceType="spring-integration" source="example2" ingest="SUBMIT">
|
||||
splunk-server-ref="splunkServer"
|
||||
sourceType="spring-integration"
|
||||
source="example2">
|
||||
<int-splunk:submit-writer index="foo"/>
|
||||
</int-splunk:outbound-channel-adapter>
|
||||
```
|
||||
|
||||
~~~~~
|
||||
### Index:
|
||||
|
||||
### Stream:
|
||||
~~~~~xml
|
||||
```xml
|
||||
<int-splunk:outbound-channel-adapter
|
||||
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
|
||||
channel="outputToSplunk" splunk-server-ref="splunkServer"
|
||||
ingest="STREAM">
|
||||
id="splunkOutboundChannelAdapter"
|
||||
channel="outputToSplunk"
|
||||
splunk-server-ref="splunkServer"
|
||||
>
|
||||
<int-splunk:index-writer index="someIndex"/>
|
||||
</int-splunk:outbound-channel-adapter>
|
||||
```
|
||||
|
||||
~~~~~
|
||||
### TCP
|
||||
|
||||
### tcp
|
||||
~~~~~xml
|
||||
```xml
|
||||
<int-splunk:outbound-channel-adapter
|
||||
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
|
||||
channel="outputToSplunk" splunk-server-ref="splunkServer"
|
||||
ingest="TCP" tcpPort="9999">
|
||||
id="splunkOutboundChannelAdapter"
|
||||
channel="outputToSplunk"
|
||||
splunk-server-ref="splunkServer"
|
||||
>
|
||||
<int-splunk:tcp-writer port="9999"/>
|
||||
</int-splunk:outbound-channel-adapter>
|
||||
```
|
||||
|
||||
*NOTE: The input must exist and be enabled on the server*
|
||||
|
||||
~~~~~
|
||||
### Configuring The Splunk Server connection
|
||||
|
||||
```xml
|
||||
<int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" host="somehost.someplace.com" port="9000" />
|
||||
```
|
||||
|
||||
Additional server properties include (see [splunk](http://docs.splunk.com/Documentation/Splunk/latest) documentation for details):
|
||||
|
||||
* app
|
||||
* scheme
|
||||
* scope
|
||||
* owner
|
||||
|
||||
The default host is *localhost* and the default port is *8089*. The *timeout* attribute indicates how long to wait for a connection in miliseconds.
|
||||
|
||||
|
||||
Development
|
||||
-----------------
|
||||
### To build:
|
||||
### Build:
|
||||
|
||||
./gradlew build
|
||||
|
||||
### To generate Eclipse metadata (.classpath and .project files), do the following:
|
||||
### Import the project to Eclipse:
|
||||
|
||||
To generate Eclipse metadata (e.g., .classpath and .project files), do the following:
|
||||
|
||||
./gradlew eclipse
|
||||
|
||||
|
||||
16
build.gradle
16
build.gradle
@@ -21,20 +21,8 @@ repositories {
|
||||
maven { url 'http://repo.springsource.org/plugins-release' } // for bundlor
|
||||
}
|
||||
|
||||
sourceCompatibility=1.5
|
||||
targetCompatibility=1.5
|
||||
|
||||
ext {
|
||||
cglibVersion = '2.2'
|
||||
junitVersion = '4.8.2'
|
||||
log4jVersion = '1.2.12'
|
||||
mockitoVersion = '1.9.0'
|
||||
springVersion = '3.1.2.RELEASE'
|
||||
springIntegrationVersion = '2.1.2.RELEASE'
|
||||
commonsLangVersion = '2.6'
|
||||
commonsPoolVersion = '1.6'
|
||||
splunkVersion = '0.8.0'
|
||||
}
|
||||
sourceCompatibility=1.6
|
||||
targetCompatibility=1.6
|
||||
|
||||
// See http://www.gradle.org/docs/current/userguide/dependency_management.html#sub:configurations
|
||||
// and http://www.gradle.org/docs/current/dsl/org.gradle.api.artifacts.ConfigurationContainer.html
|
||||
|
||||
@@ -1 +1,10 @@
|
||||
version=0.5.0.BUILD-SNAPSHOT
|
||||
cglibVersion=2.2
|
||||
junitVersion=4.8.2
|
||||
log4jVersion=1.2.12
|
||||
mockitoVersion=1.9.0
|
||||
springVersion=3.1.2.RELEASE
|
||||
springIntegrationVersion=2.1.2.RELEASE
|
||||
commonsLangVersion=2.6
|
||||
commonsPoolVersion=1.6
|
||||
splunkVersion =1.0.0
|
||||
|
||||
@@ -52,22 +52,14 @@ public class SplunkInboundChannelAdapterParser extends AbstractPollingInboundCha
|
||||
splunkDataReaderBuilder.addPropertyValue("count", count);
|
||||
}
|
||||
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "fieldList");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "field-list");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "search");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "savedSearch");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "saved-search");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "owner");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "app");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "initEarliestTime");
|
||||
|
||||
String earliestTime = element.getAttribute("earliestTime");
|
||||
if (StringUtils.hasText(earliestTime)) {
|
||||
splunkDataReaderBuilder.addPropertyValue("earliestTime", earliestTime);
|
||||
}
|
||||
|
||||
String latestTime = element.getAttribute("latestTime");
|
||||
if (StringUtils.hasText(latestTime)) {
|
||||
splunkDataReaderBuilder.addPropertyValue("latestTime", latestTime);
|
||||
}
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "init-earliest-time");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "earliest-time");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataReaderBuilder, element, "latest-time");
|
||||
|
||||
|
||||
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2002-2012 the original author or authors.
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -24,15 +24,20 @@ import org.springframework.integration.config.xml.AbstractOutboundChannelAdapter
|
||||
import org.springframework.integration.config.xml.IntegrationNamespaceUtils;
|
||||
import org.springframework.integration.splunk.outbound.SplunkOutboundChannelAdapter;
|
||||
import org.springframework.integration.splunk.support.ConnectionFactoryFactoryBean;
|
||||
import org.springframework.integration.splunk.support.SplunkDataWriter;
|
||||
import org.springframework.integration.splunk.support.SplunkArgsFactoryBean;
|
||||
import org.springframework.integration.splunk.support.SplunkConnectionFactory;
|
||||
import org.springframework.integration.splunk.support.SplunkIndexWriter;
|
||||
import org.springframework.integration.splunk.support.SplunkSubmitWriter;
|
||||
import org.springframework.integration.splunk.support.SplunkTcpWriter;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.util.xml.DomUtils;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
* The parser for the Splunk Outbound Channel Adapter.
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author David Turanski
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
@@ -53,18 +58,16 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
|
||||
|
||||
BeanDefinitionBuilder splunkOutboundChannelAdapterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkOutboundChannelAdapter.class);
|
||||
BeanDefinitionBuilder splunkExecutorBuilder = SplunkParserUtils.getSplunkExecutorBuilder(element, parserContext);
|
||||
|
||||
BeanDefinitionBuilder splunkDataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkDataWriter.class);
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "sourceType");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "source");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "index");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "ingest");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "tcpPort");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "host");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(splunkDataWriterBuilder, element, "hostRegex");
|
||||
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);
|
||||
|
||||
String splunkServerBeanName = element.getAttribute("splunk-server-ref");
|
||||
BeanDefinitionBuilder argsBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkArgsFactoryBean.class);
|
||||
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "source-type");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "source");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "host");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(argsBuilder, element, "host-regex");
|
||||
|
||||
BeanDefinitionBuilder connectionFactoryBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkConnectionFactory.class);
|
||||
|
||||
String splunkServerBeanName = element.getAttribute("splunk-server-ref");
|
||||
if (StringUtils.hasText(splunkServerBeanName)) {
|
||||
connectionFactoryBuilder.addConstructorArgReference(splunkServerBeanName);
|
||||
}
|
||||
@@ -72,14 +75,17 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
|
||||
BeanDefinitionBuilder connectionFactoryFactoryBeanBuilder = BeanDefinitionBuilder.genericBeanDefinition(ConnectionFactoryFactoryBean.class);
|
||||
connectionFactoryFactoryBeanBuilder.addConstructorArgValue(connectionFactoryBuilder.getBeanDefinition());
|
||||
connectionFactoryFactoryBeanBuilder.addConstructorArgValue(element.getAttribute("pool-server-connection"));
|
||||
splunkDataWriterBuilder.addConstructorArgValue(connectionFactoryFactoryBeanBuilder.getBeanDefinition());
|
||||
|
||||
|
||||
BeanDefinitionBuilder dataWriterBuilder = parseDataWriter(element, parserContext);
|
||||
dataWriterBuilder.addConstructorArgValue(connectionFactoryFactoryBeanBuilder.getBeanDefinition());
|
||||
dataWriterBuilder.addConstructorArgValue(argsBuilder.getBeanDefinition());
|
||||
|
||||
String channelAdapterId = this.resolveId(element, splunkOutboundChannelAdapterBuilder.getRawBeanDefinition(),
|
||||
parserContext);
|
||||
String splunkExecutorBeanName = channelAdapterId + ".splunkExecutor";
|
||||
String splunkDataWriterBeanName = splunkExecutorBeanName + ".writer";
|
||||
|
||||
parserContext.registerBeanComponent(new BeanComponentDefinition(splunkDataWriterBuilder.getBeanDefinition(),
|
||||
parserContext.registerBeanComponent(new BeanComponentDefinition(dataWriterBuilder.getBeanDefinition(),
|
||||
splunkDataWriterBeanName));
|
||||
splunkExecutorBuilder.addPropertyReference("writer", splunkDataWriterBeanName);
|
||||
|
||||
@@ -93,5 +99,31 @@ public class SplunkOutboundChannelAdapterParser extends AbstractOutboundChannelA
|
||||
return splunkOutboundChannelAdapterBuilder.getBeanDefinition();
|
||||
|
||||
}
|
||||
|
||||
private BeanDefinitionBuilder parseDataWriter(Element element, ParserContext parserContext) {
|
||||
BeanDefinitionBuilder dataWriterBuilder = null;
|
||||
Element dataWriter = null;
|
||||
if (DomUtils.getChildElementByTagName(element, "index-writer") != null) {
|
||||
dataWriter = DomUtils.getChildElementByTagName(element, "index-writer");
|
||||
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkIndexWriter.class);
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "index");
|
||||
|
||||
}
|
||||
if (DomUtils.getChildElementByTagName(element, "submit-writer") != null) {
|
||||
dataWriter = DomUtils.getChildElementByTagName(element, "submit-writer");
|
||||
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkSubmitWriter.class);
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "index");
|
||||
}
|
||||
if (DomUtils.getChildElementByTagName(element, "tcp-writer") != null) {
|
||||
dataWriter = DomUtils.getChildElementByTagName(element, "tcp-writer");
|
||||
dataWriterBuilder = BeanDefinitionBuilder.genericBeanDefinition(SplunkTcpWriter.class);
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, dataWriter, "port");
|
||||
|
||||
}
|
||||
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(dataWriterBuilder, element, "auto-startup");
|
||||
|
||||
return dataWriterBuilder;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -20,7 +20,7 @@ import org.springframework.beans.factory.xml.AbstractSimpleBeanDefinitionParser;
|
||||
import org.springframework.beans.factory.xml.BeanDefinitionParserDelegate;
|
||||
import org.springframework.beans.factory.xml.ParserContext;
|
||||
import org.springframework.integration.config.xml.IntegrationNamespaceUtils;
|
||||
import org.springframework.integration.splunk.entity.SplunkServer;
|
||||
import org.springframework.integration.splunk.support.SplunkServer;
|
||||
import org.w3c.dom.Element;
|
||||
|
||||
/**
|
||||
@@ -29,7 +29,7 @@ import org.w3c.dom.Element;
|
||||
* The XML element is like this:
|
||||
* <pre>
|
||||
* {@code
|
||||
* <splunk:server id="splunkServer" host="host" port="8089" userName="admin" password="password"
|
||||
* <splunk:server id="splunkServer" host="host" port="8089" username="admin" password="password"
|
||||
* scheme="https" owner="admin" app="search"/>
|
||||
* }
|
||||
*
|
||||
@@ -54,8 +54,9 @@ public class SplunkServerParser extends AbstractSimpleBeanDefinitionParser {
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "scheme");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "app");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "owner");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "userName");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "username");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "password");
|
||||
IntegrationNamespaceUtils.setValueIfAttributeDefined(builder, element, "timeout");
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@ package org.springframework.integration.splunk.core;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
/**
|
||||
* Data reader to read Splunk data from the service.
|
||||
@@ -27,6 +27,6 @@ import org.springframework.integration.splunk.entity.SplunkData;
|
||||
*/
|
||||
public interface DataReader {
|
||||
|
||||
List<SplunkData> search() throws Exception;
|
||||
List<SplunkEvent> search() throws Exception;
|
||||
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
*/
|
||||
package org.springframework.integration.splunk.core;
|
||||
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
/**
|
||||
* Data writer to write Splunk data into Splunk
|
||||
@@ -26,6 +26,6 @@ import org.springframework.integration.splunk.entity.SplunkData;
|
||||
*/
|
||||
public interface DataWriter {
|
||||
|
||||
void write(SplunkData data) throws Exception;
|
||||
void write(SplunkEvent data) throws Exception;
|
||||
|
||||
}
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,67 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
|
||||
/**
|
||||
* Splunk data entity
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author Damien Dallimore damien@dtdsoftware.com
|
||||
* @author David Turanski
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class AcManagementEvent extends SplunkEvent {
|
||||
|
||||
|
||||
/**
|
||||
* Splunk Common Information Model(CIM) Fields
|
||||
*/
|
||||
|
||||
// ------------------
|
||||
// Account management
|
||||
// ------------------
|
||||
|
||||
/**
|
||||
* The domain containing the user that is affected by the account management
|
||||
* event.
|
||||
*/
|
||||
public static String AC_MANAGEMENT_DEST_NT_DOMAIN = "dest_nt_domain";
|
||||
/**
|
||||
* Description of the account management change performed.
|
||||
*/
|
||||
public static String AC_MANAGEMENT_SIGNATURE = "signature";
|
||||
/**
|
||||
* The NT source of the destination. In the case of an account management
|
||||
* event, this is the domain that contains the user that generated the
|
||||
* event.
|
||||
*/
|
||||
public static String AC_MANAGEMENT_SRC_NT_DOMAIN = "src_nt_domain";
|
||||
|
||||
public void setAcManagementDestNtDomain(String acManagementDestNtDomain) {
|
||||
addPair(AC_MANAGEMENT_DEST_NT_DOMAIN, acManagementDestNtDomain);
|
||||
}
|
||||
|
||||
public void setAcManagementSignature(String acManagementSignature) {
|
||||
addPair(AC_MANAGEMENT_SIGNATURE, acManagementSignature);
|
||||
}
|
||||
|
||||
public void setAcManagementSrcNtDomain(String acManagementSrcNtDomain) {
|
||||
addPair(AC_MANAGEMENT_SRC_NT_DOMAIN, acManagementSrcNtDomain);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,84 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class AuthEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Authentication - Access protection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The action performed on the resource. success, failure
|
||||
*/
|
||||
public static String AUTH_ACTION = "action";
|
||||
/**
|
||||
* The application involved in the event (such as ssh, spunk, win:local).
|
||||
*/
|
||||
public static String AUTH_APP = "app";
|
||||
/**
|
||||
* The target involved in the authentication. If your field is named
|
||||
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
|
||||
* to make it CIM-compliant.
|
||||
*/
|
||||
public static String AUTH_DEST = "dest";
|
||||
/**
|
||||
* The source involved in the authentication. In the case of endpoint
|
||||
* protection authentication the src is the client. If your field is named
|
||||
* src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src to
|
||||
* make it CIM-compliant.. It is required for all events dealing with
|
||||
* endpoint protection (Authentication, change analysis, malware, system
|
||||
* center, and update). Note: Do not confuse this with the event source or
|
||||
* sourcetype fields.
|
||||
*/
|
||||
public static String AUTH_SRC = "src";
|
||||
/**
|
||||
* In privilege escalation events, src_user represents the user who
|
||||
* initiated the privilege escalation.
|
||||
*/
|
||||
public static String AUTH_SRC_USER = "src_user";
|
||||
/**
|
||||
* The name of the user involved in the event, or who initiated the event.
|
||||
* For authentication privilege escalation events this should represent the
|
||||
* user targeted by the escalation.
|
||||
*/
|
||||
public static String AUTH_USER = "user";
|
||||
|
||||
public void setAuthApp(String authApp) {
|
||||
addPair(AUTH_APP, authApp);
|
||||
}
|
||||
|
||||
public void setAuthDest(String authDest) {
|
||||
addPair(AUTH_DEST, authDest);
|
||||
}
|
||||
|
||||
public void setAuthSrc(String authSrc) {
|
||||
addPair(AUTH_SRC, authSrc);
|
||||
}
|
||||
|
||||
public void setAuthSrcUser(String authSrcUser) {
|
||||
addPair(AUTH_SRC_USER, authSrcUser);
|
||||
}
|
||||
|
||||
public void setAuthUser(String authUser) {
|
||||
addPair(AUTH_USER, authUser);
|
||||
}
|
||||
|
||||
public void setAuthAction(String authAction) {
|
||||
addPair(AUTH_ACTION, authAction);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,95 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class DnsEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// DNS protocol
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The DNS domain that has been queried.
|
||||
*/
|
||||
public static String DNS_DEST_DOMAIN = "dest_domain";
|
||||
/**
|
||||
* The remote DNS resource record being acted upon.
|
||||
*/
|
||||
public static String DNS_DEST_RECORD = "dest_record";
|
||||
/**
|
||||
* The DNS zone that is being received by the slave as part of a zone
|
||||
* transfer.
|
||||
*/
|
||||
public static String DNS_DEST_ZONE = "dest_zone";
|
||||
/**
|
||||
* The DNS resource record class.
|
||||
*/
|
||||
public static String DNS_RECORD_CLASS = "record_class";
|
||||
/**
|
||||
* The DNS resource record type.
|
||||
*
|
||||
* @see <a
|
||||
* href="https://secure.wikimedia.org/wikipedia/en/wiki/List_of_DNS_record_types">see
|
||||
* this Wikipedia article on DNS record types</a>
|
||||
*/
|
||||
public static String DNS_RECORD_TYPE = "record_type";
|
||||
/**
|
||||
* The local DNS domain that is being queried.
|
||||
*/
|
||||
public static String DNS_SRC_DOMAIN = "src_domain";
|
||||
/**
|
||||
* The local DNS resource record being acted upon.
|
||||
*/
|
||||
public static String DNS_SRC_RECORD = "src_record";
|
||||
/**
|
||||
* The DNS zone that is being transferred by the master as part of a zone
|
||||
* transfer.
|
||||
*/
|
||||
public static String DNS_SRC_ZONE = "src_zone";
|
||||
public void setDnsDestDomain(String dnsDestDomain) {
|
||||
addPair(DNS_DEST_DOMAIN, dnsDestDomain);
|
||||
}
|
||||
|
||||
public void setDnsDestRecord(String dnsDestRecord) {
|
||||
addPair(DNS_DEST_RECORD, dnsDestRecord);
|
||||
}
|
||||
|
||||
public void setDnsDestZone(String dnsDestZone) {
|
||||
addPair(DNS_DEST_ZONE, dnsDestZone);
|
||||
}
|
||||
|
||||
public void setDnsRecordClass(String dnsRecordClass) {
|
||||
addPair(DNS_RECORD_CLASS, dnsRecordClass);
|
||||
}
|
||||
|
||||
public void setDnsRecordType(String dnsRecordType) {
|
||||
addPair(DNS_RECORD_TYPE, dnsRecordType);
|
||||
}
|
||||
|
||||
public void setDnsSrcDomain(String dnsSrcDomain) {
|
||||
addPair(DNS_SRC_DOMAIN, dnsSrcDomain);
|
||||
}
|
||||
|
||||
public void setDnsSrcRecord(String dnsSrcRecord) {
|
||||
addPair(DNS_SRC_RECORD, dnsSrcRecord);
|
||||
}
|
||||
|
||||
public void setDnsSrcZone(String dnsSrcZone) {
|
||||
addPair(DNS_SRC_ZONE, dnsSrcZone);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,50 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class EmailEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Email tracking
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The person to whom an email is sent.
|
||||
*/
|
||||
public static String EMAIL_RECIPIENT = "recipient";
|
||||
/**
|
||||
* The person responsible for sending an email.
|
||||
*/
|
||||
public static String EMAIL_SENDER = "sender";
|
||||
/**
|
||||
* The email subject line.
|
||||
*/
|
||||
public static String EMAIL_SUBJECT = "subject";
|
||||
|
||||
public void setEmailRecipient(String emailRecipient) {
|
||||
addPair(EMAIL_RECIPIENT, emailRecipient);
|
||||
}
|
||||
|
||||
public void setEmailSender(String emailSender) {
|
||||
addPair(EMAIL_SENDER, emailSender);
|
||||
}
|
||||
|
||||
public void setEmailSubject(String emailSubject) {
|
||||
addPair(EMAIL_SUBJECT, emailSubject);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,117 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class EndpointProtectionEvent extends SplunkEvent {
|
||||
|
||||
// ----------------------------------
|
||||
// Change analysis - Endpoint protection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The action performed on the resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_ACTION = "action";
|
||||
/**
|
||||
* The type of change discovered in the change analysis event.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE = "change_type";
|
||||
/**
|
||||
* The host that was affected by the change. If your field is named
|
||||
* dest_host,dest_ip,dest_ipv6, or dest_nt_host you can alias it as dest to
|
||||
* make it CIM-compliant.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_DEST = "dest";
|
||||
/**
|
||||
* The hash signature of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_HASH = "hash";
|
||||
/**
|
||||
* The group ID of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_GID = "gid";
|
||||
/**
|
||||
* Indicates whether or not the modified resource is a directory.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_ISDR = "isdr";
|
||||
/**
|
||||
* The permissions mode of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_MODE = "mode";
|
||||
/**
|
||||
* The modification time of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_MODTIME = "modtime";
|
||||
/**
|
||||
* The file path of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_PATH = "path";
|
||||
/**
|
||||
* The size of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_SIZE = "size";
|
||||
/**
|
||||
* The user ID of the modified resource.
|
||||
*/
|
||||
public static String CHANGE_ENDPOINT_PROTECTION_UID = "uid";
|
||||
public void setChangeEndpointProtectionAction(String changeEndpointProtectionAction) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_ACTION, changeEndpointProtectionAction);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionChangeType(String changeEndpointProtectionChangeType) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_CHANGE_TYPE, changeEndpointProtectionChangeType);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionDest(String changeEndpointProtectionDest) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_DEST, changeEndpointProtectionDest);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionHash(String changeEndpointProtectionHash) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_HASH, changeEndpointProtectionHash);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionGid(long changeEndpointProtectionGid) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_GID, changeEndpointProtectionGid);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionIsdr(boolean changeEndpointProtectionIsdr) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_ISDR, changeEndpointProtectionIsdr);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionMode(long changeEndpointProtectionMode) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_MODE, changeEndpointProtectionMode);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionModtime(String changeEndpointProtectionModtime) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_MODTIME, changeEndpointProtectionModtime);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionPath(String changeEndpointProtectionPath) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_PATH, changeEndpointProtectionPath);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionSize(long changeEndpointProtectionSize) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_SIZE, changeEndpointProtectionSize);
|
||||
}
|
||||
|
||||
public void setChangeEndpointProtectionUid(long changeEndpointProtectionUid) {
|
||||
addPair(CHANGE_ENDPOINT_PROTECTION_UID, changeEndpointProtectionUid);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -0,0 +1,93 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class FileEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// File management
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The time the file (the object of the event) was accessed.
|
||||
*/
|
||||
public static String FILE_ACCESS_TIME = "file_access_time";
|
||||
/**
|
||||
* The time the file (the object of the event) was created.
|
||||
*/
|
||||
public static String FILE_CREATE_TIME = "file_create_time";
|
||||
/**
|
||||
* A cryptographic identifier assigned to the file object affected by the
|
||||
* event.
|
||||
*/
|
||||
public static String FILE_HASH = "file_hash";
|
||||
/**
|
||||
* The time the file (the object of the event) was altered.
|
||||
*/
|
||||
public static String FILE_MODIFY_TIME = "file_modify_time";
|
||||
/**
|
||||
* The name of the file that is the object of the event (without location
|
||||
* information related to local file or directory structure).
|
||||
*/
|
||||
public static String FILE_NAME = "file_name";
|
||||
/**
|
||||
* The location of the file that is the object of the event, in terms of
|
||||
* local file and directory structure.
|
||||
*/
|
||||
public static String FILE_PATH = "file_path";
|
||||
/**
|
||||
* Access controls associated with the file affected by the event.
|
||||
*/
|
||||
public static String FILE_PERMISSION = "file_permission";
|
||||
/**
|
||||
* The size of the file that is the object of the event. Indicate whether
|
||||
* Bytes, KB, MB, GB.
|
||||
*/
|
||||
public static String FILE_SIZE = "file_size";
|
||||
|
||||
public void setFileAccessTime(long fileAccessTime) {
|
||||
addPair(FILE_ACCESS_TIME, fileAccessTime);
|
||||
}
|
||||
|
||||
public void setFileCreateTime(long fileCreateTime) {
|
||||
addPair(FILE_CREATE_TIME, fileCreateTime);
|
||||
}
|
||||
|
||||
public void setFileHash(String fileHash) {
|
||||
addPair(FILE_HASH, fileHash);
|
||||
}
|
||||
|
||||
public void setFileModifyTime(long fileModifyTime) {
|
||||
addPair(FILE_MODIFY_TIME, fileModifyTime);
|
||||
}
|
||||
|
||||
public void setFileName(String fileName) {
|
||||
addPair(FILE_NAME, fileName);
|
||||
}
|
||||
|
||||
public void setFilePath(String filePath) {
|
||||
addPair(FILE_PATH, filePath);
|
||||
}
|
||||
|
||||
public void setFilePermission(String filePermission) {
|
||||
addPair(FILE_PERMISSION, filePermission);
|
||||
}
|
||||
|
||||
public void setFileSize(long fileSize) {
|
||||
addPair(FILE_SIZE, fileSize);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,126 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class IntrusionDetectionEvent extends SplunkEvent {
|
||||
|
||||
|
||||
// ----------------------------------
|
||||
// Intrusion detection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The category of the triggered signature.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_CATEGORY = "category";
|
||||
/**
|
||||
* The destination of the attack detected by the intrusion detection system
|
||||
* (IDS). If your field is named dest_host, dest_ip, dest_ipv6, or
|
||||
* dest_nt_host you can alias it as dest to make it CIM-compliant.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_DEST = "dest";
|
||||
/**
|
||||
* The device that detected the intrusion event.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_DVC = "dvc";
|
||||
/**
|
||||
* The type of IDS that generated the event.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_IDS_TYPE = "ids_type";
|
||||
/**
|
||||
* The product name of the vendor technology generating network protection
|
||||
* data, such as IDP, Providentia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_PRODUCT = "product";
|
||||
/**
|
||||
* The severity of the network protection event (such as critical, high,
|
||||
* medium, low, or informational).
|
||||
*
|
||||
* Note: This field is a string. Please use a severity_id field for severity
|
||||
* ID fields that are integer data types.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_SEVERITY = "severity";
|
||||
/**
|
||||
* The name of the intrusion detected on the client (the src), such as
|
||||
* PlugAndPlay_BO and JavaScript_Obfuscation_Fre.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_SIGNATURE = "signature";
|
||||
/**
|
||||
* The source involved in the attack detected by the IDS. If your field is
|
||||
* named src_host, src_ip, src_ipv6, or src_nt_host you can alias it as src
|
||||
* to make it CIM-compliant.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_SRC = "src";
|
||||
/**
|
||||
* The user involved with the intrusion detection event.
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_USER = "user";
|
||||
/**
|
||||
* The vendor technology used to generate network protection data, such as
|
||||
* IDP, Providentia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String INTRUSION_DETECTION_VENDOR = "vendor";
|
||||
public void setIntrusionDetectionCategory(String intrusionDetectionCategory) {
|
||||
addPair(INTRUSION_DETECTION_CATEGORY, intrusionDetectionCategory);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionDest(String intrusionDetectionDest) {
|
||||
addPair(INTRUSION_DETECTION_DEST, intrusionDetectionDest);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionDvc(String intrusionDetectionDvc) {
|
||||
addPair(INTRUSION_DETECTION_DVC, intrusionDetectionDvc);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionIdsType(String intrusionDetectionIdsType) {
|
||||
addPair(INTRUSION_DETECTION_IDS_TYPE, intrusionDetectionIdsType);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionProduct(String intrusionDetectionProduct) {
|
||||
addPair(INTRUSION_DETECTION_PRODUCT, intrusionDetectionProduct);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionSeverity(String intrusionDetectionSeverity) {
|
||||
addPair(INTRUSION_DETECTION_SEVERITY, intrusionDetectionSeverity);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionSignature(String intrusionDetectionSignature) {
|
||||
addPair(INTRUSION_DETECTION_SIGNATURE, intrusionDetectionSignature);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionSrc(String intrusionDetectionSrc) {
|
||||
addPair(INTRUSION_DETECTION_SRC, intrusionDetectionSrc);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionUser(String intrusionDetectionUser) {
|
||||
addPair(INTRUSION_DETECTION_USER, intrusionDetectionUser);
|
||||
}
|
||||
|
||||
public void setIntrusionDetectionVendor(String intrusionDetectionVendor) {
|
||||
addPair(INTRUSION_DETECTION_VENDOR, intrusionDetectionVendor);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,143 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class MalwareEndpointProtectionEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Malware - Endpoint protection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The outcome of the infection
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_ACTION = "action";
|
||||
/**
|
||||
* The NT domain of the destination (the dest_bestmatch).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN = "dest_nt_domain";
|
||||
/**
|
||||
* The cryptographic hash of the file associated with the malware event
|
||||
* (such as the malicious or infected file).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_FILE_HASH = "file_hash";
|
||||
/**
|
||||
* The name of the file involved in the malware event (such as the infected
|
||||
* or malicious file).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_FILE_NAME = "file_name";
|
||||
/**
|
||||
* The path of the file involved in the malware event (such as the infected
|
||||
* or malicious file).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_FILE_PATH = "file_path";
|
||||
/**
|
||||
* The product name of the vendor technology (the vendor field) that is
|
||||
* generating malware data (such as Antivirus or EPO).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT = "product";
|
||||
/**
|
||||
* The product version number of the vendor technology installed on the
|
||||
* client (such as 10.4.3 or 11.0.2).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION = "product_version";
|
||||
/**
|
||||
* The name of the malware infection detected on the client (the src), such
|
||||
* as Trojan.Vundo,Spyware.Gaobot,W32.Nimbda).
|
||||
*
|
||||
* Note: This field is a string. Please use a signature_id field for
|
||||
* signature ID fields that are integer data types.
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE = "signature";
|
||||
/**
|
||||
* The current signature definition set running on the client, such as
|
||||
* 11hsvx)
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION = "signature_version";
|
||||
/**
|
||||
* The target affected or infected by the malware. If your field is named
|
||||
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
|
||||
* to make it CIM-compliant.
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_DEST = "dest";
|
||||
/**
|
||||
* The NT domain of the source (the src).
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN = "src_nt_domain";
|
||||
/**
|
||||
* The name of the user involved in the malware event.
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_USER = "user";
|
||||
/**
|
||||
* The name of the vendor technology generating malware data, such as
|
||||
* Symantec or McAfee.
|
||||
*/
|
||||
public static String MALWARE_ENDPOINT_PROTECTION_VENDOR = "vendor";
|
||||
|
||||
public void setMalwareEndpointProtectionAction(String malwareEndpointProtectionAction) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_ACTION, malwareEndpointProtectionAction);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionDestNtDomain(String malwareEndpointProtectionDestNtDomain) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_DEST_NT_DOMAIN, malwareEndpointProtectionDestNtDomain);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionFileHash(String malwareEndpointProtectionFileHash) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_HASH, malwareEndpointProtectionFileHash);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionFileName(String malwareEndpointProtectionFileName) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_NAME, malwareEndpointProtectionFileName);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionFilePath(String malwareEndpointProtectionFilePath) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_FILE_PATH, malwareEndpointProtectionFilePath);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionProduct(String malwareEndpointProtectionProduct) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_PRODUCT, malwareEndpointProtectionProduct);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionProductVersion(String malwareEndpointProtectionProductVersion) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_PRODUCT_VERSION, malwareEndpointProtectionProductVersion);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionSignature(String malwareEndpointProtectionSignature) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_SIGNATURE, malwareEndpointProtectionSignature);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionSignatureVersion(String malwareEndpointProtectionSignatureVersion) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_SIGNATURE_VERSION, malwareEndpointProtectionSignatureVersion);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionDest(String malwareEndpointProtectionDest) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_DEST, malwareEndpointProtectionDest);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionSrcNtDomain(String malwareEndpointProtectionSrcNtDomain) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_SRC_NT_DOMAIN, malwareEndpointProtectionSrcNtDomain);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionUser(String malwareEndpointProtectionUser) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_USER, malwareEndpointProtectionUser);
|
||||
}
|
||||
|
||||
public void setMalwareEndpointProtectionVendor(String malwareEndpointProtectionVendor) {
|
||||
addPair(MALWARE_ENDPOINT_PROTECTION_VENDOR, malwareEndpointProtectionVendor);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,64 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class MalwareNetworkProtectionEvent extends SplunkEvent {
|
||||
|
||||
// ----------------------------------
|
||||
// Malware - Network protection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The product name of the vendor technology generating network protection
|
||||
* data, such as IDP, Proventia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String MALWARE_NETWORK_PROTECTION_PRODUCT = "product";
|
||||
/**
|
||||
* The severity of the network protection event (such as critical, high,
|
||||
* medium, low, or informational).
|
||||
*
|
||||
* Note: This field is a string. Please use a severity_id field for severity
|
||||
* ID fields that are integer data types.
|
||||
*/
|
||||
public static String MALWARE_NETWORK_PROTECTION_SEVERITY = "severity";
|
||||
/**
|
||||
* The vendor technology used to generate network protection data, such as
|
||||
* IDP, Proventia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String MALWARE_NETWORK_PROTECTION_VENDOR = "vendor";
|
||||
|
||||
public void setMalwareNetworkProtectionProduct(String malwareNetworkProtectionProduct) {
|
||||
addPair(MALWARE_NETWORK_PROTECTION_PRODUCT, malwareNetworkProtectionProduct);
|
||||
}
|
||||
|
||||
public void setMalwareNetworkProtectionSeverity(String malwareNetworkProtectionSeverity) {
|
||||
addPair(MALWARE_NETWORK_PROTECTION_SEVERITY, malwareNetworkProtectionSeverity);
|
||||
}
|
||||
|
||||
public void setMalwareNetworkProtectionVendor(String malwareNetworkProtectionVendor) {
|
||||
addPair(MALWARE_NETWORK_PROTECTION_VENDOR, malwareNetworkProtectionVendor);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,57 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class NetworkProtectionEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Change analysis - Network protection
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The type of change observed.
|
||||
*/
|
||||
public static String CHANGE_NETWORK_PROTECTION_ACTION = "action";
|
||||
/**
|
||||
* The command that initiated the change.
|
||||
*/
|
||||
public static String CHANGE_NETWORK_PROTECTION_COMMAND = "command";
|
||||
/**
|
||||
* The device that is directly affected by the change.
|
||||
*/
|
||||
public static String CHANGE_NETWORK_PROTECTION_DVC = "dvc";
|
||||
/**
|
||||
* The user that initiated the change.
|
||||
*/
|
||||
public static String CHANGE_NETWORK_PROTECTION_USER = "user";
|
||||
|
||||
public void setChangeNetworkProtectionAction(String changeNetworkProtectionAction) {
|
||||
addPair(CHANGE_NETWORK_PROTECTION_ACTION, changeNetworkProtectionAction);
|
||||
}
|
||||
|
||||
public void setChangeNetworkProtectionCommand(String changeNetworkProtectionCommand) {
|
||||
addPair(CHANGE_NETWORK_PROTECTION_COMMAND, changeNetworkProtectionCommand);
|
||||
}
|
||||
|
||||
public void setChangeNetworkProtectionDvc(String changeNetworkProtectionDvc) {
|
||||
addPair(CHANGE_NETWORK_PROTECTION_DVC, changeNetworkProtectionDvc);
|
||||
}
|
||||
|
||||
public void setChangeNetworkProtectionUser(String changeNetworkProtectionUser) {
|
||||
addPair(CHANGE_NETWORK_PROTECTION_USER, changeNetworkProtectionUser);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,76 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class NetworkTrafficEssEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Network traffic - ESS
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The action of the network traffic.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_ESS_ACTION = "action";
|
||||
/**
|
||||
* The destination port of the network traffic.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_ESS_DEST_PORT = "dest_port";
|
||||
/**
|
||||
* The product name of the vendor technology generating NetworkProtection
|
||||
* data, such as IDP, Proventia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_ESS_PRODUCT = "product";
|
||||
/**
|
||||
* The source port of the network traffic.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_ESS_SRC_PORT = "src_port";
|
||||
/**
|
||||
* The vendor technology used to generate NetworkProtection data, such as
|
||||
* IDP, Proventia, and ASA.
|
||||
*
|
||||
* Note: Required for all events dealing with network protection (Change
|
||||
* analysis, proxy, malware, intrusion detection, packet filtering, and
|
||||
* vulnerability).
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_ESS_VENDOR = "vendor";
|
||||
|
||||
public void setNetworkTrafficEssAction(String networkTrafficEssAction) {
|
||||
addPair(NETWORK_TRAFFIC_ESS_ACTION, networkTrafficEssAction);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficEssDestPort(int networkTrafficEssDestPort) {
|
||||
addPair(NETWORK_TRAFFIC_ESS_DEST_PORT, networkTrafficEssDestPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficEssProduct(String networkTrafficEssProduct) {
|
||||
addPair(NETWORK_TRAFFIC_ESS_PRODUCT, networkTrafficEssProduct);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficEssSrcPort(int networkTrafficEssSrcPort) {
|
||||
addPair(NETWORK_TRAFFIC_ESS_SRC_PORT, networkTrafficEssSrcPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficEssVendor(String networkTrafficEssVendor) {
|
||||
addPair(NETWORK_TRAFFIC_ESS_VENDOR, networkTrafficEssVendor);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,438 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class NetworkTrafficGenericEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Network traffic - Generic
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The ISO layer 7 (application layer) protocol, such as HTTP, HTTPS, SSH,
|
||||
* and IMAP.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_APP_LAYER = "app_layer";
|
||||
/**
|
||||
* How many bytes this device/interface received.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_BYTES_IN = "bytes_in";
|
||||
/**
|
||||
* How many bytes this device/interface transmitted.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_BYTES_OUT = "bytes_out";
|
||||
/**
|
||||
* 802.11 channel number used by a wireless network.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_CHANNEL = "channel";
|
||||
/**
|
||||
* The Common Vulnerabilities and Exposures (CVE) reference value.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_CVE = "cve";
|
||||
/**
|
||||
* The destination application being targeted.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_APP = "dest_app";
|
||||
/**
|
||||
* The destination command and control service channel.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL = "dest_cnc_channel";
|
||||
/**
|
||||
* The destination command and control service name.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME = "dest_cnc_name";
|
||||
/**
|
||||
* The destination command and control service port.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT = "dest_cnc_port";
|
||||
/**
|
||||
* The country associated with a packet's recipient.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY = "dest_country";
|
||||
/**
|
||||
* The fully qualified host name of a packet's recipient. For HTTP sessions,
|
||||
* this is the host header.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_HOST = "dest_host";
|
||||
/**
|
||||
* The interface that is listening remotely or receiving packets locally.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_INT = "dest_int";
|
||||
/**
|
||||
* The IPv4 address of a packet's recipient.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_IP = "dest_ip";
|
||||
/**
|
||||
* The IPv6 address of a packet's recipient.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_IPV6 = "dest_ipv6";
|
||||
/**
|
||||
* The (physical) latitude of a packet's destination.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_LAT = "dest_lat";
|
||||
/**
|
||||
* The (physical) longitude of a packet's destination.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_LONG = "dest_long";
|
||||
/**
|
||||
* The destination TCP/IP layer 2 Media Access Control (MAC) address of a
|
||||
* packet's destination.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_MAC = "dest_mac";
|
||||
/**
|
||||
* The Windows NT domain containing a packet's destination.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN = "dest_nt_domain";
|
||||
/**
|
||||
* The Windows NT host name of a packet's destination.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST = "dest_nt_host";
|
||||
/**
|
||||
* TCP/IP port to which a packet is being sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_PORT = "dest_port";
|
||||
/**
|
||||
* The NATed IPv4 address to which a packet has been sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP = "dest_translated_ip";
|
||||
/**
|
||||
* The NATed port to which a packet has been sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT = "dest_translated_port";
|
||||
/**
|
||||
* The numbered Internet Protocol version.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_IP_VERSION = "ip_version";
|
||||
/**
|
||||
* The network interface through which a packet was transmitted.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE = "outbound_interface";
|
||||
/**
|
||||
* How many packets this device/interface received.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_PACKETS_IN = "packets_in";
|
||||
/**
|
||||
* How many packets this device/interface transmitted.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_PACKETS_OUT = "packets_out";
|
||||
/**
|
||||
* The OSI layer 3 (Network Layer) protocol, such as IPv4/IPv6, ICMP, IPsec,
|
||||
* IGMP or RIP.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_PROTO = "proto";
|
||||
/**
|
||||
* The session identifier. Multiple transactions build a session.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SESSION_ID = "session_id";
|
||||
/**
|
||||
* The 802.11 service set identifier (ssid) assigned to a wireless session.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SSID = "ssid";
|
||||
/**
|
||||
* The country from which the packet was sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY = "src_country";
|
||||
/**
|
||||
* The fully qualified host name of the system that transmitted the packet.
|
||||
* For Web logs, this is the HTTP client.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_HOST = "src_host";
|
||||
/**
|
||||
* The interface that is listening locally or sending packets remotely.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_INT = "src_int";
|
||||
/**
|
||||
* The IPv4 address of the packet's source. For Web logs, this is the http
|
||||
* client.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_IP = "src_ip";
|
||||
/**
|
||||
* The IPv6 address of the packet's source.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_IPV6 = "src_ipv6";
|
||||
/**
|
||||
* The (physical) latitude of the packet's source.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_LAT = "src_lat";
|
||||
/**
|
||||
* The (physical) longitude of the packet's source.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_LONG = "src_long";
|
||||
/**
|
||||
* The Media Access Control (MAC) address from which a packet was
|
||||
* transmitted.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_MAC = "src_mac";
|
||||
/**
|
||||
* The Windows NT domain containing the machines that generated the event.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN = "src_nt_domain";
|
||||
/**
|
||||
* The Windows NT hostname of the system that generated the event.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST = "src_nt_host";
|
||||
/**
|
||||
* The network port from which a packet originated.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_PORT = "src_port";
|
||||
/**
|
||||
* The NATed IPv4 address from which a packet has been sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP = "src_translated_ip";
|
||||
/**
|
||||
* The NATed network port from which a packet has been sent.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT = "src_translated_port";
|
||||
/**
|
||||
* The application, process, or OS subsystem that generated the event.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_ID = "syslog_id";
|
||||
/**
|
||||
* The criticality of an event, as recorded by UNIX syslog.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY = "syslog_priority";
|
||||
/**
|
||||
* The TCP flag(s) specified in the event.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_TCP_FLAG = "tcp_flag";
|
||||
/**
|
||||
* The hex bit that specifies TCP 'type of service'
|
||||
*
|
||||
* @see <a href="http://en.wikipedia.org/wiki/Type_of_Service">Type of
|
||||
* Service</a>
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_TOS = "tos";
|
||||
/**
|
||||
* The transport protocol.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_TRANSPORT = "transport";
|
||||
/**
|
||||
* The "time to live" of a packet or datagram.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_TTL = "ttl";
|
||||
/**
|
||||
* The numeric identifier assigned to the virtual local area network (VLAN)
|
||||
* specified in the record.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_VLAN_ID = "vlan_id";
|
||||
/**
|
||||
* The name assigned to the virtual local area network (VLAN) specified in
|
||||
* the record.
|
||||
*/
|
||||
public static String NETWORK_TRAFFIC_GENERIC_VLAN_NAME = "vlan_name";
|
||||
|
||||
public void setNetworkTrafficGenericAppLayer(String networkTrafficGenericAppLayer) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_APP_LAYER, networkTrafficGenericAppLayer);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericBytesIn(long networkTrafficGenericBytesIn) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_BYTES_IN, networkTrafficGenericBytesIn);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericBytesOut(long networkTrafficGenericBytesOut) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_BYTES_OUT, networkTrafficGenericBytesOut);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericChannel(String networkTrafficGenericChannel) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_CHANNEL, networkTrafficGenericChannel);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericCve(String networkTrafficGenericCve) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_CVE, networkTrafficGenericCve);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestApp(String networkTrafficGenericDestApp) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_APP, networkTrafficGenericDestApp);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestCncChannel(String networkTrafficGenericDestCncChannel) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_CHANNEL, networkTrafficGenericDestCncChannel);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestCncName(String networkTrafficGenericDestCncName) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_NAME, networkTrafficGenericDestCncName);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestCncPort(String networkTrafficGenericDestCncPort) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_CNC_PORT, networkTrafficGenericDestCncPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestCountry(String networkTrafficGenericDestCountry) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_COUNTRY, networkTrafficGenericDestCountry);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestHost(String networkTrafficGenericDestHost) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_HOST, networkTrafficGenericDestHost);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestInt(String networkTrafficGenericDestInt) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_INT, networkTrafficGenericDestInt);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestIp(String networkTrafficGenericDestIp) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_IP, networkTrafficGenericDestIp);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestIpv6(String networkTrafficGenericDestIpv6) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_IPV6, networkTrafficGenericDestIpv6);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestLat(int networkTrafficGenericDestLat) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_LAT, networkTrafficGenericDestLat);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestLong(int networkTrafficGenericDestLong) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_LONG, networkTrafficGenericDestLong);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestMac(String networkTrafficGenericDestMac) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_MAC, networkTrafficGenericDestMac);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestNtDomain(String networkTrafficGenericDestNtDomain) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_NT_DOMAIN, networkTrafficGenericDestNtDomain);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestNtHost(String networkTrafficGenericDestNtHost) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_NT_HOST, networkTrafficGenericDestNtHost);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestPort(int networkTrafficGenericDestPort) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_PORT, networkTrafficGenericDestPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestTranslatedIp(String networkTrafficGenericDestTranslatedIp) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_IP, networkTrafficGenericDestTranslatedIp);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericDestTranslatedPort(int networkTrafficGenericDestTranslatedPort) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_DEST_TRANSLATED_PORT, networkTrafficGenericDestTranslatedPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericIpVersion(int networkTrafficGenericIpVersion) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_IP_VERSION, networkTrafficGenericIpVersion);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericOutboundInterface(String networkTrafficGenericOutboundInterface) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_OUTBOUND_INTERFACE, networkTrafficGenericOutboundInterface);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericPacketsIn(long networkTrafficGenericPacketsIn) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_PACKETS_IN, networkTrafficGenericPacketsIn);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericPacketsOut(long networkTrafficGenericPacketsOut) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_PACKETS_OUT, networkTrafficGenericPacketsOut);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericProto(String networkTrafficGenericProto) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_PROTO, networkTrafficGenericProto);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSessionId(String networkTrafficGenericSessionId) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SESSION_ID, networkTrafficGenericSessionId);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSsid(String networkTrafficGenericSsid) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SSID, networkTrafficGenericSsid);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcCountry(String networkTrafficGenericSrcCountry) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_COUNTRY, networkTrafficGenericSrcCountry);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcHost(String networkTrafficGenericSrcHost) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_HOST, networkTrafficGenericSrcHost);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcInt(String networkTrafficGenericSrcInt) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_INT, networkTrafficGenericSrcInt);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcIp(String networkTrafficGenericSrcIp) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_IP, networkTrafficGenericSrcIp);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcIpv6(String networkTrafficGenericSrcIpv6) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_IPV6, networkTrafficGenericSrcIpv6);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcLat(int networkTrafficGenericSrcLat) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_LAT, networkTrafficGenericSrcLat);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcLong(int networkTrafficGenericSrcLong) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_LONG, networkTrafficGenericSrcLong);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcMac(String networkTrafficGenericSrcMac) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_MAC, networkTrafficGenericSrcMac);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcNtDomain(String networkTrafficGenericSrcNtDomain) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_NT_DOMAIN, networkTrafficGenericSrcNtDomain);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcNtHost(String networkTrafficGenericSrcNtHost) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_NT_HOST, networkTrafficGenericSrcNtHost);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcPort(int networkTrafficGenericSrcPort) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_PORT, networkTrafficGenericSrcPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcTranslatedIp(String networkTrafficGenericSrcTranslatedIp) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_IP, networkTrafficGenericSrcTranslatedIp);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSrcTranslatedPort(int networkTrafficGenericSrcTranslatedPort) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SRC_TRANSLATED_PORT, networkTrafficGenericSrcTranslatedPort);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSyslogId(String networkTrafficGenericSyslogId) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SYSLOG_ID, networkTrafficGenericSyslogId);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericSyslogPriority(String networkTrafficGenericSyslogPriority) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_SYSLOG_PRIORITY, networkTrafficGenericSyslogPriority);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericTcpFlag(String networkTrafficGenericTcpFlag) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_TCP_FLAG, networkTrafficGenericTcpFlag);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericTos(String networkTrafficGenericTos) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_TOS, networkTrafficGenericTos);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericTransport(String networkTrafficGenericTransport) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_TRANSPORT, networkTrafficGenericTransport);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericTtl(int networkTrafficGenericTtl) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_TTL, networkTrafficGenericTtl);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericVlanId(long networkTrafficGenericVlanId) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_VLAN_ID, networkTrafficGenericVlanId);
|
||||
}
|
||||
|
||||
public void setNetworkTrafficGenericVlanName(String networkTrafficGenericVlanName) {
|
||||
addPair(NETWORK_TRAFFIC_GENERIC_VLAN_NAME, networkTrafficGenericVlanName);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class PacketFilterEvent extends SplunkEvent {
|
||||
|
||||
// ----------------------------------
|
||||
// Packet filtering
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The action the filtering device (the dvc_bestmatch field) performed on
|
||||
* the communication.
|
||||
*/
|
||||
public static String PACKET_FILTERING_ACTION = "action";
|
||||
/**
|
||||
* The IP port of the packet's destination, such as 22.
|
||||
*/
|
||||
public static String PACKET_FILTERING_DEST_PORT = "dest_port";
|
||||
/**
|
||||
* The direction the packet is traveling.
|
||||
*/
|
||||
public static String PACKET_FILTERING_DIRECTION = "direction";
|
||||
/**
|
||||
* The name of the packet filtering device. If your field is named dvc_host,
|
||||
* dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.
|
||||
*/
|
||||
public static String PACKET_FILTERING_DVC = "dvc";
|
||||
/**
|
||||
* The rule which took action on the packet, such as 143.
|
||||
*/
|
||||
public static String PACKET_FILTERING_RULE = "rule";
|
||||
/**
|
||||
* The IP port of the packet's source, such as 34541.
|
||||
*/
|
||||
public static String PACKET_FILTERING_SVC_PORT = "svc_port";
|
||||
public void setPacketFilteringAction(String packetFilteringAction) {
|
||||
addPair(PACKET_FILTERING_ACTION, packetFilteringAction);
|
||||
}
|
||||
|
||||
public void setPacketFilteringDestPort(int packetFilteringDestPort) {
|
||||
addPair(PACKET_FILTERING_DEST_PORT, packetFilteringDestPort);
|
||||
}
|
||||
|
||||
public void setPacketFilteringDirection(String packetFilteringDirection) {
|
||||
addPair(PACKET_FILTERING_DIRECTION, packetFilteringDirection);
|
||||
}
|
||||
|
||||
public void setPacketFilteringDvc(String packetFilteringDvc) {
|
||||
addPair(PACKET_FILTERING_DVC, packetFilteringDvc);
|
||||
}
|
||||
|
||||
public void setPacketFilteringRule(String packetFilteringRule) {
|
||||
addPair(PACKET_FILTERING_RULE, packetFilteringRule);
|
||||
}
|
||||
|
||||
public void setPacketFilteringSvcPort(int packetFilteringSvcPort) {
|
||||
addPair(PACKET_FILTERING_SVC_PORT, packetFilteringSvcPort);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,133 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class ProxyEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Proxy
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The action taken by the proxy.
|
||||
*/
|
||||
public static String PROXY_ACTION = "action";
|
||||
/**
|
||||
* The destination of the network traffic (the remote host).
|
||||
*/
|
||||
public static String PROXY_DEST = "dest";
|
||||
/**
|
||||
* The content-type of the requested HTTP resource.
|
||||
*/
|
||||
public static String PROXY_HTTP_CONTENT_TYPE = "http_content_type";
|
||||
/**
|
||||
* The HTTP method used to request the resource.
|
||||
*/
|
||||
public static String PROXY_HTTP_METHOD = "http_method";
|
||||
/**
|
||||
* The HTTP referrer used to request the HTTP resource.
|
||||
*/
|
||||
public static String PROXY_HTTP_REFER = "http_refer";
|
||||
/**
|
||||
* The HTTP response code.
|
||||
*/
|
||||
public static String PROXY_HTTP_RESPONSE = "http_response";
|
||||
/**
|
||||
* The user agent used to request the HTTP resource.
|
||||
*/
|
||||
public static String PROXY_HTTP_USER_AGENT = "http_user_agent";
|
||||
/**
|
||||
* The product name of the vendor technology generating Network Protection
|
||||
* data, such as IDP, Providentia, and ASA.
|
||||
*/
|
||||
public static String PROXY_PRODUCT = "product";
|
||||
/**
|
||||
* The source of the network traffic (the client requesting the connection).
|
||||
*/
|
||||
public static String PROXY_SRC = "src";
|
||||
/**
|
||||
* The HTTP response code indicating the status of the proxy request.
|
||||
*/
|
||||
public static String PROXY_STATUS = "status";
|
||||
/**
|
||||
* The user that requested the HTTP resource.
|
||||
*/
|
||||
public static String PROXY_USER = "user";
|
||||
/**
|
||||
* The URL of the requested HTTP resource.
|
||||
*/
|
||||
public static String PROXY_URL = "url";
|
||||
/**
|
||||
* The vendor technology generating Network Protection data, such as IDP,
|
||||
* Providentia, and ASA.
|
||||
*/
|
||||
public static String PROXY_VENDOR = "vendor";
|
||||
|
||||
|
||||
public void setProxyAction(String proxyAction) {
|
||||
addPair(PROXY_ACTION, proxyAction);
|
||||
}
|
||||
|
||||
public void setProxyDest(String proxyDest) {
|
||||
addPair(PROXY_DEST, proxyDest);
|
||||
}
|
||||
|
||||
public void setProxyHttpContentType(String proxyHttpContentType) {
|
||||
addPair(PROXY_HTTP_CONTENT_TYPE, proxyHttpContentType);
|
||||
}
|
||||
|
||||
public void setProxyHttpMethod(String proxyHttpMethod) {
|
||||
addPair(PROXY_HTTP_METHOD, proxyHttpMethod);
|
||||
}
|
||||
|
||||
public void setProxyHttpRefer(String proxyHttpRefer) {
|
||||
addPair(PROXY_HTTP_REFER, proxyHttpRefer);
|
||||
}
|
||||
|
||||
public void setProxyHttpResponse(int proxyHttpResponse) {
|
||||
addPair(PROXY_HTTP_RESPONSE, proxyHttpResponse);
|
||||
}
|
||||
|
||||
public void setProxyHttpUserAgent(String proxyHttpUserAgent) {
|
||||
addPair(PROXY_HTTP_USER_AGENT, proxyHttpUserAgent);
|
||||
}
|
||||
|
||||
public void setProxyProduct(String proxyProduct) {
|
||||
addPair(PROXY_PRODUCT, proxyProduct);
|
||||
}
|
||||
|
||||
public void setProxySrc(String proxySrc) {
|
||||
addPair(PROXY_SRC, proxySrc);
|
||||
}
|
||||
|
||||
public void setProxyStatus(int proxyStatus) {
|
||||
addPair(PROXY_STATUS, proxyStatus);
|
||||
}
|
||||
|
||||
public void setProxyUser(String proxyUser) {
|
||||
addPair(PROXY_USER, proxyUser);
|
||||
}
|
||||
|
||||
public void setProxyUrl(String proxyUrl) {
|
||||
addPair(PROXY_URL, proxyUrl);
|
||||
}
|
||||
|
||||
public void setProxyVendor(String proxyVendor) {
|
||||
addPair(PROXY_VENDOR, proxyVendor);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,567 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Date;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.commons.lang.time.FastDateFormat;
|
||||
|
||||
/**
|
||||
* Splunk data entity
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author Damien Dallimore damien@dtdsoftware.com
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
|
||||
@SuppressWarnings("serial")
|
||||
public class SplunkEvent implements Serializable {
|
||||
|
||||
private Map<String, String> eventData;
|
||||
|
||||
/**
|
||||
* Contents of the event message
|
||||
*/
|
||||
private StringBuffer eventMessage;
|
||||
|
||||
/**
|
||||
* Whether or not to put quotes around values
|
||||
*/
|
||||
protected boolean quoteValues = true;
|
||||
|
||||
/**
|
||||
* Whether or not to add a date to the event string
|
||||
*/
|
||||
protected boolean useInternalDate = true;
|
||||
|
||||
/**
|
||||
* default key value delimiter
|
||||
*/
|
||||
protected static final String KVDELIM = "=";
|
||||
/**
|
||||
* default pair delimiter
|
||||
*/
|
||||
protected static final String PAIRDELIM = " ";
|
||||
/**
|
||||
* default quote char
|
||||
*/
|
||||
protected static final char QUOTE = '"';
|
||||
/**
|
||||
* default date format is using internal generated date
|
||||
*/
|
||||
protected static final String DATEFORMATPATTERN = "yyyy-MM-dd HH:mm:ss:SSSZ";
|
||||
/**
|
||||
* Date Formatter instance
|
||||
*/
|
||||
protected static FastDateFormat DATEFORMATTER = FastDateFormat.getInstance(DATEFORMATPATTERN);
|
||||
|
||||
/**
|
||||
* Event prefix fields
|
||||
*/
|
||||
protected static final String PREFIX_NAME = "name";
|
||||
protected static final String PREFIX_EVENT_ID = "event_id";
|
||||
|
||||
/**
|
||||
* Java Throwable type fields
|
||||
*/
|
||||
protected static final String THROWABLE_CLASS = "throwable_class";
|
||||
protected static final String THROWABLE_MESSAGE = "throwable_message";
|
||||
protected static final String THROWABLE_STACKTRACE_ELEMENTS = "stacktrace_elements";
|
||||
|
||||
protected static final String LINEBREAK = "\n";
|
||||
|
||||
// ----------------------------------
|
||||
// Common event fields
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* A device-specific classification provided as part of the event.
|
||||
*/
|
||||
public static String COMMON_CATEGORY = "category";
|
||||
/**
|
||||
* A device-specific classification provided as part of the event.
|
||||
*/
|
||||
public static String COMMON_COUNT = "count";
|
||||
/**
|
||||
* The free-form description of a particular event.
|
||||
*/
|
||||
public static String COMMON_DESC = "desc";
|
||||
/**
|
||||
* The name of a given DHCP pool on a DHCP server.
|
||||
*/
|
||||
public static String COMMON_DHCP_POOL = "dhcp_pool";
|
||||
/**
|
||||
* The amount of time the event lasted.
|
||||
*/
|
||||
public static String COMMON_DURATION = "duration";
|
||||
/**
|
||||
* The fully qualified domain name of the device transmitting or recording
|
||||
* the log record.
|
||||
*/
|
||||
public static String COMMON_DVC_HOST = "dvc_host";
|
||||
/**
|
||||
* The IPv4 address of the device reporting the event.
|
||||
*/
|
||||
public static String COMMON_DVC_IP = "dvc_ip";
|
||||
/**
|
||||
* The IPv6 address of the device reporting the event.
|
||||
*/
|
||||
public static String COMMON_DVC_IP6 = "dvc_ip6";
|
||||
/**
|
||||
* The free-form description of the device's physical location.
|
||||
*/
|
||||
public static String COMMON_DVC_LOCATION = "dvc_location";
|
||||
/**
|
||||
* The MAC (layer 2) address of the device reporting the event.
|
||||
*/
|
||||
public static String COMMON_DVC_MAC = "dvc_mac";
|
||||
/**
|
||||
* The Windows NT domain of the device recording or transmitting the event.
|
||||
*/
|
||||
public static String COMMON_DVC_NT_DOMAIN = "dvc_nt_domain";
|
||||
/**
|
||||
* The Windows NT host name of the device recording or transmitting the
|
||||
* event.
|
||||
*/
|
||||
public static String COMMON_DVC_NT_HOST = "dvc_nt_host";
|
||||
/**
|
||||
* Time at which the device recorded the event.
|
||||
*/
|
||||
public static String COMMON_DVC_TIME = "dvc_time";
|
||||
/**
|
||||
* The event's specified end time.
|
||||
*/
|
||||
public static String COMMON_END_TIME = "end_time";
|
||||
/**
|
||||
* A unique identifier that identifies the event. This is unique to the
|
||||
* reporting device.
|
||||
*/
|
||||
public static String COMMON_EVENT_ID = "event_id";
|
||||
/**
|
||||
* The length of the datagram, event, message, or packet.
|
||||
*/
|
||||
public static String COMMON_LENGTH = "length";
|
||||
/**
|
||||
* The log-level that was set on the device and recorded in the event.
|
||||
*/
|
||||
public static String COMMON_LOG_LEVEL = "log_level";
|
||||
/**
|
||||
* The name of the event as reported by the device. The name should not
|
||||
* contain information that's already being parsed into other fields from
|
||||
* the event, such as IP addresses.
|
||||
*/
|
||||
public static String COMMON_NAME = "name";
|
||||
/**
|
||||
* An integer assigned by the device operating system to the process
|
||||
* creating the record.
|
||||
*/
|
||||
public static String COMMON_PID = "pid";
|
||||
/**
|
||||
* An environment-specific assessment of the event's importance, based on
|
||||
* elements such as event severity, business function of the affected
|
||||
* system, or other locally defined variables.
|
||||
*/
|
||||
public static String COMMON_PRIORITY = "priority";
|
||||
/**
|
||||
* The product that generated the event.
|
||||
*/
|
||||
public static String COMMON_PRODUCT = "product";
|
||||
/**
|
||||
* The version of the product that generated the event.
|
||||
*/
|
||||
public static String COMMON_PRODUCT_VERSION = "product_version";
|
||||
/**
|
||||
* The result root cause, such as connection refused, timeout, crash, and so
|
||||
* on.
|
||||
*/
|
||||
public static String COMMON_REASON = "reason";
|
||||
/**
|
||||
* The action result. Often is a binary choice: succeeded and failed,
|
||||
* allowed and denied, and so on.
|
||||
*/
|
||||
public static String COMMON_RESULT = "result";
|
||||
/**
|
||||
* The severity (or priority) of an event as reported by the originating
|
||||
* device.
|
||||
*/
|
||||
public static String COMMON_SEVERITY = "severity";
|
||||
/**
|
||||
* The event's specified start time.
|
||||
*/
|
||||
public static String COMMON_START_TIME = "start_time";
|
||||
/**
|
||||
* The transaction identifier.
|
||||
*/
|
||||
public static String COMMON_TRANSACTION_ID = "transaction_id";
|
||||
/**
|
||||
* A uniform record locator (a web address, in other words) included in a
|
||||
* record.
|
||||
*/
|
||||
public static String COMMON_URL = "url";
|
||||
/**
|
||||
* The vendor who made the product that generated the event.
|
||||
*/
|
||||
public static String COMMON_VENDOR = "vendor";
|
||||
// ----------------------------------
|
||||
// Update
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The name of the installed update.
|
||||
*/
|
||||
public static String UPDATE_PACKAGE = "package";
|
||||
|
||||
|
||||
public SplunkEvent(Map<String, String> data) {
|
||||
this.eventMessage = new StringBuffer();
|
||||
this.eventData = data;
|
||||
for (String key : data.keySet()) {
|
||||
this.addPair(key, data.get(key));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param eventName
|
||||
* the event name
|
||||
* @param eventID
|
||||
* the event id
|
||||
* @param useInternalDate
|
||||
* Whether or not to add a date to the event string
|
||||
* @param quoteValues
|
||||
* Whether or not to put quotes around values
|
||||
*/
|
||||
public SplunkEvent(String eventName, String eventID, boolean useInternalDate, boolean quoteValues) {
|
||||
|
||||
this.eventMessage = new StringBuffer();
|
||||
this.quoteValues = quoteValues;
|
||||
this.useInternalDate = useInternalDate;
|
||||
|
||||
addPair(PREFIX_NAME, eventName);
|
||||
addPair(PREFIX_EVENT_ID, eventID);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor.Will add internally generated date and put quotes around
|
||||
* values.
|
||||
*
|
||||
* @param eventName
|
||||
* the event name
|
||||
* @param eventID
|
||||
* the event ID
|
||||
*/
|
||||
public SplunkEvent(String eventName, String eventID) {
|
||||
|
||||
this(eventName, eventID, true, true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Default constructor
|
||||
*/
|
||||
public SplunkEvent() {
|
||||
this.eventMessage = new StringBuffer();
|
||||
}
|
||||
|
||||
/**
|
||||
* Simple shallow cloning method
|
||||
*/
|
||||
public SplunkEvent clone() {
|
||||
SplunkEvent clone = new SplunkEvent();
|
||||
clone.quoteValues = this.quoteValues;
|
||||
clone.useInternalDate = this.useInternalDate;
|
||||
clone.eventMessage.append(this.eventMessage);
|
||||
|
||||
return clone;
|
||||
}
|
||||
|
||||
|
||||
public Map<String, String> getEventData() {
|
||||
return eventData;
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, char value) {
|
||||
addPair(key, String.valueOf(value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, boolean value) {
|
||||
addPair(key, String.valueOf(value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, double value) {
|
||||
addPair(key, String.valueOf(value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, long value) {
|
||||
addPair(key, String.valueOf(value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, int value) {
|
||||
addPair(key, String.valueOf(value));
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, Object value) {
|
||||
addPair(key, value.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility method for formatting Throwable,Error,Exception objects in a more
|
||||
* linear and Splunk friendly manner than printStackTrace
|
||||
*
|
||||
* @param throwable
|
||||
* the Throwable object to add to the event
|
||||
*/
|
||||
public void addThrowable(Throwable throwable) {
|
||||
|
||||
addThrowableObject(throwable, -1);
|
||||
}
|
||||
|
||||
/**
|
||||
* Utility method for formatting Throwable,Error,Exception objects in a more
|
||||
* linear and Splunk friendly manner than printStackTrace
|
||||
*
|
||||
* @param throwable
|
||||
* the Throwable object to add to the event
|
||||
* @param stackTraceDepth
|
||||
* maximum number of stacktrace elements to log
|
||||
*/
|
||||
public void addThrowable(Throwable throwable, int stackTraceDepth) {
|
||||
|
||||
addThrowableObject(throwable, stackTraceDepth);
|
||||
}
|
||||
|
||||
/**
|
||||
* Internal private method for formatting Throwable,Error,Exception objects
|
||||
* in a more linear and Splunk friendly manner than printStackTrace
|
||||
*
|
||||
* @param throwable
|
||||
* the Throwable object to add to the event
|
||||
* @param stackTraceDepth
|
||||
* maximum number of stacktrace elements to log, -1 for all
|
||||
*/
|
||||
|
||||
private void addThrowableObject(Throwable throwable, int stackTraceDepth) {
|
||||
|
||||
addPair(THROWABLE_CLASS, throwable.getClass().getCanonicalName());
|
||||
addPair(THROWABLE_MESSAGE, throwable.getMessage());
|
||||
StackTraceElement[] elements = throwable.getStackTrace();
|
||||
StringBuffer sb = new StringBuffer();
|
||||
int depth = 0;
|
||||
for (StackTraceElement element : elements) {
|
||||
depth++;
|
||||
if (stackTraceDepth == -1 || stackTraceDepth >= depth)
|
||||
sb.append(element.toString()).append(",");
|
||||
else
|
||||
break;
|
||||
|
||||
}
|
||||
addPair(THROWABLE_STACKTRACE_ELEMENTS, sb.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* Add a key value pair
|
||||
*
|
||||
* @param key
|
||||
* @param value
|
||||
*/
|
||||
public void addPair(String key, String value) {
|
||||
|
||||
if (quoteValues)
|
||||
this.eventMessage.append(key).append(KVDELIM).append(QUOTE).append(value).append(QUOTE).append(PAIRDELIM);
|
||||
else
|
||||
this.eventMessage.append(key).append(KVDELIM).append(value).append(PAIRDELIM);
|
||||
|
||||
}
|
||||
|
||||
@Override
|
||||
/**
|
||||
* return the completed event message
|
||||
*/
|
||||
public String toString() {
|
||||
|
||||
String event = "";
|
||||
|
||||
if (useInternalDate) {
|
||||
StringBuffer clonedMessage = new StringBuffer();
|
||||
clonedMessage.append(DATEFORMATTER.format(new Date())).append(PAIRDELIM).append(this.eventMessage);
|
||||
event = clonedMessage.toString();
|
||||
}
|
||||
else
|
||||
event = eventMessage.toString();
|
||||
// trim off trailing pair delim char(s)
|
||||
String result = event.substring(0, event.length() - PAIRDELIM.length()) + LINEBREAK;
|
||||
return result;
|
||||
}
|
||||
|
||||
public void setCommonCategory(String commonCategory) {
|
||||
addPair(COMMON_CATEGORY, commonCategory);
|
||||
}
|
||||
|
||||
public void setCommonCount(String commonCount) {
|
||||
addPair(COMMON_COUNT, commonCount);
|
||||
}
|
||||
|
||||
public void setCommonDesc(String commonDesc) {
|
||||
addPair(COMMON_DESC, commonDesc);
|
||||
}
|
||||
|
||||
public void setCommonDhcpPool(String commonDhcpPool) {
|
||||
addPair(COMMON_DHCP_POOL, commonDhcpPool);
|
||||
}
|
||||
|
||||
public void setCommonDuration(long commonDuration) {
|
||||
addPair(COMMON_DURATION, commonDuration);
|
||||
}
|
||||
|
||||
public void setCommonDvcHost(String commonDvcHost) {
|
||||
addPair(COMMON_DVC_HOST, commonDvcHost);
|
||||
}
|
||||
|
||||
public void setCommonDvcIp(String commonDvcIp) {
|
||||
addPair(COMMON_DVC_IP, commonDvcIp);
|
||||
}
|
||||
|
||||
public void setCommonDvcIp6(String commonDvcIp6) {
|
||||
addPair(COMMON_DVC_IP6, commonDvcIp6);
|
||||
}
|
||||
|
||||
public void setCommonDvcLocation(String commonDvcLocation) {
|
||||
addPair(COMMON_DVC_LOCATION, commonDvcLocation);
|
||||
}
|
||||
|
||||
public void setCommonDvcMac(String commonDvcMac) {
|
||||
addPair(COMMON_DVC_MAC, commonDvcMac);
|
||||
}
|
||||
|
||||
public void setCommonDvcNtDomain(String commonDvcNtDomain) {
|
||||
addPair(COMMON_DVC_NT_DOMAIN, commonDvcNtDomain);
|
||||
}
|
||||
|
||||
public void setCommonDvcNtHost(String commonDvcNtHost) {
|
||||
addPair(COMMON_DVC_NT_HOST, commonDvcNtHost);
|
||||
}
|
||||
|
||||
public void setCommonDvcTime(long commonDvcTime) {
|
||||
addPair(COMMON_DVC_TIME, commonDvcTime);
|
||||
}
|
||||
|
||||
public void setCommonEndTime(long commonEndTime) {
|
||||
addPair(COMMON_END_TIME, commonEndTime);
|
||||
}
|
||||
|
||||
public void setCommonEventId(long commonEventId) {
|
||||
addPair(COMMON_EVENT_ID, commonEventId);
|
||||
}
|
||||
|
||||
public void setCommonLength(long commonLength) {
|
||||
addPair(COMMON_LENGTH, commonLength);
|
||||
}
|
||||
|
||||
public void setCommonLogLevel(String commonLogLevel) {
|
||||
addPair(COMMON_LOG_LEVEL, commonLogLevel);
|
||||
}
|
||||
|
||||
public void setCommonName(String commonName) {
|
||||
addPair(COMMON_NAME, commonName);
|
||||
}
|
||||
|
||||
public void setCommonPid(long commonPid) {
|
||||
addPair(COMMON_PID, commonPid);
|
||||
}
|
||||
|
||||
public void setCommonPriority(long commonPriority) {
|
||||
addPair(COMMON_PRIORITY, commonPriority);
|
||||
}
|
||||
|
||||
public void setCommonProduct(String commonProduct) {
|
||||
addPair(COMMON_PRODUCT, commonProduct);
|
||||
}
|
||||
|
||||
public void setCommonProductVersion(long commonProductVersion) {
|
||||
addPair(COMMON_PRODUCT_VERSION, commonProductVersion);
|
||||
}
|
||||
|
||||
public void setCommonReason(String commonReason) {
|
||||
addPair(COMMON_REASON, commonReason);
|
||||
}
|
||||
|
||||
public void setCommonResult(String commonResult) {
|
||||
addPair(COMMON_RESULT, commonResult);
|
||||
}
|
||||
|
||||
public void setCommonSeverity(String commonSeverity) {
|
||||
addPair(COMMON_SEVERITY, commonSeverity);
|
||||
}
|
||||
|
||||
public void setCommonStartTime(long commonStartTime) {
|
||||
addPair(COMMON_START_TIME, commonStartTime);
|
||||
}
|
||||
|
||||
public void setCommonTransactionId(String commonTransactionId) {
|
||||
addPair(COMMON_TRANSACTION_ID, commonTransactionId);
|
||||
}
|
||||
|
||||
public void setCommonUrl(String commonUrl) {
|
||||
addPair(COMMON_URL, commonUrl);
|
||||
}
|
||||
|
||||
public void setCommonVendor(String commonVendor) {
|
||||
addPair(COMMON_VENDOR, commonVendor);
|
||||
}
|
||||
|
||||
public void setUpdatePackage(String updatePackage) {
|
||||
addPair(UPDATE_PACKAGE, updatePackage);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,184 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class SystemCenterEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// System center
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The running application or service on the system (the src field), such as
|
||||
* explorer.exe or sshd.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_APP = "app";
|
||||
/**
|
||||
* The amount of disk space available per drive or mount (the mount field)
|
||||
* on the system (the src field).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_FREEMBYTES = "FreeMBytes";
|
||||
/**
|
||||
* The version of operating system installed on the host (the src field),
|
||||
* such as 6.0.1.4 or 2.6.27.30-170.2.82.fc10.x86_64.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_KERNEL_RELEASE = "kernel_release";
|
||||
/**
|
||||
* Human-readable version of the SystemUptime value.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_LABEL = "label";
|
||||
/**
|
||||
* The drive or mount reporting available disk space (the FreeMBytes field)
|
||||
* on the system (the src field).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_MOUNT = "mount";
|
||||
/**
|
||||
* The name of the operating system installed on the host (the src), such as
|
||||
* Microsoft Windows Server 2003 or GNU/Linux).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_OS = "os";
|
||||
/**
|
||||
* The percentage of processor utilization.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_PERCENTPROCESSORTIME = "PercentProcessorTime";
|
||||
/**
|
||||
* The setlocaldefs setting from the SE Linux configuration.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SETLOCALDEFS = "setlocaldefs";
|
||||
/**
|
||||
* Values from the SE Linux configuration file.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SELINUX = "selinux";
|
||||
/**
|
||||
* The SE Linux type (such as targeted).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SELINUXTYPE = "selinuxtype";
|
||||
/**
|
||||
* The shell provided to the User Account (the user field) upon logging into
|
||||
* the system (the src field).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SHELL = "shell";
|
||||
/**
|
||||
* The TCP/UDP source port on the system (the src field).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SRC_PORT = "src_port";
|
||||
/**
|
||||
* The sshd protocol version.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SSHD_PROTOCOL = "sshd_protocol";
|
||||
/**
|
||||
* The start mode of the given service.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_STARTMODE = "Startmode";
|
||||
/**
|
||||
* The number of seconds since the system (the src) has been "up."
|
||||
*/
|
||||
public static String SYSTEM_CENTER_SYSTEMUPTIME = "SystemUptime";
|
||||
/**
|
||||
* The total amount of available memory on the system (the src).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_TOTALMBYTES = "TotalMBytes";
|
||||
/**
|
||||
* The amount of used memory on the system (the src).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_USEDMBYTES = "UsedMBytes";
|
||||
/**
|
||||
* The User Account present on the system (the src).
|
||||
*/
|
||||
public static String SYSTEM_CENTER_USER = "user";
|
||||
/**
|
||||
* The number of updates the system (the src) is missing.
|
||||
*/
|
||||
public static String SYSTEM_CENTER_UPDATES = "updates";
|
||||
|
||||
public void setSystemCenterApp(String systemCenterApp) {
|
||||
addPair(SYSTEM_CENTER_APP, systemCenterApp);
|
||||
}
|
||||
|
||||
public void setSystemCenterFreembytes(long systemCenterFreembytes) {
|
||||
addPair(SYSTEM_CENTER_FREEMBYTES, systemCenterFreembytes);
|
||||
}
|
||||
|
||||
public void setSystemCenterKernelRelease(String systemCenterKernelRelease) {
|
||||
addPair(SYSTEM_CENTER_KERNEL_RELEASE, systemCenterKernelRelease);
|
||||
}
|
||||
|
||||
public void setSystemCenterLabel(String systemCenterLabel) {
|
||||
addPair(SYSTEM_CENTER_LABEL, systemCenterLabel);
|
||||
}
|
||||
|
||||
public void setSystemCenterMount(String systemCenterMount) {
|
||||
addPair(SYSTEM_CENTER_MOUNT, systemCenterMount);
|
||||
}
|
||||
|
||||
public void setSystemCenterOs(String systemCenterOs) {
|
||||
addPair(SYSTEM_CENTER_OS, systemCenterOs);
|
||||
}
|
||||
|
||||
public void setSystemCenterPercentprocessortime(int systemCenterPercentprocessortime) {
|
||||
addPair(SYSTEM_CENTER_PERCENTPROCESSORTIME, systemCenterPercentprocessortime);
|
||||
}
|
||||
|
||||
public void setSystemCenterSetlocaldefs(int systemCenterSetlocaldefs) {
|
||||
addPair(SYSTEM_CENTER_SETLOCALDEFS, systemCenterSetlocaldefs);
|
||||
}
|
||||
|
||||
public void setSystemCenterSelinux(String systemCenterSelinux) {
|
||||
addPair(SYSTEM_CENTER_SELINUX, systemCenterSelinux);
|
||||
}
|
||||
|
||||
public void setSystemCenterSelinuxtype(String systemCenterSelinuxtype) {
|
||||
addPair(SYSTEM_CENTER_SELINUXTYPE, systemCenterSelinuxtype);
|
||||
}
|
||||
|
||||
public void setSystemCenterShell(String systemCenterShell) {
|
||||
addPair(SYSTEM_CENTER_SHELL, systemCenterShell);
|
||||
}
|
||||
|
||||
public void setSystemCenterSrcPort(int systemCenterSrcPort) {
|
||||
addPair(SYSTEM_CENTER_SRC_PORT, systemCenterSrcPort);
|
||||
}
|
||||
|
||||
public void setSystemCenterSshdProtocol(String systemCenterSshdProtocol) {
|
||||
addPair(SYSTEM_CENTER_SSHD_PROTOCOL, systemCenterSshdProtocol);
|
||||
}
|
||||
|
||||
public void setSystemCenterStartmode(String systemCenterStartmode) {
|
||||
addPair(SYSTEM_CENTER_STARTMODE, systemCenterStartmode);
|
||||
}
|
||||
|
||||
public void setSystemCenterSystemuptime(long systemCenterSystemuptime) {
|
||||
addPair(SYSTEM_CENTER_SYSTEMUPTIME, systemCenterSystemuptime);
|
||||
}
|
||||
|
||||
public void setSystemCenterTotalmbytes(long systemCenterTotalmbytes) {
|
||||
addPair(SYSTEM_CENTER_TOTALMBYTES, systemCenterTotalmbytes);
|
||||
}
|
||||
|
||||
public void setSystemCenterUsedmbytes(long systemCenterUsedmbytes) {
|
||||
addPair(SYSTEM_CENTER_USEDMBYTES, systemCenterUsedmbytes);
|
||||
}
|
||||
|
||||
public void setSystemCenterUser(String systemCenterUser) {
|
||||
addPair(SYSTEM_CENTER_USER, systemCenterUser);
|
||||
}
|
||||
|
||||
public void setSystemCenterUpdates(long systemCenterUpdates) {
|
||||
addPair(SYSTEM_CENTER_UPDATES, systemCenterUpdates);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,55 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class TrafficEvent extends SplunkEvent {
|
||||
|
||||
// ----------------------------------
|
||||
// Traffic
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The destination of the network traffic. If your field is named dest_host,
|
||||
* dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest to make it
|
||||
* CIM-compliant.
|
||||
*/
|
||||
public static String TRAFFIC_DEST = "dest";
|
||||
/**
|
||||
* The name of the packet filtering device. If your field is named dvc_host,
|
||||
* dvc_ip, or dvc_nt_host you can alias it as dvc to make it CIM-compliant.
|
||||
*/
|
||||
public static String TRAFFIC_DVC = "dvc";
|
||||
/**
|
||||
* The source of the network traffic. If your field is named src_host,
|
||||
* src_ip, src_ipv6, or src_nt_host you can alias it as src to make it
|
||||
* CIM-compliant.
|
||||
*/
|
||||
public static String TRAFFIC_SRC = "src";
|
||||
|
||||
public void setTrafficDest(String trafficDest) {
|
||||
addPair(TRAFFIC_DEST, trafficDest);
|
||||
}
|
||||
|
||||
public void setTrafficDvc(String trafficDvc) {
|
||||
addPair(TRAFFIC_DVC, trafficDvc);
|
||||
}
|
||||
|
||||
public void setTrafficSrc(String trafficSrc) {
|
||||
addPair(TRAFFIC_SRC, trafficSrc);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,134 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class UserInfoUpdateEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// User information updates
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* A user that has been affected by a change. For example, user fflanda
|
||||
* changed the name of user rhallen, so affected_user=rhallen.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_AFFECTED_USER = "affected_user";
|
||||
/**
|
||||
* The user group affected by a change.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP = "affected_user_group";
|
||||
/**
|
||||
* The identifier of the user group affected by a change.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID = "affected_user_group_id";
|
||||
/**
|
||||
* The identifier of the user affected by a change.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_AFFECTED_USER_ID = "affected_user_id";
|
||||
/**
|
||||
* The security context associated with the user affected by a change.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE = "affected_user_privilege";
|
||||
/**
|
||||
* The name of the user affected by the recorded event.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER = "user";
|
||||
/**
|
||||
* A user group that is the object of an event, expressed in human-readable
|
||||
* terms.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_GROUP = "user_group";
|
||||
/**
|
||||
* The numeric identifier assigned to the user group event object.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_GROUP_ID = "user_group_id";
|
||||
/**
|
||||
* The system-assigned identifier for the user affected by an event.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_ID = "user_id";
|
||||
/**
|
||||
* The security context associated with the object of an event (the affected
|
||||
* user).
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_PRIVILEGE = "user_privilege";
|
||||
/**
|
||||
* The name of the user that is the subject of an event--the user executing
|
||||
* the action, in other words.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_SUBJECT = "user_subject";
|
||||
/**
|
||||
* The ID number of the user that is the subject of an event.
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_SUBJECT_ID = "user_subject_id";
|
||||
/**
|
||||
* The security context associated with the subject of an event (the user
|
||||
* causing a change).
|
||||
*/
|
||||
public static String USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE = "user_subject_privilege";
|
||||
public void setUserInfoUpdatesAffectedUser(String userInfoUpdatesAffectedUser) {
|
||||
addPair(USER_INFO_UPDATES_AFFECTED_USER, userInfoUpdatesAffectedUser);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesAffectedUserGroup(String userInfoUpdatesAffectedUserGroup) {
|
||||
addPair(USER_INFO_UPDATES_AFFECTED_USER_GROUP, userInfoUpdatesAffectedUserGroup);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesAffectedUserGroupId(int userInfoUpdatesAffectedUserGroupId) {
|
||||
addPair(USER_INFO_UPDATES_AFFECTED_USER_GROUP_ID, userInfoUpdatesAffectedUserGroupId);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesAffectedUserId(int userInfoUpdatesAffectedUserId) {
|
||||
addPair(USER_INFO_UPDATES_AFFECTED_USER_ID, userInfoUpdatesAffectedUserId);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesAffectedUserPrivilege(String userInfoUpdatesAffectedUserPrivilege) {
|
||||
addPair(USER_INFO_UPDATES_AFFECTED_USER_PRIVILEGE, userInfoUpdatesAffectedUserPrivilege);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUser(String userInfoUpdatesUser) {
|
||||
addPair(USER_INFO_UPDATES_USER, userInfoUpdatesUser);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserGroup(String userInfoUpdatesUserGroup) {
|
||||
addPair(USER_INFO_UPDATES_USER_GROUP, userInfoUpdatesUserGroup);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserGroupId(int userInfoUpdatesUserGroupId) {
|
||||
addPair(USER_INFO_UPDATES_USER_GROUP_ID, userInfoUpdatesUserGroupId);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserId(int userInfoUpdatesUserId) {
|
||||
addPair(USER_INFO_UPDATES_USER_ID, userInfoUpdatesUserId);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserPrivilege(String userInfoUpdatesUserPrivilege) {
|
||||
addPair(USER_INFO_UPDATES_USER_PRIVILEGE, userInfoUpdatesUserPrivilege);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserSubject(String userInfoUpdatesUserSubject) {
|
||||
addPair(USER_INFO_UPDATES_USER_SUBJECT, userInfoUpdatesUserSubject);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserSubjectId(int userInfoUpdatesUserSubjectId) {
|
||||
addPair(USER_INFO_UPDATES_USER_SUBJECT_ID, userInfoUpdatesUserSubjectId);
|
||||
}
|
||||
|
||||
public void setUserInfoUpdatesUserSubjectPrivilege(String userInfoUpdatesUserSubjectPrivilege) {
|
||||
addPair(USER_INFO_UPDATES_USER_SUBJECT_PRIVILEGE, userInfoUpdatesUserSubjectPrivilege);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -0,0 +1,70 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class VulnerabilityEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Vulnerability
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The category of the discovered vulnerability.
|
||||
*/
|
||||
public static String VULNERABILITY_CATEGORY = "category";
|
||||
/**
|
||||
* The host with the discovered vulnerability. If your field is named
|
||||
* dest_host, dest_ip, dest_ipv6, or dest_nt_host you can alias it as dest
|
||||
* to make it CIM-compliant.
|
||||
*/
|
||||
public static String VULNERABILITY_DEST = "dest";
|
||||
/**
|
||||
* The operating system of the host containing the vulnerability detected on
|
||||
* the client (the src field), such as SuSE Security Update, or cups
|
||||
* security update.
|
||||
*/
|
||||
public static String VULNERABILITY_OS = "os";
|
||||
/**
|
||||
* The severity of the discovered vulnerability.
|
||||
*/
|
||||
public static String VULNERABILITY_SEVERITY = "severity";
|
||||
/**
|
||||
* The name of the vulnerability detected on the client (the src field),
|
||||
* such as SuSE Security Update, or cups security update.
|
||||
*/
|
||||
public static String VULNERABILITY_SIGNATURE = "signature";
|
||||
|
||||
public void setVulnerabilityCategory(String vulnerabilityCategory) {
|
||||
addPair(VULNERABILITY_CATEGORY, vulnerabilityCategory);
|
||||
}
|
||||
|
||||
public void setVulnerabilityDest(String vulnerabilityDest) {
|
||||
addPair(VULNERABILITY_DEST, vulnerabilityDest);
|
||||
}
|
||||
|
||||
public void setVulnerabilityOs(String vulnerabilityOs) {
|
||||
addPair(VULNERABILITY_OS, vulnerabilityOs);
|
||||
}
|
||||
|
||||
public void setVulnerabilitySeverity(String vulnerabilitySeverity) {
|
||||
addPair(VULNERABILITY_SEVERITY, vulnerabilitySeverity);
|
||||
}
|
||||
|
||||
public void setVulnerabilitySignature(String vulnerabilitySignature) {
|
||||
addPair(VULNERABILITY_SIGNATURE, vulnerabilitySignature);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,49 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.event;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
@SuppressWarnings("serial")
|
||||
public class WindowsAdminEvent extends SplunkEvent {
|
||||
// ----------------------------------
|
||||
// Windows administration
|
||||
// ----------------------------------
|
||||
|
||||
/**
|
||||
* The object name (associated only with Windows).
|
||||
*/
|
||||
public static String WINDOWS_ADMIN_OBJECT_NAME = "object_name";
|
||||
/**
|
||||
* The object type (associated only with Windows).
|
||||
*/
|
||||
public static String WINDOWS_ADMIN_OBJECT_TYPE = "object_type";
|
||||
/**
|
||||
* The object handle (associated only with Windows).
|
||||
*/
|
||||
public static String WINDOWS_ADMIN_OBJECT_HANDLE = "object_handle";
|
||||
|
||||
public void setWindowsAdminObjectName(String windowsAdminObjectName) {
|
||||
addPair(WINDOWS_ADMIN_OBJECT_NAME, windowsAdminObjectName);
|
||||
}
|
||||
|
||||
public void setWindowsAdminObjectType(String windowsAdminObjectType) {
|
||||
addPair(WINDOWS_ADMIN_OBJECT_TYPE, windowsAdminObjectType);
|
||||
}
|
||||
|
||||
public void setWindowsAdminObjectHandle(String windowsAdminObjectHandle) {
|
||||
addPair(WINDOWS_ADMIN_OBJECT_HANDLE, windowsAdminObjectHandle);
|
||||
}
|
||||
}
|
||||
@@ -20,7 +20,7 @@ import java.util.List;
|
||||
import org.springframework.integration.Message;
|
||||
import org.springframework.integration.context.IntegrationObjectSupport;
|
||||
import org.springframework.integration.core.MessageSource;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
import org.springframework.integration.splunk.support.SplunkExecutor;
|
||||
import org.springframework.integration.support.MessageBuilder;
|
||||
import org.springframework.util.Assert;
|
||||
@@ -32,7 +32,7 @@ import org.springframework.util.Assert;
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implements MessageSource<List<SplunkData>> {
|
||||
public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implements MessageSource<List<SplunkEvent>> {
|
||||
|
||||
private final SplunkExecutor splunkExecutor;
|
||||
|
||||
@@ -62,8 +62,8 @@ public class SplunkPollingChannelAdapter extends IntegrationObjectSupport implem
|
||||
* If {@link SplunkExecutor#poll()} returns null, this method will return
|
||||
* <code>null</code>. Otherwise, a new {@link Message} is constructed and returned.
|
||||
*/
|
||||
public Message<List<SplunkData>> receive() {
|
||||
List<SplunkData> payload = splunkExecutor.poll();
|
||||
public Message<List<SplunkEvent>> receive() {
|
||||
List<SplunkEvent> payload = splunkExecutor.poll();
|
||||
if (payload == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
@@ -0,0 +1,166 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.io.Writer;
|
||||
import java.net.Socket;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.context.SmartLifecycle;
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.core.DataWriter;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
* Base class for {@link DataWriter}s to write data into Splunk.
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author David Turanski
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public abstract class AbstractSplunkDataWriter implements DataWriter, SmartLifecycle {
|
||||
|
||||
protected final Log logger = LogFactory.getLog(getClass());
|
||||
|
||||
protected ConnectionFactory<Service> connectionFactory;
|
||||
|
||||
protected Socket socket;
|
||||
|
||||
protected Service service;
|
||||
|
||||
protected Args args;
|
||||
|
||||
private boolean running;
|
||||
|
||||
private int phase;
|
||||
|
||||
private boolean autoStartup = true;
|
||||
|
||||
|
||||
|
||||
protected AbstractSplunkDataWriter(ConnectionFactory<Service> connectionFactory, Args args) {
|
||||
Assert.notNull(connectionFactory,"connectionFactory cannot be null");
|
||||
this.connectionFactory = connectionFactory;
|
||||
|
||||
Assert.notNull(args, "args cannot be null");
|
||||
this.args = args;
|
||||
}
|
||||
|
||||
public void write(SplunkEvent event) throws Exception {
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug("writing event to splunk:" + event);
|
||||
}
|
||||
|
||||
doWrite(event, socket, service, args);
|
||||
}
|
||||
|
||||
protected void doWrite(SplunkEvent event, Socket socket, Service service, Args args) throws IOException {
|
||||
OutputStream ostream = socket.getOutputStream();
|
||||
Writer writer = new OutputStreamWriter(ostream, "UTF8");
|
||||
writer.write(event.toString());
|
||||
writer.flush();
|
||||
}
|
||||
|
||||
protected abstract Socket createSocket(Service service) throws IOException;
|
||||
|
||||
|
||||
public Args getArgs() {
|
||||
return args;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.Lifecycle#start()
|
||||
*/
|
||||
public synchronized void start() {
|
||||
try {
|
||||
Connection<Service> connection = connectionFactory.getConnection();
|
||||
this.service = connection.getTarget();
|
||||
|
||||
socket = createSocket(service);
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
this.running = true;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.Lifecycle#stop()
|
||||
*/
|
||||
public synchronized void stop() {
|
||||
if (!running) {
|
||||
return;
|
||||
}
|
||||
try {
|
||||
if (socket != null) {
|
||||
socket.close();
|
||||
}
|
||||
|
||||
connectionFactory.getConnection().close();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
|
||||
this.running = false;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.Lifecycle#isRunning()
|
||||
*/
|
||||
public boolean isRunning() {
|
||||
return this.running;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.Phased#getPhase()
|
||||
*/
|
||||
public int getPhase() {
|
||||
return this.phase;
|
||||
}
|
||||
|
||||
public void setPhase(int phase) {
|
||||
this.phase = phase;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.SmartLifecycle#isAutoStartup()
|
||||
*/
|
||||
public boolean isAutoStartup() {
|
||||
return this.autoStartup;
|
||||
}
|
||||
|
||||
public void setAutoStartup(boolean autoStartup) {
|
||||
this.autoStartup = autoStartup;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.context.SmartLifecycle#stop(java.lang.Runnable)
|
||||
*/
|
||||
public synchronized void stop(Runnable callback) {
|
||||
this.stop();
|
||||
callback.run();
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,79 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import com.splunk.Args;
|
||||
|
||||
/**
|
||||
* Build {@link Args} instance. Supports method chaining
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
public class ArgsBuilder {
|
||||
|
||||
private String sourceType;
|
||||
private String source;
|
||||
private String host;
|
||||
private String hostRegex;
|
||||
|
||||
public Args build() {
|
||||
Args args = new Args();
|
||||
if (sourceType != null) {
|
||||
args.put("sourcetype", sourceType);
|
||||
}
|
||||
if (source != null) {
|
||||
args.put("source", source);
|
||||
}
|
||||
|
||||
if (host != null) {
|
||||
args.put("host", host);
|
||||
}
|
||||
|
||||
if (hostRegex != null) {
|
||||
args.put("host_regex", hostRegex);
|
||||
}
|
||||
return args;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param sourceType the sourceType to set
|
||||
*/
|
||||
public ArgsBuilder setSourceType(String sourceType) {
|
||||
this.sourceType = sourceType;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param source the source to set
|
||||
*/
|
||||
public ArgsBuilder setSource(String source) {
|
||||
this.source = source;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param host the host to set
|
||||
*/
|
||||
public ArgsBuilder setHost(String host) {
|
||||
this.host = host;
|
||||
return this;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param hostRegex the hostRegex to set
|
||||
*/
|
||||
public ArgsBuilder setHostRegex(String hostRegex) {
|
||||
this.hostRegex = hostRegex;
|
||||
return this;
|
||||
}
|
||||
}
|
||||
@@ -1,31 +0,0 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
/**
|
||||
* Method of pushing data into Splunk.
|
||||
*
|
||||
* Stream: Establish a connection, keep it open, and stream events until the connection is closed.Better for high volume input.
|
||||
* Tcp: Create raw socket and send event data into the socket
|
||||
* Submit: Send event data into Splunk with HTTP REST api
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public enum IngestType {
|
||||
STREAM, TCP, SUBMIT;
|
||||
}
|
||||
@@ -0,0 +1,75 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import org.springframework.beans.factory.FactoryBean;
|
||||
|
||||
import com.splunk.Args;
|
||||
|
||||
/**
|
||||
* {@link FactoryBean} that wraps {@link ArgsBuilder}
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
public class SplunkArgsFactoryBean implements FactoryBean<Args> {
|
||||
private ArgsBuilder argsBuilder = new ArgsBuilder();
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.FactoryBean#getObject()
|
||||
*/
|
||||
public Args getObject() throws Exception {
|
||||
return argsBuilder.build();
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.FactoryBean#getObjectType()
|
||||
*/
|
||||
public Class<?> getObjectType() {
|
||||
return Args.class;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.FactoryBean#isSingleton()
|
||||
*/
|
||||
public boolean isSingleton() {
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param host the host to set
|
||||
*/
|
||||
public void setHost(String host) {
|
||||
this.argsBuilder.setHost(host);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param hostRegex the hostRegex to set
|
||||
*/
|
||||
public void setHostRegex(String hostRegex) {
|
||||
this.argsBuilder.setHostRegex(hostRegex);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param sourceType the sourceType to set
|
||||
*/
|
||||
public void setSourceType(String sourceType) {
|
||||
this.argsBuilder.setSourceType(sourceType);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param source the source to set
|
||||
*/
|
||||
public void setSource(String source) {
|
||||
this.argsBuilder.setSource(source);
|
||||
}
|
||||
}
|
||||
@@ -17,9 +17,13 @@ package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.Callable;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.Future;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.entity.SplunkServer;
|
||||
|
||||
import com.splunk.Service;
|
||||
|
||||
@@ -33,9 +37,10 @@ import com.splunk.Service;
|
||||
public class SplunkConnection implements Connection<Service> {
|
||||
|
||||
private Service service;
|
||||
|
||||
|
||||
public SplunkConnection(SplunkServer splunkServer) {
|
||||
Map<String, Object> args = new HashMap<String, Object>();
|
||||
final Map<String, Object> args = new HashMap<String, Object>();
|
||||
if (splunkServer.getHost() != null) {
|
||||
args.put("host", splunkServer.getHost());
|
||||
}
|
||||
@@ -52,9 +57,28 @@ public class SplunkConnection implements Connection<Service> {
|
||||
args.put("owner", splunkServer.getOwner());
|
||||
}
|
||||
|
||||
args.put("username", splunkServer.getUserName());
|
||||
args.put("username", splunkServer.getUsername());
|
||||
args.put("password", splunkServer.getPassword());
|
||||
service = Service.connect(args);
|
||||
|
||||
ExecutorService executor = Executors.newSingleThreadExecutor();
|
||||
|
||||
Future<Service> future = executor.submit(new Callable<Service>(){
|
||||
public Service call() throws Exception {
|
||||
return Service.connect(args);
|
||||
}
|
||||
});
|
||||
|
||||
try {
|
||||
if (splunkServer.getTimeout() > 0) {
|
||||
service = future.get(splunkServer.getTimeout(),TimeUnit.MILLISECONDS);
|
||||
} else {
|
||||
service = future.get();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(String.format("could not connect to Splunk Server @ %s:%d - %s",
|
||||
splunkServer.getHost(),splunkServer.getPort(),e.getMessage()));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
@@ -76,6 +100,7 @@ public class SplunkConnection implements Connection<Service> {
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.core.IService#getService()
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
* Copyright 2011-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@@ -17,7 +17,6 @@ package org.springframework.integration.splunk.support;
|
||||
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.entity.SplunkServer;
|
||||
|
||||
import com.splunk.Service;
|
||||
|
||||
@@ -25,13 +24,14 @@ import com.splunk.Service;
|
||||
* Factory to create Splunk connection.
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author David Turanski
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public class SplunkConnectionFactory implements ConnectionFactory<Service> {
|
||||
|
||||
private SplunkServer splunkServer;
|
||||
|
||||
private SplunkConnection connection;
|
||||
public SplunkConnectionFactory(SplunkServer server) {
|
||||
this.splunkServer = server;
|
||||
}
|
||||
@@ -39,8 +39,11 @@ public class SplunkConnectionFactory implements ConnectionFactory<Service> {
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.core.ServiceFactory#getService()
|
||||
*/
|
||||
public Connection<Service> getConnection() throws Exception {
|
||||
return new SplunkConnection(splunkServer);
|
||||
public synchronized Connection<Service> getConnection() throws Exception {
|
||||
if (connection == null || !connection.isOpen()) {
|
||||
connection = new SplunkConnection(splunkServer);
|
||||
}
|
||||
return connection;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -30,7 +30,7 @@ import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.core.DataReader;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.StringUtils;
|
||||
|
||||
@@ -176,7 +176,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
return app;
|
||||
}
|
||||
|
||||
public List<SplunkData> search() throws Exception {
|
||||
public List<SplunkEvent> search() throws Exception {
|
||||
logger.debug("mode:" + mode);
|
||||
switch (mode) {
|
||||
case SAVEDSEARCH: {
|
||||
@@ -292,7 +292,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
}
|
||||
|
||||
|
||||
private List<SplunkData> runQuery(Args queryArgs) throws Exception {
|
||||
private List<SplunkEvent> runQuery(Args queryArgs) throws Exception {
|
||||
Connection<Service> connection = connectionFactory.getConnection();
|
||||
try {
|
||||
Job job = connection.getTarget().getJobs().create(search, queryArgs);
|
||||
@@ -305,20 +305,20 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
}
|
||||
}
|
||||
|
||||
private List<SplunkData> blockingSearch() throws Exception {
|
||||
private List<SplunkEvent> blockingSearch() throws Exception {
|
||||
logger.debug("block search start");
|
||||
|
||||
Args queryArgs = new Args();
|
||||
queryArgs.put("exec_mode", "blocking");
|
||||
Calendar startTime = Calendar.getInstance();
|
||||
populateArgs(queryArgs, startTime, false);
|
||||
List<SplunkData> data = runQuery(queryArgs);
|
||||
List<SplunkEvent> data = runQuery(queryArgs);
|
||||
lastSuccessfulReadTime = startTime;
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
private List<SplunkData> nonBlockingSearch() throws Exception {
|
||||
private List<SplunkEvent> nonBlockingSearch() throws Exception {
|
||||
logger.debug("non block search start");
|
||||
|
||||
Args queryArgs = new Args();
|
||||
@@ -326,7 +326,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
Calendar startTime = Calendar.getInstance();
|
||||
populateArgs(queryArgs, startTime, false);
|
||||
|
||||
List<SplunkData> data = runQuery(queryArgs);
|
||||
List<SplunkEvent> data = runQuery(queryArgs);
|
||||
lastSuccessfulReadTime = startTime;
|
||||
return data;
|
||||
}
|
||||
@@ -336,7 +336,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
* @return
|
||||
* @throws Exception
|
||||
*/
|
||||
private List<SplunkData> realtimeSearch() throws Exception {
|
||||
private List<SplunkEvent> realtimeSearch() throws Exception {
|
||||
logger.debug("realtime search start");
|
||||
|
||||
Args queryArgs = new Args();
|
||||
@@ -344,7 +344,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
Calendar startTime = Calendar.getInstance();
|
||||
populateArgs(queryArgs, startTime, true);
|
||||
|
||||
List<SplunkData> data = runQuery(queryArgs);
|
||||
List<SplunkEvent> data = runQuery(queryArgs);
|
||||
lastSuccessfulReadTime = startTime;
|
||||
return data;
|
||||
}
|
||||
@@ -353,11 +353,11 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
* @throws Exception
|
||||
*
|
||||
*/
|
||||
private List<SplunkData> exportSearch() throws Exception {
|
||||
private List<SplunkEvent> exportSearch() throws Exception {
|
||||
logger.debug("export start");
|
||||
List<SplunkData> result = new ArrayList<SplunkData>();
|
||||
List<SplunkEvent> result = new ArrayList<SplunkEvent>();
|
||||
HashMap<String, String> data;
|
||||
SplunkData splunkData;
|
||||
SplunkEvent splunkData;
|
||||
|
||||
Args queryArgs = new Args();
|
||||
Calendar startTime = Calendar.getInstance();
|
||||
@@ -369,7 +369,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
InputStream os = connection.getTarget().export(search, queryArgs);
|
||||
ResultsReaderXml resultsReader = new ResultsReaderXml(os);
|
||||
while ((data = resultsReader.getNextEvent()) != null) {
|
||||
splunkData = new SplunkData(data);
|
||||
splunkData = new SplunkEvent(data);
|
||||
result.add(splunkData);
|
||||
}
|
||||
return result;
|
||||
@@ -379,7 +379,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
}
|
||||
|
||||
|
||||
private List<SplunkData> savedSearch() throws Exception {
|
||||
private List<SplunkEvent> savedSearch() throws Exception {
|
||||
logger.debug("saved search start");
|
||||
|
||||
Args queryArgs = new Args();
|
||||
@@ -414,7 +414,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
while (!job.isDone()) {
|
||||
Thread.sleep(2000);
|
||||
}
|
||||
List<SplunkData> data = extractData(job);
|
||||
List<SplunkEvent> data = extractData(job);
|
||||
this.lastSuccessfulReadTime = startTime;
|
||||
return data;
|
||||
} finally {
|
||||
@@ -422,10 +422,10 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
}
|
||||
}
|
||||
|
||||
private List<SplunkData> extractData(Job job) throws Exception {
|
||||
List<SplunkData> result = new ArrayList<SplunkData>();
|
||||
private List<SplunkEvent> extractData(Job job) throws Exception {
|
||||
List<SplunkEvent> result = new ArrayList<SplunkEvent>();
|
||||
HashMap<String, String> data;
|
||||
SplunkData splunkData;
|
||||
SplunkEvent splunkData;
|
||||
ResultsReader resultsReader;
|
||||
int total = job.getResultCount();
|
||||
|
||||
@@ -437,7 +437,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
|
||||
resultsReader = new ResultsReaderXml(stream);
|
||||
while ((data = resultsReader.getNextEvent()) != null) {
|
||||
splunkData = new SplunkData(data);
|
||||
splunkData = new SplunkEvent(data);
|
||||
result.add(splunkData);
|
||||
}
|
||||
}
|
||||
@@ -452,7 +452,7 @@ public class SplunkDataReader implements DataReader, InitializingBean {
|
||||
stream = job.getResults(outputArgs);
|
||||
resultsReader = new ResultsReaderXml(stream);
|
||||
while ((data = resultsReader.getNextEvent()) != null) {
|
||||
splunkData = new SplunkData(data);
|
||||
splunkData = new SplunkEvent(data);
|
||||
result.add(splunkData);
|
||||
}
|
||||
offset += count;
|
||||
|
||||
@@ -1,202 +0,0 @@
|
||||
/*
|
||||
* Copyright 2011-2012 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.io.OutputStream;
|
||||
import java.io.OutputStreamWriter;
|
||||
import java.io.Writer;
|
||||
import java.net.Socket;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.DataWriter;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Index;
|
||||
import com.splunk.Receiver;
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
* Data writer to write data into Splunk. There are 3 ways to write data:
|
||||
* REST submit, TCP socket and HTTP stream.
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
public class SplunkDataWriter implements DataWriter, InitializingBean {
|
||||
|
||||
private static final Log logger = LogFactory.getLog(SplunkDataWriter.class);
|
||||
|
||||
private ConnectionFactory<Service> connectionFactory;
|
||||
|
||||
private String sourceType;
|
||||
|
||||
private String source;
|
||||
|
||||
private String index;
|
||||
|
||||
private IngestType ingest = IngestType.STREAM; //tcp, stream, submit
|
||||
|
||||
private int tcpPort;
|
||||
|
||||
private String host;
|
||||
|
||||
private String hostRegex;
|
||||
|
||||
public SplunkDataWriter(ConnectionFactory<Service> f) {
|
||||
this.connectionFactory = f;
|
||||
}
|
||||
|
||||
public void write(SplunkData data) throws Exception {
|
||||
logger.debug("write message to splunk:" + data);
|
||||
|
||||
Connection<Service> connection = connectionFactory.getConnection();
|
||||
Service service = connection.getTarget();
|
||||
Index indexObject = null;
|
||||
Receiver receiver = null;
|
||||
OutputStream ostream;
|
||||
Socket socket;
|
||||
Writer writer = null;
|
||||
|
||||
Args args = new Args();
|
||||
if (sourceType != null) {
|
||||
args.put("sourcetype", sourceType);
|
||||
}
|
||||
if (source != null) {
|
||||
args.put("source", source);
|
||||
}
|
||||
|
||||
if (host != null) {
|
||||
args.put("host", host);
|
||||
}
|
||||
|
||||
if (hostRegex != null) {
|
||||
args.put("host_regex", hostRegex);
|
||||
}
|
||||
|
||||
try {
|
||||
if (index != null) {
|
||||
indexObject = service.getIndexes().get(index);
|
||||
}
|
||||
else {
|
||||
receiver = service.getReceiver();
|
||||
}
|
||||
|
||||
if ((ingest.equals(IngestType.STREAM) || ingest.equals(IngestType.TCP))) {
|
||||
if (ingest.equals(IngestType.STREAM)) {
|
||||
if (indexObject != null)
|
||||
socket = indexObject.attach(args);
|
||||
else
|
||||
socket = receiver.attach(args);
|
||||
}
|
||||
else {
|
||||
socket = service.open(tcpPort);
|
||||
}
|
||||
ostream = socket.getOutputStream();
|
||||
writer = new OutputStreamWriter(ostream, "UTF8");
|
||||
}
|
||||
|
||||
if ((ingest.equals(IngestType.STREAM) || ingest.equals(IngestType.TCP))) {
|
||||
writer.write(data.toString());
|
||||
writer.flush();
|
||||
writer.close();
|
||||
}
|
||||
else {
|
||||
if (index != null) {
|
||||
indexObject.submit(args, data.toString());
|
||||
}
|
||||
else {
|
||||
receiver.submit(args, data.toString());
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
connection.close();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
public void setSourceType(String sourceType) {
|
||||
this.sourceType = sourceType;
|
||||
}
|
||||
|
||||
public void setSource(String source) {
|
||||
this.source = source;
|
||||
}
|
||||
|
||||
public void setIndex(String index) {
|
||||
this.index = index;
|
||||
}
|
||||
|
||||
public void setIngest(IngestType ingest) {
|
||||
this.ingest = ingest;
|
||||
}
|
||||
|
||||
public void setTcpPort(int tcpPort) {
|
||||
this.tcpPort = tcpPort;
|
||||
}
|
||||
|
||||
public void setHost(String host) {
|
||||
this.host = host;
|
||||
}
|
||||
|
||||
public void setHostRegex(String hostRegex) {
|
||||
this.hostRegex = hostRegex;
|
||||
}
|
||||
|
||||
|
||||
public String getSourceType() {
|
||||
return sourceType;
|
||||
}
|
||||
|
||||
public String getSource() {
|
||||
return source;
|
||||
}
|
||||
|
||||
public String getIndex() {
|
||||
return index;
|
||||
}
|
||||
|
||||
public IngestType getIngest() {
|
||||
return ingest;
|
||||
}
|
||||
|
||||
public int getTcpPort() {
|
||||
return tcpPort;
|
||||
}
|
||||
|
||||
public String getHost() {
|
||||
return host;
|
||||
}
|
||||
|
||||
public String getHostRegex() {
|
||||
return hostRegex;
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.beans.factory.InitializingBean#afterPropertiesSet()
|
||||
*/
|
||||
public void afterPropertiesSet() throws Exception {
|
||||
Assert.notNull(ingest, "You must specify ingest type");
|
||||
}
|
||||
|
||||
}
|
||||
@@ -25,7 +25,7 @@ import org.springframework.integration.MessageHandlingException;
|
||||
import org.springframework.integration.MessagingException;
|
||||
import org.springframework.integration.splunk.core.DataReader;
|
||||
import org.springframework.integration.splunk.core.DataWriter;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
/**
|
||||
* Bundles common core logic for the Splunk components.
|
||||
@@ -57,7 +57,7 @@ public class SplunkExecutor implements InitializingBean {
|
||||
*/
|
||||
public Object executeOutboundOperation(final Message<?> message) {
|
||||
try {
|
||||
SplunkData payload = (SplunkData) message.getPayload();
|
||||
SplunkEvent payload = (SplunkEvent) message.getPayload();
|
||||
writer.write(payload);
|
||||
} catch (Exception e) {
|
||||
String errorMsg = "error in writing data into Splunk";
|
||||
@@ -74,9 +74,9 @@ public class SplunkExecutor implements InitializingBean {
|
||||
/**
|
||||
* Execute the Splunk operation.
|
||||
*/
|
||||
public List<SplunkData> poll() {
|
||||
public List<SplunkEvent> poll() {
|
||||
logger.debug("poll start:");
|
||||
List<SplunkData> queryData = null;
|
||||
List<SplunkEvent> queryData = null;
|
||||
try {
|
||||
queryData = reader.search();
|
||||
} catch (Exception e) {
|
||||
|
||||
@@ -0,0 +1,74 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Socket;
|
||||
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Index;
|
||||
import com.splunk.Receiver;
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
*
|
||||
* DataWriter to stream data into Splunk using an optional index. If no index specified,
|
||||
* the main default index is used.
|
||||
*
|
||||
* @author Jarred Li
|
||||
* @author David Turanski
|
||||
* @since 1.0
|
||||
*
|
||||
*/
|
||||
|
||||
public class SplunkIndexWriter extends AbstractSplunkDataWriter {
|
||||
private String indexName;
|
||||
/**
|
||||
*
|
||||
* @param connectionFactory
|
||||
* @param args
|
||||
*/
|
||||
public SplunkIndexWriter(ConnectionFactory<Service> connectionFactory, Args args) {
|
||||
super(connectionFactory, args);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
|
||||
*/
|
||||
@Override
|
||||
protected Socket createSocket(Service service) throws IOException {
|
||||
Index indexObject = null;
|
||||
Receiver receiver = null;
|
||||
Socket socket = null;
|
||||
|
||||
if (indexName != null) {
|
||||
indexObject = service.getIndexes().get(indexName);
|
||||
Assert.notNull(indexObject,String.format("cannot find index [%s]",indexName));
|
||||
socket = indexObject.attach(args);
|
||||
|
||||
|
||||
} else {
|
||||
receiver = service.getReceiver();
|
||||
socket = receiver.attach(args);
|
||||
}
|
||||
if (logger.isDebugEnabled()) {
|
||||
logger.debug(String.format("created a socket on %s", socket.getRemoteSocketAddress()));
|
||||
}
|
||||
return socket;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -13,7 +13,9 @@
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.entity;
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
* Splunk server entity
|
||||
@@ -24,13 +26,14 @@ package org.springframework.integration.splunk.entity;
|
||||
*/
|
||||
public class SplunkServer {
|
||||
|
||||
private String host;
|
||||
private int port;
|
||||
private String scheme;
|
||||
private String host = Service.DEFAULT_HOST;
|
||||
private int port = Service.DEFAULT_PORT;
|
||||
private String scheme = Service.DEFAULT_SCHEME;
|
||||
private String app;
|
||||
private String owner;
|
||||
private String userName;
|
||||
private String username;
|
||||
private String password;
|
||||
private int timeout;
|
||||
|
||||
/**
|
||||
* @return the host
|
||||
@@ -60,26 +63,50 @@ public class SplunkServer {
|
||||
this.port = port;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getScheme() {
|
||||
return scheme;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param scheme
|
||||
*/
|
||||
public void setScheme(String scheme) {
|
||||
this.scheme = scheme;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getApp() {
|
||||
return app;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param app
|
||||
*/
|
||||
public void setApp(String app) {
|
||||
this.app = app;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getOwner() {
|
||||
return owner;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* @param owner
|
||||
*/
|
||||
public void setOwner(String owner) {
|
||||
this.owner = owner;
|
||||
}
|
||||
@@ -87,15 +114,15 @@ public class SplunkServer {
|
||||
/**
|
||||
* @return the userName
|
||||
*/
|
||||
public String getUserName() {
|
||||
return userName;
|
||||
public String getUsername() {
|
||||
return username;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param userName the userName to set
|
||||
* @param username the username to set
|
||||
*/
|
||||
public void setUserName(String userName) {
|
||||
this.userName = userName;
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -112,6 +139,18 @@ public class SplunkServer {
|
||||
this.password = password;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @return the timeout in ms.
|
||||
*/
|
||||
public int getTimeout() {
|
||||
return timeout;
|
||||
}
|
||||
|
||||
/**
|
||||
* set the timeout in ms.
|
||||
* @param timeout
|
||||
*/
|
||||
public void setTimeout(int timeout) {
|
||||
this.timeout = timeout;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,68 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Socket;
|
||||
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Index;
|
||||
import com.splunk.Receiver;
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
public class SplunkSubmitWriter extends AbstractSplunkDataWriter {
|
||||
private String indexName;
|
||||
/**
|
||||
* @param connectionFactory
|
||||
*/
|
||||
public SplunkSubmitWriter(ConnectionFactory<Service> connectionFactory, Args args) {
|
||||
super(connectionFactory, args);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.support.SplunkDataWriter#doWrite(org.springframework.integration.splunk.event.SplunkEvent, java.net.Socket, com.splunk.Service, com.splunk.Args)
|
||||
*/
|
||||
@Override
|
||||
protected void doWrite(SplunkEvent event, Socket socket, Service service, Args args) throws IOException {
|
||||
|
||||
Index index = getIndex();
|
||||
if (index != null) {
|
||||
index.submit(args, event.toString());
|
||||
} else {
|
||||
Receiver receiver = service.getReceiver();
|
||||
receiver.submit(args, event.toString());
|
||||
}
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
|
||||
*/
|
||||
@Override
|
||||
protected Socket createSocket(Service service) throws IOException {
|
||||
return null;
|
||||
}
|
||||
private Index getIndex() {
|
||||
return (indexName == null) ? null: service.getIndexes().get(indexName);
|
||||
}
|
||||
|
||||
public void setIndexName(String indexName) {
|
||||
this.indexName = indexName;
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,63 @@
|
||||
/*
|
||||
* Copyright 2002-2013 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
|
||||
* the License. You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
|
||||
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations under the License.
|
||||
*/
|
||||
package org.springframework.integration.splunk.support;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.net.Socket;
|
||||
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.util.Assert;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Input;
|
||||
import com.splunk.Service;
|
||||
|
||||
/**
|
||||
*
|
||||
* A {@link SplunkStreamWriter} that creates a socket on a given port
|
||||
* @author David Turanski
|
||||
*
|
||||
*/
|
||||
public class SplunkTcpWriter extends AbstractSplunkDataWriter {
|
||||
private int port;
|
||||
|
||||
/**
|
||||
* @param connectionFactory
|
||||
* @param args
|
||||
*/
|
||||
public SplunkTcpWriter(ConnectionFactory<Service> connectionFactory, Args args) {
|
||||
super(connectionFactory, args);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.support.SplunkDataWriter#createSocket(com.splunk.Service)
|
||||
*/
|
||||
@Override
|
||||
protected Socket createSocket(Service service) throws IOException {
|
||||
|
||||
Input input = service.getInputs().get(String.valueOf(port));
|
||||
Assert.notNull(input, "no input defined for port " + port);
|
||||
Assert.isTrue(!input.isDisabled(),String.format("input on port %d is disabled",port));
|
||||
Socket socket = service.open(port);
|
||||
return socket;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param port the port to set
|
||||
*/
|
||||
public void setPort(int port) {
|
||||
this.port = port;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -9,7 +9,7 @@
|
||||
<xsd:import namespace="http://www.springframework.org/schema/beans" />
|
||||
<xsd:import namespace="http://www.springframework.org/schema/tool" />
|
||||
<xsd:import namespace="http://www.springframework.org/schema/integration"
|
||||
schemaLocation="http://www.springframework.org/schema/integration/spring-integration-2.2.xsd" />
|
||||
schemaLocation="http://www.springframework.org/schema/integration/spring-integration.xsd" />
|
||||
|
||||
<xsd:annotation>
|
||||
<xsd:documentation><![CDATA[
|
||||
@@ -85,7 +85,7 @@ Indicates the Splunk server owner name
|
||||
</xsd:appinfo>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="userName" use="required">
|
||||
<xsd:attribute name="username" use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation><![CDATA[
|
||||
Indicates the userName to login Splunk server
|
||||
@@ -110,7 +110,19 @@ Indicates the password to login Splunk server
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="scope" type="xsd:string" use="optional" />
|
||||
<xsd:attribute name="id" type="xsd:ID" use="required" />
|
||||
<xsd:attribute name="id" type="xsd:string" use="required" />
|
||||
<xsd:attribute name="timeout" type="xsd:string" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation><![CDATA[
|
||||
Indicates the connection timeout in ms.
|
||||
]]></xsd:documentation>
|
||||
<xsd:appinfo>
|
||||
<tool:annotation kind="direct">
|
||||
<tool:expected-type type="java.lang.Integer" />
|
||||
</tool:annotation>
|
||||
</xsd:appinfo>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
@@ -168,7 +180,7 @@ Indicates the password to login Splunk server
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="fieldList" type="xsd:string">
|
||||
<xsd:attribute name="field-list" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
A comma-separated list of the fields to return
|
||||
@@ -182,28 +194,28 @@ Indicates the password to login Splunk server
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="earliestTime" type="xsd:string">
|
||||
<xsd:attribute name="earliest-time" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Time modifier for the start of the time window.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="latestTime" type="xsd:string">
|
||||
<xsd:attribute name="latest-time" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Time modifier for the end of the time window.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="initEarliestTime" type="xsd:string" use="required">
|
||||
<xsd:attribute name="init-earliest-time" type="xsd:string" use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Time modifier for the start of the time window for the first search.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="savedSearch" type="xsd:string">
|
||||
<xsd:attribute name="saved-search" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Saved search.
|
||||
@@ -226,6 +238,26 @@ Indicates the password to login Splunk server
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
</xsd:element>
|
||||
|
||||
<xsd:complexType name="indexWriterType">
|
||||
<xsd:attribute name="index" type="xsd:string" use="optional">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Index to write to.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:complexType name="tcpWriterType">
|
||||
<xsd:attribute name="port" type="xsd:string" use="required">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
The port corresponding to a tcp Input
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
</xsd:complexType>
|
||||
|
||||
<xsd:element name="outbound-channel-adapter">
|
||||
<xsd:annotation>
|
||||
@@ -237,6 +269,29 @@ Indicates the password to login Splunk server
|
||||
<xsd:sequence>
|
||||
<xsd:element ref="integration:poller" minOccurs="0"
|
||||
maxOccurs="1" />
|
||||
<xsd:choice>
|
||||
<xsd:element name="index-writer" type="indexWriterType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Defines a Data Writer for streaming data to an index, or the default index if not specified.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
<xsd:element name="tcp-writer" type="tcpWriterType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Defines a Data Writer for streaming data to a tcp input port.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
<xsd:element name="submit-writer" type="indexWriterType">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Defines a Data Writer to submit data, using the REST interface, to an index, or the default index if not specified.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:element>
|
||||
</xsd:choice>
|
||||
</xsd:sequence>
|
||||
<xsd:attributeGroup ref="coreSplunkComponentAttributes" />
|
||||
<xsd:attribute name="channel" type="xsd:string">
|
||||
@@ -272,34 +327,14 @@ Indicates the password to login Splunk server
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="sourceType" type="xsd:string">
|
||||
<xsd:attribute name="source-type" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Splunk event source type
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="index" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Splunk index name
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="ingest" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Splunk ingest method: tcp, streaming, submit. Default stream.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="tcpPort" type="xsd:integer">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Splunk ingest method: tcp, streaming, submit. Default stream.
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
|
||||
<xsd:attribute name="host" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
@@ -307,7 +342,8 @@ Indicates the password to login Splunk server
|
||||
</xsd:documentation>
|
||||
</xsd:annotation>
|
||||
</xsd:attribute>
|
||||
<xsd:attribute name="hostRegex" type="xsd:string">
|
||||
|
||||
<xsd:attribute name="host-regex" type="xsd:string">
|
||||
<xsd:annotation>
|
||||
<xsd:documentation>
|
||||
Host regex can be provided so Splunk can dynamically extract the host value from the log event
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
*/
|
||||
package org.springframework.integration.splunk.config.xml;
|
||||
|
||||
import static org.junit.Assert.*;
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
@@ -47,23 +48,22 @@ public class SplunkInboundChannelAdapterParserSavedSearchTests {
|
||||
public void testParseSourceElementParserContext() {
|
||||
SourcePollingChannelAdapter adapter = appContext.getBean("splunkInboundChannelAdapter",
|
||||
SourcePollingChannelAdapter.class);
|
||||
Assert.assertNotNull(adapter);
|
||||
|
||||
assertNotNull(adapter);
|
||||
SplunkDataReader reader = appContext.getBean("splunkInboundChannelAdapter.splunkExecutor.reader",
|
||||
SplunkDataReader.class);
|
||||
Assert.assertNotNull(reader);
|
||||
assertNotNull(reader);
|
||||
|
||||
SearchMode mode = SearchMode.SAVEDSEARCH;
|
||||
Assert.assertEquals(mode, reader.getMode());
|
||||
assertEquals(mode, reader.getMode());
|
||||
|
||||
String savedSearch = "savedSearch";
|
||||
Assert.assertEquals(savedSearch, reader.getSavedSearch());
|
||||
assertEquals(savedSearch, reader.getSavedSearch());
|
||||
|
||||
String owner = "admin";
|
||||
Assert.assertEquals(owner, reader.getOwner());
|
||||
assertEquals(owner, reader.getOwner());
|
||||
|
||||
String app = "search";
|
||||
Assert.assertEquals(app, reader.getApp());
|
||||
assertEquals(app, reader.getApp());
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,14 +15,15 @@
|
||||
*/
|
||||
package org.springframework.integration.splunk.config.xml;
|
||||
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.integration.splunk.support.IngestType;
|
||||
import org.springframework.integration.splunk.support.SplunkDataWriter;
|
||||
import org.springframework.integration.splunk.support.AbstractSplunkDataWriter;
|
||||
import org.springframework.integration.splunk.support.SplunkIndexWriter;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
@@ -46,19 +47,10 @@ public class SplunkOutboundChannelAdapterParserStreamTests {
|
||||
Object adapter = appContext.getBean("splunkOutboundChannelAdapter");
|
||||
Assert.assertNotNull(adapter);
|
||||
|
||||
SplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
|
||||
SplunkDataWriter.class);
|
||||
AbstractSplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
|
||||
AbstractSplunkDataWriter.class);
|
||||
Assert.assertNotNull(writer);
|
||||
|
||||
IngestType ingest = IngestType.STREAM;
|
||||
Assert.assertEquals(ingest, writer.getIngest());
|
||||
|
||||
String host = "test.host";
|
||||
Assert.assertEquals(host, writer.getHost());
|
||||
|
||||
String hostRegex = "test.host.*";
|
||||
Assert.assertEquals(hostRegex, writer.getHostRegex());
|
||||
|
||||
assertTrue(writer instanceof SplunkIndexWriter);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -15,14 +15,17 @@
|
||||
*/
|
||||
package org.springframework.integration.splunk.config.xml;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertNotNull;
|
||||
import static org.junit.Assert.assertTrue;
|
||||
import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.integration.splunk.support.IngestType;
|
||||
import org.springframework.integration.splunk.support.SplunkDataWriter;
|
||||
import org.springframework.integration.splunk.support.AbstractSplunkDataWriter;
|
||||
import org.springframework.integration.splunk.support.SplunkSubmitWriter;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
@@ -46,19 +49,19 @@ public class SplunkOutboundChannelAdapterParserTests {
|
||||
Object adapter = appContext.getBean("splunkOutboundChannelAdapter");
|
||||
Assert.assertNotNull(adapter);
|
||||
|
||||
SplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
|
||||
SplunkDataWriter.class);
|
||||
Assert.assertNotNull(writer);
|
||||
|
||||
AbstractSplunkDataWriter writer = appContext.getBean("splunkOutboundChannelAdapter.splunkExecutor.writer",
|
||||
AbstractSplunkDataWriter.class);
|
||||
assertNotNull(writer);
|
||||
|
||||
assertTrue(writer instanceof SplunkSubmitWriter);
|
||||
assertEquals(false,writer.isAutoStartup());
|
||||
assertEquals(false,writer.isRunning());
|
||||
|
||||
String sourceType = "spring-integration";
|
||||
Assert.assertEquals(sourceType, writer.getSourceType());
|
||||
assertEquals(sourceType, writer.getArgs().get("sourcetype"));
|
||||
|
||||
String source = "example5";
|
||||
Assert.assertEquals(source, writer.getSource());
|
||||
|
||||
IngestType ingest = IngestType.SUBMIT;
|
||||
Assert.assertEquals(ingest, writer.getIngest());
|
||||
|
||||
assertEquals(source, writer.getArgs().get("source"));
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.integration.splunk.entity.SplunkServer;
|
||||
import org.springframework.integration.splunk.support.SplunkServer;
|
||||
import org.springframework.test.context.ContextConfiguration;
|
||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
||||
|
||||
@@ -46,7 +46,7 @@ public class SplunkServerParserTests {
|
||||
|
||||
Assert.assertEquals("test.splunk.server", server.getHost());
|
||||
Assert.assertEquals(8089, server.getPort());
|
||||
Assert.assertEquals("admin", server.getUserName());
|
||||
Assert.assertEquals("admin", server.getUsername());
|
||||
Assert.assertEquals("password", server.getPassword());
|
||||
Assert.assertEquals("https", server.getScheme());
|
||||
Assert.assertEquals("admin", server.getOwner());
|
||||
|
||||
@@ -25,7 +25,7 @@ import junit.framework.Assert;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
import org.springframework.integration.splunk.support.SplunkExecutor;
|
||||
|
||||
/**
|
||||
@@ -50,13 +50,13 @@ public class SplunkPollingChannelAdapterTests {
|
||||
*/
|
||||
@Test
|
||||
public void testReceive() {
|
||||
List<SplunkData> data = new ArrayList<SplunkData>();
|
||||
SplunkData sd = new SplunkData("spring", "spring:example");
|
||||
List<SplunkEvent> data = new ArrayList<SplunkEvent>();
|
||||
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
|
||||
sd.setCommonDesc("description");
|
||||
data.add(sd);
|
||||
when(executor.poll()).thenReturn(data);
|
||||
|
||||
List<SplunkData> received = inboundAdapter.receive().getPayload();
|
||||
List<SplunkEvent> received = inboundAdapter.receive().getPayload();
|
||||
Assert.assertEquals(1, received.size());
|
||||
}
|
||||
|
||||
|
||||
@@ -19,7 +19,6 @@ import junit.framework.Assert;
|
||||
|
||||
import org.junit.Test;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.entity.SplunkServer;
|
||||
|
||||
import com.splunk.Service;
|
||||
|
||||
|
||||
@@ -32,7 +32,7 @@ import org.junit.Test;
|
||||
import org.springframework.core.io.ClassPathResource;
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
import com.splunk.Job;
|
||||
import com.splunk.JobCollection;
|
||||
@@ -60,7 +60,7 @@ public class SplunkDataReaderTests {
|
||||
public void testBlockingSearch() throws Exception {
|
||||
reader.setMode(SearchMode.BLOCKING);
|
||||
reader.setSearch("search spring:example");
|
||||
List<SplunkData> data = reader.search();
|
||||
List<SplunkEvent> data = reader.search();
|
||||
Assert.assertNotNull(data);
|
||||
Assert.assertEquals(5, data.size());
|
||||
}
|
||||
@@ -69,7 +69,7 @@ public class SplunkDataReaderTests {
|
||||
public void testNonBlockingSearch() throws Exception {
|
||||
reader.setMode(SearchMode.NORMAL);
|
||||
reader.setSearch("search spring:example");
|
||||
List<SplunkData> data = reader.search();
|
||||
List<SplunkEvent> data = reader.search();
|
||||
Assert.assertNotNull(data);
|
||||
Assert.assertEquals(5, data.size());
|
||||
}
|
||||
@@ -79,7 +79,7 @@ public class SplunkDataReaderTests {
|
||||
public void testRealtimeSearch() throws Exception {
|
||||
reader.setMode(SearchMode.REALTIME);
|
||||
reader.setSearch("search spring:example");
|
||||
List<SplunkData> data = reader.search();
|
||||
List<SplunkEvent> data = reader.search();
|
||||
Assert.assertNotNull(data);
|
||||
Assert.assertEquals(5, data.size());
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.springframework.integration.splunk.core.Connection;
|
||||
import org.springframework.integration.splunk.core.ConnectionFactory;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
|
||||
import com.splunk.Args;
|
||||
import com.splunk.Receiver;
|
||||
@@ -35,31 +35,36 @@ import com.splunk.Service;
|
||||
*/
|
||||
public class SplunkDataWriterTests {
|
||||
|
||||
private SplunkDataWriter writer;
|
||||
private AbstractSplunkDataWriter writer;
|
||||
|
||||
private static Receiver receiver = mock(Receiver.class);
|
||||
|
||||
private Args args;
|
||||
@Before
|
||||
public void before() {
|
||||
writer = new SplunkDataWriter(new TestConnectioniFactory());
|
||||
args = new Args();
|
||||
writer = new SplunkSubmitWriter(new TestConnectionFactory(),args);
|
||||
writer.start();
|
||||
}
|
||||
|
||||
/**
|
||||
* Test method for {@link org.springframework.integration.splunk.support.SplunkDataWriter#write(org.springframework.integration.splunk.entity.SplunkData)}.
|
||||
* Test method for {@link org.springframework.integration.splunk.support.AbstractSplunkDataWriter#write(org.springframework.integration.splunk.event.SplunkEvent)}.
|
||||
* @throws Exception
|
||||
*/
|
||||
@Test
|
||||
public void testWrite() throws Exception {
|
||||
writer.setIngest(IngestType.SUBMIT);
|
||||
|
||||
|
||||
SplunkData sd = new SplunkData("spring", "spring:example");
|
||||
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
|
||||
sd.setCommonDesc("description");
|
||||
writer.write(sd);
|
||||
Args args = new Args();
|
||||
verify(receiver).submit(eq(args), matches(".*spring:example.*"));
|
||||
|
||||
verify(receiver).submit(eq(args), matches(".*spring:example.*\n"));
|
||||
|
||||
writer.stop();
|
||||
}
|
||||
|
||||
public static class TestConnectioniFactory implements ConnectionFactory<Service> {
|
||||
public static class TestConnectionFactory implements ConnectionFactory<Service> {
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.integration.splunk.core.ConnectionFactory#getConnection()
|
||||
|
||||
@@ -29,7 +29,7 @@ import org.junit.Test;
|
||||
import org.springframework.integration.Message;
|
||||
import org.springframework.integration.splunk.core.DataReader;
|
||||
import org.springframework.integration.splunk.core.DataWriter;
|
||||
import org.springframework.integration.splunk.entity.SplunkData;
|
||||
import org.springframework.integration.splunk.event.SplunkEvent;
|
||||
import org.springframework.integration.support.MessageBuilder;
|
||||
|
||||
/**
|
||||
@@ -59,9 +59,9 @@ public class SplunkExecutorTests {
|
||||
*/
|
||||
@Test
|
||||
public void testHandleMessage() throws Exception {
|
||||
SplunkData sd = new SplunkData("spring", "spring:example");
|
||||
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
|
||||
sd.setCommonDesc("description");
|
||||
Message<SplunkData> message = MessageBuilder.withPayload(sd).build();
|
||||
Message<SplunkEvent> message = MessageBuilder.withPayload(sd).build();
|
||||
executor.handleMessage(message);
|
||||
verify(writer).write(sd);
|
||||
}
|
||||
@@ -72,17 +72,17 @@ public class SplunkExecutorTests {
|
||||
*/
|
||||
@Test
|
||||
public void testPoll() throws Exception {
|
||||
List<SplunkData> data = new ArrayList<SplunkData>();
|
||||
SplunkData sd = new SplunkData("spring", "spring:example");
|
||||
List<SplunkEvent> data = new ArrayList<SplunkEvent>();
|
||||
SplunkEvent sd = new SplunkEvent("spring", "spring:example");
|
||||
sd.setCommonDesc("description");
|
||||
data.add(sd);
|
||||
|
||||
sd = new SplunkData("spring", "spring:example");
|
||||
sd = new SplunkEvent("spring", "spring:example");
|
||||
sd.setCommonDesc("description");
|
||||
data.add(sd);
|
||||
when(reader.search()).thenReturn(data);
|
||||
|
||||
List<SplunkData> result = executor.poll();
|
||||
List<SplunkEvent> result = executor.poll();
|
||||
Assert.assertEquals(2, result.size());
|
||||
|
||||
}
|
||||
|
||||
@@ -3,3 +3,5 @@ log4j.rootCategory=INFO, stdout
|
||||
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
|
||||
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
|
||||
log4j.appender.stdout.layout.ConversionPattern=%d{HH:mm:ss.SSS} %-5p [%t][%c] %m%n
|
||||
|
||||
log4j.category.org.springframework.integration.splunk=DEBUG
|
||||
|
||||
@@ -14,6 +14,6 @@
|
||||
<context:component-scan base-package="org.springframework.integration.splunk.support"></context:component-scan>
|
||||
<bean id="conversionService" class="org.springframework.context.support.ConversionServiceFactoryBean"/>
|
||||
|
||||
<int-splunk:server id="splunkServer" host="10.112.127.51" port="8089" userName="admin" password="password" owner="admin"/>
|
||||
<int-splunk:server id="splunkServer" username="admin" password="password" owner="admin" timeout="5000"/>
|
||||
|
||||
</beans>
|
||||
|
||||
@@ -16,9 +16,9 @@
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="false"
|
||||
splunk-server-ref="splunkServer"
|
||||
channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now"
|
||||
initEarliestTime="-1d" count="1000"
|
||||
savedSearch="savedSearch" owner="admin" app="search">
|
||||
channel="inputFromSplunk" mode="SAVEDSEARCH" earliest-time="-1d" latest-time="now"
|
||||
init-earliest-time="-1d" count="1000"
|
||||
saved-search="savedSearch" owner="admin" app="search">
|
||||
<int:poller fixed-rate="5000"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
|
||||
|
||||
@@ -16,8 +16,8 @@
|
||||
<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
|
||||
auto-startup="false" search="search spring:example"
|
||||
splunk-server-ref="splunkServer"
|
||||
channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now"
|
||||
initEarliestTime="-1d" fieldList="field1, field2">
|
||||
channel="inputFromSplunk" mode="BLOCKING" earliest-time="-1d" latest-time="now"
|
||||
init-earliest-time="-1d" field-list="field1, field2">
|
||||
<int:poller fixed-rate="5000"/>
|
||||
</int-splunk:inbound-channel-adapter>
|
||||
|
||||
|
||||
@@ -11,14 +11,14 @@
|
||||
|
||||
<import resource="../../SplunkCommon-context.xml" />
|
||||
|
||||
<int:channel id="outputToSplunk">
|
||||
</int:channel>
|
||||
|
||||
<int:channel id="outputToSplunk"/>
|
||||
|
||||
<int-splunk:outbound-channel-adapter
|
||||
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
|
||||
id="splunkOutboundChannelAdapter" auto-startup="false" order="1"
|
||||
channel="outputToSplunk" splunk-server-ref="splunkServer"
|
||||
pool-server-connection="true" sourceType="spring-integration" source="example5"
|
||||
ingest="STREAM" host="test.host" hostRegex="test.host.*">
|
||||
pool-server-connection="true" source-type="spring-integration" source="example5"
|
||||
host="test.host" host-regex="test.host.*">
|
||||
<int-splunk:index-writer/>
|
||||
</int-splunk:outbound-channel-adapter>
|
||||
|
||||
</beans>
|
||||
|
||||
@@ -11,14 +11,13 @@
|
||||
|
||||
<import resource="../../SplunkCommon-context.xml" />
|
||||
|
||||
<int:channel id="outputToSplunk">
|
||||
</int:channel>
|
||||
<int:channel id="outputToSplunk"/>
|
||||
|
||||
<int-splunk:outbound-channel-adapter
|
||||
id="splunkOutboundChannelAdapter" auto-startup="true" order="1"
|
||||
id="splunkOutboundChannelAdapter" auto-startup="false" order="1"
|
||||
channel="outputToSplunk" splunk-server-ref="splunkServer"
|
||||
pool-server-connection="true" sourceType="spring-integration" source="example5"
|
||||
ingest="SUBMIT">
|
||||
pool-server-connection="true" source-type="spring-integration" source="example5"
|
||||
>
|
||||
<int-splunk:submit-writer/>
|
||||
</int-splunk:outbound-channel-adapter>
|
||||
|
||||
</beans>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
|
||||
|
||||
<int-splunk:server id="splunkServer" host="test.splunk.server"
|
||||
port="8089" userName="admin" password="password" owner="admin" app="search"
|
||||
port="8089" username="admin" password="password" owner="admin" app="search"
|
||||
scheme="https" />
|
||||
|
||||
</beans>
|
||||
|
||||
Reference in New Issue
Block a user