Merge pull request #358 from splunk/destination/hec_debug

Destination/hec debug
CSVD · Mar 13, 2020 · c3815c9 · c3815c9
2 parents 82d4748 + fab5b46
commit c3815c9
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/package/etc/conf.d/destinations/splunk_hec_debug.conf b/package/etc/conf.d/destinations/splunk_hec_debug.conf
@@ -0,0 +1,13 @@
+destination d_hec_debug {
+    file("/opt/syslog-ng/var/archive/debug/${.splunk.sourcetype}/${HOST}/$YEAR-$MONTH-$DAY-message.log"
+        template("curl -k -u \"sc4s HEC debug:$(env SPLUNK_HEC_TOKEN)\" \"$(env SPLUNK_HEC_URL)\" -d '$(format-json
+                 time=$S_UNIXTIME.$S_MSEC
+                 host=${HOST}
+                 source=${.splunk.source}
+                 sourcetype=${.splunk.sourcetype}
+                 index=${.splunk.index}
+                 event=$MSG
+                 fields.*)'\n")
+        create_dirs(yes)
+   );
+};