-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Add a new plugin test case * Add a commented example plugin
- Loading branch information
Ryan Faircloth
authored and
GitHub
committed
Oct 2, 2019
1 parent
5145657
commit f4d696e
Showing
10 changed files
with
123 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| This file exists to preserve the path for plugin use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| This file exists to preserve the path for plugin use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
|
|
||
| filter f_local_example { | ||
| program(sc4splugin); | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| This file exists to preserve the path for plugin use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,76 @@ | ||
| # LOCAL_EXAMPLE | ||
|
|
||
| # When creating a real plugin, replace the upper case text "LOCAL_EXAMPLE" throughout this file with a unique | ||
| # string to identify the vendor product. The string should be of the form "VENDOR_PRODUCT" to signify the | ||
| # manufacturer and product type, and must contain only characters matching this regex: [A-Z\_]+ | ||
|
|
||
| # If any of the "LOCAL_EXAMPLE" variables passed into the environment are set (e.g. TLS, UDP, or TLS), | ||
| # the template generator will build a custom source based on the value of one or more of the set variables. | ||
|
|
||
| {{- if (ne (getenv (print "SC4S_LISTEN_LOCAL_EXAMPLE_TCP_PORT") "no") "no") or (ne (getenv (print "SC4S_LISTEN_LOCAL_EXAMPLE_UDP_PORT") "no") "no") or (ne (getenv (print "SC4S_LISTEN_LOCAL_EXAMPLE_TLS_PORT") "no") "no") }} | ||
|
|
||
| # "port_id" is used to generate the port variable to be used. It should match the "core" of the variable name | ||
| # set in the line above. For example, the "port_id" of "SC4S_LISTEN_LOCAL_EXAMPLE_TCP_PORT" is "LOCAL_EXAMPLE". | ||
| # "parser" can be customized on dedicated ports only | ||
| # "common" uses the same parser sequence as the default ports and is the most commonly used | ||
|
|
||
| {{ $context := dict "port_id" "LOCAL_EXAMPLE" "parser" "common"}} | ||
|
|
||
| # The following template execution creates a syslog-ng source with one or more dedicated ports for use with this log_path | ||
| # The ports used are based on the values of one or more of the environment variables set above. | ||
|
|
||
| {{ tmpl.Exec "t/source_network.t" $context }} | ||
| {{- end -}} | ||
| {{ define "log_path" }} | ||
| log { | ||
|
|
||
| # The first time this template is used the log_path will be linked to the default port | ||
|
|
||
| {{- if eq (.) "yes"}} | ||
| source(s_default-ports); | ||
|
|
||
| # Filters should be updated to use the simplest and most effecient logic possible to discard | ||
| # the message from this path | ||
|
|
||
| filter(f_is_rfc3164); | ||
| filter(f_local_example); | ||
| {{- end}} | ||
| {{- if eq (.) "no"}} | ||
|
|
||
| # In the second pass through the template a link to the dedicated port is used. This | ||
| # normally does not require additional filters | ||
|
|
||
| source (s_dedicated_port_LOCAL_EXAMPLE); | ||
| {{- end}} | ||
|
|
||
| #Set a default sourcetype and index | ||
|
|
||
| rewrite { r_set_splunk_dest_default(sourcetype("sc4s:local_example"), index("main"), template("t_msg_only"))}; | ||
|
|
||
| #using the key "local_example" find any cutomized index,source or sourcetype meta values | ||
|
|
||
| parser {p_add_context_splunk(key("local_example")); }; | ||
|
|
||
| # Any additional logic needed to process the event before sending to Splunk goes here | ||
|
|
||
| # Send it to Splunk | ||
|
|
||
| destination(d_hec); #--HEC-- | ||
|
|
||
| # Note: We normally do not use the "final" flag; this will allow another plugin to be created that will | ||
| # forward events to another system | ||
|
|
||
| flags(flow-control); | ||
|
|
||
| }; | ||
| {{- end}} | ||
| {{- if (ne (getenv (print "SC4S_LISTEN_LOCAL_EXAMPLE_TCP_PORT") "no") "no") or (ne (getenv (print "SC4S_LISTEN_LOCAL_EXAMPLE_UDP_PORT") "no") "no") or (ne (getenv (print "SC4S_LISTEN_MICROFOCUS_ARCSIGHT_TLS_PORT") "no") "no") }} | ||
|
|
||
| # Listen on the specified dedicated port(s) for LOCAL_EXAMPLE traffic | ||
|
|
||
| {{tmpl.Exec "log_path" "no" }} | ||
| {{- end}} | ||
|
|
||
| # Listen on the default port (typically 514) for LOCAL_EXAMPLE traffic | ||
|
|
||
| {{tmpl.Exec "log_path" "yes" }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| This file exists to preserve the path for plugin use |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| # Copyright 2019 Splunk, Inc. | ||
| # | ||
| # Use of this source code is governed by a BSD-2-clause-style | ||
| # license that can be found in the LICENSE-BSD2 file or at | ||
| # https://opensource.org/licenses/BSD-2-Clause | ||
| import random | ||
|
|
||
| from jinja2 import Environment | ||
|
|
||
| from .sendmessage import * | ||
| from .splunkutils import * | ||
|
|
||
| env = Environment(extensions=['jinja2_time.TimeExtension']) | ||
|
|
||
| def test_plugin_local_example(record_property, setup_wordlist, setup_splunk): | ||
| host = "{}-{}".format(random.choice(setup_wordlist), random.choice(setup_wordlist)) | ||
|
|
||
| mt = env.from_string("{{ mark }} {% now 'utc', '%b %d %H:%M:%S' %} {{ host }} sc4splugin[0]: test\n") | ||
| message = mt.render(mark="<111>", host=host) | ||
|
|
||
| sendsingle(message) | ||
|
|
||
| st = env.from_string("search index=main host=\"{{ host }}\" sourcetype=\"sc4s:local_example\" | head 2") | ||
| search = st.render(host=host) | ||
|
|
||
| resultCount, eventCount = splunk_single(setup_splunk, search) | ||
|
|
||
| record_property("host", host) | ||
| record_property("resultCount", resultCount) | ||
| record_property("message", message) | ||
|
|
||
| assert resultCount == 1 |