[GitHub] [apisix] spacewander commented on a change in pull request #5819: feat(splunk): support splunk hec logging plugin
spacewander commented on a change in pull request #5819:
URL: https://github.com/apache/apisix/pull/5819#discussion_r771945523
##
File path: apisix/plugins/splunk-hec-logging.lua
##
@@ -0,0 +1,189 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+local core= require("apisix.core")
+local ngx = ngx
+local type= type
+local ngx_now = ngx.now
+local ngx_update_time = ngx.update_time
+local http= require("resty.http")
+local log_util= require("apisix.utils.log-util")
+local bp_manager_mod = require("apisix.utils.batch-processor-manager")
+
+
+local DEFAULT_SPLUNK_HEC_ENTRY_SOURCE = "apache-apisix-splunk-hec-logging"
+local DEFAULT_SPLUNK_HEC_ENTRY_TYPE = "_json"
+
+
+local plugin_name = "splunk-hec-logging"
+local batch_processor_manager = bp_manager_mod.new(plugin_name)
+
+
+local schema = {
+type = "object",
+properties = {
+endpoint = {
+type = "object",
+properties = {
+uri = core.schema.uri_def,
+token = {
+type = "string",
+},
+channel = {
+type = "string",
+},
+timeout = {
+type = "integer",
+minimum = 1,
+default = 60
+}
+},
+required = { "uri", "token" }
+},
+ssl_verify = {
+type = "boolean",
+default = true
+},
+max_retry_count = {
+type = "integer",
+minimum = 0,
+default = 0
+},
+retry_delay = {
+type = "integer",
+minimum = 0,
+default = 1
+},
+buffer_duration = {
+type = "integer",
+minimum = 1,
+default = 60
+},
+inactive_timeout = {
+type = "integer",
+minimum = 1,
+default = 10
+},
+batch_max_size = {
+type = "integer",
+minimum = 1,
+default = 100
+},
+},
+required = { "endpoint" },
+}
+
+
+local function get_logger_entry(conf)
+local entry = log_util.get_full_log(ngx, conf)
+ngx_update_time()
+return {
+time = ngx_now(),
+host = entry.server.hostname,
+source = DEFAULT_SPLUNK_HEC_ENTRY_SOURCE,
+sourcetype = DEFAULT_SPLUNK_HEC_ENTRY_TYPE,
+event = {
+request_url = entry.request.url,
+request_method = entry.request.method,
+request_headers = entry.request.headers,
+request_query = entry.request.querystring,
+request_size = entry.request.size,
+response_headers = entry.response.headers,
+response_status = entry.response.status,
+response_size = entry.response.size,
+latency = entry.latency,
+upstream = entry.upstream,
+}
+}
+end
+
+
+local function send_to_splunk(conf, entries)
+if type(conf.endpoint) ~= "table" then
+return nil, "endpoint config invalid"
+end
+
+if not conf.endpoint.uri then
+return nil, "endpoint url undefined"
+end
+
+if not conf.endpoint.token then
+return nil, "endpoint token undefined"
+end
+
+local request_headers = {}
+request_headers["Content-Type"] = "application/json"
+request_headers["Authorization"] = "Splunk " .. conf.endpoint.token
+if conf.endpoint.channel then
+request_headers["X-Splunk-Request-Channel"] = conf.endpoint.channel
+end
+
+local http_new = http.new()
+local res, err = http_new:request_uri(conf.endpoint.uri, {
+ssl_verify = conf.ssl_verify,
+method = "POST",
+body = core.json.encode(entries),
+headers = request_headers,
+})
+
+if err then
+return nil, "failed to write log to splunk, " .. err
+end
+
+local body
+body, err = core.json.decode(res.body)
+if err then
+return nil, "failed to parse splunk response data, " .. err
+end
+
+if res.status ~= 200 then
Review comment:
The st
[GitHub] [apisix] spacewander commented on a change in pull request #5819: feat(splunk): support splunk hec logging plugin
spacewander commented on a change in pull request #5819:
URL: https://github.com/apache/apisix/pull/5819#discussion_r771086695
##
File path: apisix/plugins/splunk-hec-logging.lua
##
@@ -0,0 +1,189 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+local core= require("apisix.core")
+local ngx = ngx
+local type= type
+local ngx_now = ngx.now
+local ngx_update_time = ngx.update_time
+local http= require("resty.http")
+local log_util= require("apisix.utils.log-util")
+local bp_manager_mod = require("apisix.utils.batch-processor-manager")
+
+
+local DEFAULT_SPLUNK_HEC_ENTRY_SOURCE = "apache-apisix-splunk-hec-logging"
+local DEFAULT_SPLUNK_HEC_ENTRY_TYPE = "_json"
+
+
+local plugin_name = "splunk-hec-logging"
+local batch_processor_manager = bp_manager_mod.new(plugin_name)
+
+
+local schema = {
+type = "object",
+properties = {
+endpoint = {
+type = "object",
+properties = {
+uri = core.schema.uri_def,
+token = {
+type = "string",
+},
+channel = {
+type = "string",
+},
+timeout = {
+type = "integer",
+minimum = 1,
+default = 60
+}
+},
+required = { "uri", "token" }
+},
+ssl_verify = {
+type = "boolean",
+default = true
+},
+max_retry_count = {
+type = "integer",
+minimum = 0,
+default = 0
+},
+retry_delay = {
+type = "integer",
+minimum = 0,
+default = 1
+},
+buffer_duration = {
+type = "integer",
+minimum = 1,
+default = 60
+},
+inactive_timeout = {
+type = "integer",
+minimum = 1,
+default = 10
+},
+batch_max_size = {
+type = "integer",
+minimum = 1,
+default = 100
+},
+},
+required = { "endpoint" },
+}
+
+
+local function get_logger_entry(conf)
+local entry = log_util.get_full_log(ngx, conf)
+ngx_update_time()
Review comment:
The timestamp here is not critical. We don't need to always update the
cache.
##
File path: apisix/plugins/splunk-hec-logging.lua
##
@@ -0,0 +1,189 @@
+--
+-- Licensed to the Apache Software Foundation (ASF) under one or more
+-- contributor license agreements. See the NOTICE file distributed with
+-- this work for additional information regarding copyright ownership.
+-- The ASF licenses this file to You under the Apache License, Version 2.0
+-- (the "License"); you may not use this file except in compliance with
+-- the License. You may obtain a copy of the License at
+--
+-- http://www.apache.org/licenses/LICENSE-2.0
+--
+-- Unless required by applicable law or agreed to in writing, software
+-- distributed under the License is distributed on an "AS IS" BASIS,
+-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+-- See the License for the specific language governing permissions and
+-- limitations under the License.
+--
+
+local core= require("apisix.core")
+local ngx = ngx
+local type= type
+local ngx_now = ngx.now
+local ngx_update_time = ngx.update_time
+local http= require("resty.http")
+local log_util= require("apisix.utils.log-util")
+local bp_manager_mod = require("apisix.utils.batch-processor-manager")
+
+
+local DEFAULT_SPLUNK_HEC_ENTRY_SOURCE = "apache-apisix-splunk-hec-logging"
+local DEFAULT_SPLUNK_HEC_ENTRY_TYPE = "_json"
+
+
+local plugin_name = "splunk-hec-logging"
+local batch_processor_manager = bp_manager_mod.new(plugin_name)
+
+
+local schema = {
+type = "object",
+properties = {
+endpoint = {
+type = "object",
+properties = {
+uri = core.schema.uri_def,
+token = {
+type = "string",
+},
+channe
