File Coverage

blib/lib/Splunk/HEC/Request.pm

Criterion	Covered	Total	%
statement	15	23	65.2
branch	0	4	0.0
condition			n/a
subroutine	5	6	83.3
pod	1	1	100.0
total	21	34	61.7

line	stmt	bran	sub	pod	time	code
1						package Splunk::HEC::Request;
2	2		2		83308	use Carp;
	2				19
	2				163
3	2		2		326	use Splunk::Base -base;
	2				8
	2				14
4	2		2		404	use Time::HiRes;
	2				2205
	2				18
5	2		2		1018	use Sys::Hostname;
	2				2045
	2				125
6	2		2		14	use strict;
	2				4
	2				613
7
8						# These keys are all optional. Any key-value pairs that are not included in the event will be set to values defined for the token on the Splunk server.
9						# "time" The event time. The default time format is epoch time format, in the format .. For example, 1433188255.500 indicates 1433188255 seconds and 500 milliseconds after epoch, or Monday, June 1, 2015, at 7:50:55 PM GMT.
10						# "host" The host value to assign to the event data. This is typically the hostname of the client from which you're sending data.
11						# "source" The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app.
12						# "sourcetype" The sourcetype value to assign to the event data.
13						# "index" The name of the index by which the event data is to be indexed. The index you specify here must within the list of allowed indexes if the token has the indexes parameter set.
14						# "fields" (Not applicable to raw data.) Specifies a JSON object that contains explicit custom fields to be defined at index time. Requests containing the "fields" property must be sent to the /collector/event endpoint, or they will not be indexed. For more information, see Indexed field extractions.
15
16						has time => sub { return sprintf('%.3f', Time::HiRes::time()); };
17						has host => sub { return Sys::Hostname::hostname(); };
18						has source => '';
19						has sourcetype => '';
20						has index => '';
21						has fields => '';
22						has event => '';
23
24						sub TO_JSON {
25	0		0	1		my $self = shift;
26	0	0				Carp::croak('Splunk HEC requests must contain a valid event') unless $self->event;
27	0					my %req = ();
28	0					foreach my $attr ('time', 'host', 'source', 'sourcetype', 'index', 'fields', 'event') {
29	0					my $value = $self->$attr;
30	0	0				next unless $value;
31	0					$req{$attr} = $value;
32						}
33
34	0					return \%req;
35						}
36
37						1;
38
39
40						=encoding utf8
41
42						=head1 NAME
43
44						Splunk::HEC::Request - An object wrapper for HEC events
45
46						=head1 SYNOPSIS
47
48						use Splunk::HEC;
49						use Splunk::HEC::Request;
50
51						my $req = Splunk::HEC::Request->new(
52						event => {
53						message => 'Something happened',
54						severity => 'INFO'
55						}
56						);
57
58						my $hec = Splunk::HEC->new;
59						my $res = $hec->send($req);
60						if ($res->is_success) { say $res->content }
61						elsif ($res->is_error) { say $res->reason }
62
63						=head1 DESCRIPTION
64
65						L is an object wrapper for HEC events
66
67						=head1 ATTRIBUTES
68
69						L implements the following attributes.
70
71						=head2 event
72
73						my $event = $req->event;
74						$event = $req->event('My event');
75
76						The actual HEC event payload sent to Splunk HEC. This can be
77						a string or HashRef. (required)
78
79						=head2 time
80
81						my $time = $req->time;
82						$time = $req->time('1505768576.379');
83
84						Timestamp (Epoch time) associated with event with millesecond precision.
85						Defaults to the current time (using L). (not required)
86
87						=head2 host
88
89						my $host = $req->host;
90						$host = $req->host('myhost');
91
92						Hostname associated with the event. Defaults to the hostname of the
93						client. (not required)
94
95						=head2 source
96
97						my $source = $req->source;
98						$source = $req->source('datasource');
99
100						The source value to assign to the event data. For example, if you're sending data from an app
101						you're developing, you could set this key to the name of the app. (not required)
102
103						=head2 sourcetype
104
105						my $type = $req->sourcetype;
106						$type = $req->sourcetype('custom-sourcetype');
107
108						The sourcetype value to assign to the event data.
109						e.g. Use _json for JSON-based events (not required)
110
111						=head2 index
112
113						my $index = $req->index;
114						$index = $req->index('event-index');
115
116						The name of the index by which the event data is to be indexed. The index you specify
117						here must within the list of allowed indexes if the token
118						has the indexes parameter set. (not required)
119
120						=head2 fields
121
122						my $fields = $req->fields;
123						$fields = $req->fields({device => 'macbook', users => ['joe', 'bob']});
124
125						Specifies an object (HashRef) that contains explicit custom fields to be defined at index time.
126						Requests containing the "fields" property must be sent to the /collector/event endpoint,
127						or they will not be indexed. For more information,
128						see Splunk Indexed field extractions. (not required)
129
130						=head1 METHODS
131
132						L implements the following methods.
133
134						=head2 new
135
136						my $req = Splunk::HEC::Request->new;
137						my $req = Splunk::HEC::Request->new(event => 'value');
138						my $req = Splunk::HEC::Request->new({event => 'value'});
139
140						This is the constructor used to create the Splunk::HEC::Request object. You can
141						pass it either a hash or a hash reference with attribute values.
142
143						=head2 TO_JSON
144
145						my $hash = $req->TO_JSON;
146
147						Returns a JSON encoding friendly hashref for use with L
148
149						=head1 SEE ALSO
150
151						L, L, L, L, L
152
153						=cut
154