/ 
Splunk-HEC-1.02
River stage zero No dependents
/ Splunk::HEC

NAME

Splunk::HEC - A simple wrapper for the Splunk HTTP Event Collector (HEC) API

SYNOPSIS

use Splunk::HEC;

my $hec = Splunk::HEC->new(
  url => 'https://mysplunkserver.example.com:8088/services/collector/event',
  token => '12345678-1234-1234-1234-1234567890AB'
);

my $res = $hec->send(event => {message => 'Something happened', severity => 'INFO'});
if ($res->is_success)  { say $res->content }
elsif ($res->is_error) { say $res->reason }

DESCRIPTION

Splunk::HEC is a simple HTTP client wrapper for the Splunk HEC API;

ATTRIBUTES

Splunk::HEC implements the following attributes.

url

my $url = $hec->url;
$url   = $hec->url('https://mysplunkserver.example.com:8088/services/collector/event');

Full URL to Splunk HEC endpoint (required).

token

my $token = $hec->token;
$token   = $hec->token('12345678-1234-1234-1234-1234567890AB');

Splunk HEC authentication token (required)

timeout

my $timeout = $hec->timeout;
$timeout = $hec->timeout(300);

Timeout in seconds when talking to Splunk HEC. (optional, default 60s)

METHODS

Splunk::HEC implements the following methods.

new

my $hec = Splunk::HEC->new;
my $hec = Splunk::HEC->new(url => 'value', token => 'value');
my $hec = Splunk::HEC->new({name => 'value'});

This is the constructor used to create the Splunk::HEC object. You can pass it either a hash or a hash reference with attribute values.

send

# single event
$res = $hec->send(event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index');

# multiple events (array of hashrefs)
$res = $hec->send(
  {event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'},
  {event => 'event2', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'}
);

Send one or more events to HEC. If multiple events are provided at once, they are sent using HEC batch mode. Passed events are converted into Splunk::HEC::Request objects prior to being encoded and sent. Once HEC responds, it returns a Splunk::HEC::Response object.

See the attributes of Splunk::HEC::Request for supported event attributes and default settings.

client

my $hec = Splunk::HEC->new;
my $client = $hec->client;

Returns the HTTP client

ENVIRONMENT VARIABLES

Splunk::HEC provides configuration via the following environment variables.

SPLUNK_HEC_URL

Full URL to Splunk HEC endpoint (required).

SPLUNK_HEC_TOKEN

Splunk HEC authentication token (required)

SPLUNK_HEC_TIMEOUT

Timeout in seconds when talking to Splunk HEC. (optional, default 60s)

SEE ALSO

Splunk::HEC::Request, Splunk::HEC::Response, Splunk::HEC, HTTP::Tiny, JSON::XS