NAME

Splunk::HEC::Request - An object wrapper for HEC events

SYNOPSIS

use Splunk::HEC;
use Splunk::HEC::Request;

my $req = Splunk::HEC::Request->new(
  event => {
    message => 'Something happened',
    severity => 'INFO'
  }
);

my $hec = Splunk::HEC->new;
my $res = $hec->send($req);
if ($res->is_success)  { say $res->content }
elsif ($res->is_error) { say $res->reason }

DESCRIPTION

Splunk::HEC::Request is an object wrapper for HEC events

ATTRIBUTES

Splunk::HEC::Request implements the following attributes.

event

my $event = $req->event;
$event   = $req->event('My event');

The actual HEC event payload sent to Splunk HEC. This can be a string or HashRef. (required)

time

my $time = $req->time;
$time = $req->time('1505768576.379');

Timestamp (Epoch time) associated with event with millesecond precision. Defaults to the current time (using Time::HiRes::time). (not required)

host

my $host = $req->host;
$host = $req->host('myhost');

Hostname associated with the event. Defaults to the hostname of the client. (not required)

source

my $source = $req->source;
$source = $req->source('datasource');

The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app. (not required)

sourcetype

my $type = $req->sourcetype;
$type = $req->sourcetype('custom-sourcetype');

The sourcetype value to assign to the event data. e.g. Use _json for JSON-based events (not required)

index

my $index = $req->index;
$index = $req->index('event-index');

The name of the index by which the event data is to be indexed. The index you specify here must within the list of allowed indexes if the token has the indexes parameter set. (not required)

fields

my $fields = $req->fields;
$fields = $req->fields({device => 'macbook', users => ['joe', 'bob']});

Specifies an object (HashRef) that contains explicit custom fields to be defined at index time. Requests containing the "fields" property must be sent to the /collector/event endpoint, or they will not be indexed. For more information, see Splunk Indexed field extractions. (not required)

METHODS

Splunk::HEC::Request implements the following methods.

new

my $req = Splunk::HEC::Request->new;
my $req = Splunk::HEC::Request->new(event => 'value');
my $req = Splunk::HEC::Request->new({event => 'value'});

This is the constructor used to create the Splunk::HEC::Request object. You can pass it either a hash or a hash reference with attribute values.

TO_JSON

my $hash = $req->TO_JSON;

Returns a JSON encoding friendly hashref for use with JSON::XS

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)