-
Notifications
You must be signed in to change notification settings - Fork 8
/
pyHEC.py
41 lines (28 loc) · 1.07 KB
/
pyHEC.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
"""
Sending data to Splunk's HTTP Event Collector (HEC)
Read how to setup HEC here: http://blogs.splunk.com/2015/09/22/turbo-charging-modular-inputs-with-the-hec-http-event-collector-input/
No batching (mostly because I am bored - but it is trivial to add it)
Jon V
December 07 2015
"""
import json
import requests
class PyHEC:
def __init__(self, token, uri, port='8088'):
if not 'http' in uri:
raise("no http or https found in hostname")
self.token = token
self.uri = uri+":"+port+"/services/collector/event"
self.port = port
"""
event data is the actual event data
metadata are sourcetype, index, etc
"""
def send(self, event, metadata=None):
headers = {'Authorization': 'Splunk '+self.token}
payload = {"host": self.uri,
"event": event}
if metadata:
payload.update(metadata)
r = requests.post(self.uri, data=json.dumps(payload), headers=headers, verify=True if 'https' in self.uri else False)
return r.status_code, r.text,