Ezra Forbus

NAME

Splunk::HEC - A simple wrapper for the Splunk HTTP Event Collector (HEC) API

SYNOPSIS

  use Splunk::HEC;

  my $hec = Splunk::HEC->new(
    url => 'https://mysplunkserver.example.com:8088/services/collector/event',
    token => '12345678-1234-1234-1234-1234567890AB'
  );

  my $res = $hec->send(event => {message => 'Something happened', severity => 'INFO'});
  if ($res->is_success)  { say $res->content }
  elsif ($res->is_error) { say $res->reason }

DESCRIPTION

Splunk::HEC is a simple HTTP client wrapper for the Splunk HEC API;

ATTRIBUTES

Splunk::HEC implements the following attributes.

url

  my $url = $hec->url;
  $url   = $hec->url('https://mysplunkserver.example.com:8088/services/collector/event');

Full URL to Splunk HEC endpoint (required).

token

  my $token = $hec->token;
  $token   = $hec->token('12345678-1234-1234-1234-1234567890AB');

Splunk HEC authentication token (required)

timeout

  my $timeout = $hec->timeout;
  $timeout = $hec->timeout(300);

Timeout in seconds when talking to Splunk HEC. (optional, default 60s)

METHODS

Splunk::HEC implements the following methods.

new

  my $hec = Splunk::HEC->new;
  my $hec = Splunk::HEC->new(url => 'value', token => 'value');
  my $hec = Splunk::HEC->new({name => 'value'});

This is the constructor used to create the Splunk::HEC object. You can pass it either a hash or a hash reference with attribute values.

send

  # single event
  $res = $hec->send(event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index');

  # multiple events (array of hashrefs)
  $res = $hec->send(
    {event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'},
    {event => 'event2', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'}
  );

Send one or more events to HEC. If multiple events are provided at once, they are sent using HEC batch mode. Passed events are converted into Splunk::HEC::Request objects prior to being encoded and sent. Once HEC responds, it returns a Splunk::HEC::Response object.

See the attributes of Splunk::HEC::Request for supported event attributes and default settings.

client

  my $hec = Splunk::HEC->new;
  my $client = $hec->client;

Returns the HTTP client

ENVIRONMENT VARIABLES

Splunk::HEC provides configuration via the following environment variables.

SPLUNK_HEC_URL

Full URL to Splunk HEC endpoint (required).

SPLUNK_HEC_TOKEN

Splunk HEC authentication token (required)

SPLUNK_HEC_TIMEOUT

Timeout in seconds when talking to Splunk HEC. (optional, default 60s)

SEE ALSO

Splunk::HEC::Request, Splunk::HEC::Response, Splunk::HEC, HTTP::Tiny, JSON::XS