NAME

Splunk::HEC::Request - An object wrapper for HEC events

SYNOPSIS

  use Splunk::HEC;
  use Splunk::HEC::Request;

  my $req = Splunk::HEC::Request->new(
    event => {
      message => 'Something happened',
      severity => 'INFO'
    }
  );

  my $hec = Splunk::HEC->new;
  my $res = $hec->send($req);
  if ($res->is_success)  { say $res->content }
  elsif ($res->is_error) { say $res->reason }

DESCRIPTION

Splunk::HEC::Request is an object wrapper for HEC events

ATTRIBUTES

Splunk::HEC::Request implements the following attributes.

event

  my $event = $req->event;
  $event   = $req->event('My event');

The actual HEC event payload sent to Splunk HEC. This can be a string or HashRef. (required)

time

  my $time = $req->time;
  $time = $req->time('1505768576.379');

Timestamp (Epoch time) associated with event with millesecond precision. Defaults to the current time (using Time::HiRes::time). (not required)

host

  my $host = $req->host;
  $host = $req->host('myhost');

Hostname associated with the event. Defaults to the hostname of the client. (not required)

source

  my $source = $req->source;
  $source = $req->source('datasource');

The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app. (not required)

sourcetype

  my $type = $req->sourcetype;
  $type = $req->sourcetype('custom-sourcetype');

The sourcetype value to assign to the event data. e.g. Use _json for JSON-based events (not required)

index

  my $index = $req->index;
  $index = $req->index('event-index');

The name of the index by which the event data is to be indexed. The index you specify here must within the list of allowed indexes if the token has the indexes parameter set. (not required)

fields

  my $fields = $req->fields;
  $fields = $req->fields({device => 'macbook', users => ['joe', 'bob']});

Specifies an object (HashRef) that contains explicit custom fields to be defined at index time. Requests containing the "fields" property must be sent to the /collector/event endpoint, or they will not be indexed. For more information, see Splunk Indexed field extractions. (not required)

METHODS

Splunk::HEC::Request implements the following methods.

new

  my $req = Splunk::HEC::Request->new;
  my $req = Splunk::HEC::Request->new(event => 'value');
  my $req = Splunk::HEC::Request->new({event => 'value'});

This is the constructor used to create the Splunk::HEC::Request object. You can pass it either a hash or a hash reference with attribute values.

TO_JSON

  my $hash = $req->TO_JSON;

Returns a JSON encoding friendly hashref for use with JSON::XS

SEE ALSO

Splunk::HEC::Request, Splunk::HEC::Response, Splunk::HEC, HTTP::Tiny, JSON::XS