Splunk::HEC - A simple wrapper for the Splunk HTTP Event Collector (HEC) API
use Splunk::HEC; my $hec = Splunk::HEC->new( url => 'https://mysplunkserver.example.com:8088/services/collector/event', token => '12345678-1234-1234-1234-1234567890AB' ); my $res = $hec->send(event => {message => 'Something happened', severity => 'INFO'}); if ($res->is_success) { say $res->content } elsif ($res->is_error) { say $res->reason }
Splunk::HEC is a simple HTTP client wrapper for the Splunk HEC API;
Splunk::HEC implements the following attributes.
my $url = $hec->url; $url = $hec->url('https://mysplunkserver.example.com:8088/services/collector/event');
Full URL to Splunk HEC endpoint (required).
my $token = $hec->token; $token = $hec->token('12345678-1234-1234-1234-1234567890AB');
Splunk HEC authentication token (required)
my $timeout = $hec->timeout; $timeout = $hec->timeout(300);
Timeout in seconds when talking to Splunk HEC. (optional, default 60s)
Splunk::HEC implements the following methods.
my $hec = Splunk::HEC->new; my $hec = Splunk::HEC->new(url => 'value', token => 'value'); my $hec = Splunk::HEC->new({name => 'value'});
This is the constructor used to create the Splunk::HEC object. You can pass it either a hash or a hash reference with attribute values.
# single event $res = $hec->send(event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'); # multiple events (array of hashrefs) $res = $hec->send( {event => 'event1', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'}, {event => 'event2', time => $epoch, source => 'datasource', sourcetype => '', index => 'data-index'} );
Send one or more events to HEC. If multiple events are provided at once, they are sent using HEC batch mode. Passed events are converted into Splunk::HEC::Request objects prior to being encoded and sent. Once HEC responds, it returns a Splunk::HEC::Response object.
See the attributes of Splunk::HEC::Request for supported event attributes and default settings.
my $hec = Splunk::HEC->new; my $client = $hec->client;
Returns the HTTP client
Splunk::HEC provides configuration via the following environment variables.
Splunk::HEC::Request, Splunk::HEC::Response, Splunk::HEC, HTTP::Tiny, JSON::XS
To install Splunk::HEC, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Splunk::HEC
CPAN shell
perl -MCPAN -e shell install Splunk::HEC
For more information on module installation, please visit the detailed CPAN module installation guide.