good-splunk-http
Http(s) Splunk broadcasting for Good process monitor
Usage
good-splunk-http is a write stream use to send event to remote Splunk endpoints in batches. It makes a "POST" request with a JSON payload to the supplied endpoint. It will make a final "POST" request to the endpoint to flush the rest of the data on "finish". It conforms to the Splunk batch HTTP events format: http://dev.splunk.com/view/event-collector/SP-CAAAE6P.
Good Splunk Http
GoodSplunkHttp (endpoint, config)
Creates a new GoodSplunkHttp object where:
endpoint- full path to remote server to transmit logs.config- configuration object[threshold]- number of events to hold before transmission. Defaults to20. Set to0to have every event start transmission instantly. It is strongly suggested to have a set threshold to make data transmission more efficient.[errorThreshold]- number of consecutive failed transmissions allowed (ECONNRESET,ECONNREFUSED, etc). Defaults to0. Failed events will be included in the next transmission until they are successfully logged or the threshold is reached (whichever comes first) at which point they will be cleared. Set tonullto ignore all errors and always clear events.[wreck]- configuration object to pass intowreck. Defaults to{ timeout: 60000, headers: {} }.content-typeis always "application/json".[hecToken]- Splunk HEC token.
Schema
Each POST will match the following schema. The payload that is POSTed to the endpoint has the following schema: