Splunk通过rest http导入数据

原创
2020/10/21 11:28
阅读数 547

新建标记

通过http 接口发送数据,http event collector,需要先在splunk新建一个标记。

设置->数据输入->HTTP 事件收集器->新建标记

 
输入名称
 
选择索引
 
得到标记值

测试

curl -k  https://IP:8088/services/collector/event -H "Authorization: Splunk 9213be6a-2ebc-47bb-9da9-e9c2fa1345f4" -d  "{\"host\":\"127.0.0.1\",\"time\":1561144452.611000,\"sourcetype\":\"some_sourcetype\",\"index\":\"sample\",\"event\":{\"eventKey\":\"0\", \"uuid\":\"88b5e9fd-ebe0-4fe1-aeeb-b3d583ec9cfd\",\"message\":\"dnnpfbbwic\"}}{\"time\":1561144552.611000,\"sourcetype\":\"some_sourcetype\",\"index\":\"sample\",\"event\":{\"eventKey\":\"0\", \"uuid\":\"88b5e9fd-ebe0-4fe1-aeeb-b3d583ec9cfd\",\"message\":\"abc\"}}"

发送成功后会显示

{

    "text": "Success",

    "code": 0

}

基于Python3的封装

# coding=utf-8

import urllib

import httplib2

from xml.dom import minidom

import time

import json

import traceback

class SplunkInput(object):

    def __init__(self):

        self.baseurl = 'https://IP:8088'

        self.sessionKey = '标记值'

    def submit_job(self, data):

        result_response = httplib2.Http(disable_ssl_certificate_validation=True) \

            .request(self.baseurl + '/services/collector/event',

                    'POST',

                    headers={'Authorization': 'Splunk %s' % self.sessionKey},

                    body=json.dumps(data))[1]

        return result_response

    def run(self, data):

        start = time.time()

        result = self.submit_job(data)

        end = time.time()

        print("submit time:", end - start)

        return result

 

调用

 

    print(">>>>>>>>>>>>>>SplunkInput>>>>>>>>>>>>>>>>>>>>>>")

    hostname = socket.gethostname()

    SI = SplunkInput()

    s_time = int(time.time())

    data = [{

        "host": hostname,

        "sourcetype": "test",

        "index": "sample",

        "event": {

            "eventKey": "0",

            "uuid": "88b5e9fd-ebe0-4fe1-aeeb-b3d583ec9cfd",

            "message": "abc"

        }

    }, {

        "host": hostname,

        "time": s_time,

        "sourcetype": "test",

        "index": "sample",

        "event": {

            "eventKey": "1",

            "uuid": "1233444-ebe0-4fe1-aeeb-b3d583ec9cfd",

            "message": "def"

        }

    }]

展开阅读全文
加载中
点击引领话题📣 发布并加入讨论🔥
0 评论
0 收藏
1
分享
返回顶部
顶部