def _payload_msg(self, message, *a):
event = dict(loggername="hubblestack.hec.obj", message=message % a)
payload = dict(index=self.default_index,
time=int(time.time()),
sourcetype="hubble_log",
event=event)
update_payload(payload)
return str(Payload(payload))
def returner(retdata):
"""
Build the event and send it to the http event collector
to have it published to Splunk
retdata
A dict containing the data to be returned
"""
try:
retdata = retdata['return']
except KeyError:
return
opts_list = get_splunk_options()
for opts in opts_list:
hec = _build_hec(opts)
t_sourcetype = _get_key(retdata, 'sourcetype', 'hubble_generic')
t_time = _get_key(retdata, 'time', time.time())
events = _get_key(retdata, 'event', _get_key(retdata, 'events'))
if events is None:
return
if not isinstance(events, (list, tuple)):
events = [events]
if len(events) < 1 or (len(events) == 1 and events[0] is None):
return
idx = opts.get('index')
for event in events:
payload = {
'host': stdrec.get_fqdn(),
'event': event,
'sourcetype': _get_key(event, 'sourcetype', t_sourcetype),
'time': str(int(_get_key(event, 'time', t_time)))
}
if idx:
payload['index'] = idx
# add various std host info data and index extracted fields
stdrec.update_payload(payload)
hec.batchEvent(payload)
hec.flushBatch()