README
¶
Splunk Library
To Do
- Storage Collection
- KV Store
- CSV
- HEC Event
Documentation
¶
Index ¶
- Variables
- func AuthCheck() bool
- func Event(req *EventReq) error
- func Init(ctx context.Context, cfg *Config) error
- func RawEvent(req any) error
- func RawEvents(req any) error
- func SetContext(ctx context.Context)
- func SetDebug(b bool)
- func SetLogger(l *slog.Logger)
- type Config
- type EventClient
- type EventConfig
- type EventReq
- type JobStatus
- type JobStatusEntryCount
- type OutputMode
- type QueryResults
- type QueryRsp
- type QuerySid
- type SearchRsp
- type SearchesItem
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidHost = errors.New("invalid host") ErrInvalidAuth = errors.New("invalid username or password") ErrClientNotInit = errors.New("Splunk client not init") ErrJobNotDone = errors.New("Splunk Job not done") )
View Source
var (
Search = &search{}
)
View Source
var (
Searches = &searches{}
)
View Source
var (
Storage = &storage{
KV: &kv{owner: "nobody", app: "search"},
}
)
Functions ¶
func SetContext ¶
Types ¶
type Config ¶
type Config struct {
Host string `json:"host" yaml:"host" mapstructure:"host"`
Username string `json:"username" yaml:"username" mapstructure:"username"`
Password string `json:"password" yaml:"password" mapstructure:"password"`
Event EventConfig `json:"event" yaml:"event" mapstructure:"event"`
}
type EventClient ¶
type EventClient struct {
// contains filtered or unexported fields
}
func InitEvent ¶
func InitEvent(cfg *EventConfig) *EventClient
func NewEventClient ¶
func NewEventClient(host, token string) *EventClient
func (*EventClient) Debug ¶
func (ec *EventClient) Debug(v bool) *EventClient
func (*EventClient) Headers ¶
func (ec *EventClient) Headers(v map[string]string) *EventClient
func (*EventClient) Index ¶
func (ec *EventClient) Index(v string) *EventClient
func (*EventClient) Send ¶
func (ec *EventClient) Send(req *EventReq) error
func (*EventClient) Source ¶
func (ec *EventClient) Source(v string) *EventClient
type EventConfig ¶
type EventReq ¶
type EventReq struct {
Timestamp_ int64 `json:"timestamp"`
Name_ string `json:"name,omitempty"`
Description_ string `json:"description,omitempty"`
App_ string `json:"app,omitempty"`
Label_ string `json:"label,omitempty"`
Events_ []any `json:"events,omitempty"`
Event_ any `json:"event,omitempty"`
}
func NewEventReq ¶
func NewEventReq() *EventReq
func (*EventReq) Description ¶
type JobStatus ¶
type JobStatus struct {
Entry []struct {
Content JobStatusEntryCount `json:"content"`
} `json:"entry"`
}
type JobStatusEntryCount ¶
type OutputMode ¶
type OutputMode string
const ( OutputModeCSV OutputMode = "csv" OutputModeJSON OutputMode = "json" )
type QueryResults ¶
type QueryRsp ¶
type QueryRsp struct {
Results QueryResults `json:"results"`
}
type SearchRsp ¶
type SearchRsp struct {
Updated time.Time `json:"updated"`
Entry []SearchesItem `json:"entry"`
Paging struct {
Total int `json:"total"`
} `json:"paging"`
}
type SearchesItem ¶
type SearchesItem struct {
Name string `json:"name"`
Updated time.Time `json:"updated"`
Author string `json:"author"`
Content struct {
SplunkHecTarget string `json:"action.forward_alert_to_splunk_hec.param.splunk_hec_target"`
ActionWebhookURL string `json:"action.webhook.param.url"`
Actions string `json:"actions"`
CronSchedule string `json:"cron_schedule"`
Disabled bool `json:"disabled"`
IsScheduled bool `json:"is_scheduled"`
Search string `json:"search"`
} `json:"content"`
}
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.