Splunk Snippet
This snippet can be used by copy-pasting to the neqto.js script.
| NEQTO Bridge | SPRESENSE | STM32 Discovery |
|---|---|---|
| v00.00.30+ | v01.00.00+ | N/A |
This snippet provides a function to send IoT data to Splunk.
Details
The send_splunk function can be used to POST the passed JSON object 'payload' to Splunk server via HEC (HTTP Event Collector), over HTTPS. The result (error/response) is then passed to the callback function.
To start using this snippet, HOST (Address of the Splunk server), TOKEN (HEC instance token), and CA are required to be configured by the user.
NOTE: The provided function only allows payloads up to size of 4KB. For bigger sized payloads, please refer to the sample for divided writing in neqto.js docs for NEQTO Bridge and Spresense.
//=================================================================
// SPLUNK SNIPPET
//=================================================================
//=================================================================
// The following configuration are MANDATORY. Set by user.
//=================================================================
// The address of the Splunk instance.
// eg. example.com or 192.168.0.1.
var HOST = '<YOUR_HOST>';
// An HEC token to authenticate HEC requests.
// eg. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
var TOKEN = '<YOUR_TOKEN>';
// Public certificate of the certificate authority that signed the Splunk server certificate for SSL/TLS handshake.
// eg. '-----BEGIN CERTIFICATE-----\n...<CA>...\n-----END CERTIFICATE-----'
var CA = '<YOUR_CA>';
//=================================================================
/**
* Post data to Splunk server using HEC (HTTP Event Collector).
* https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
* @function send_splunk
* @param {string} payload - Data to be sent to Splunk server, as an Object.
* @param {function} callback - User callback to return the result (error/response).
* @returns {undefined}
*/
var send_splunk = function (payload, callback) {
var body = JSON.stringify(payload);
var options = {
"method": 'POST',
"host": HOST,
"port": 8088,
"path": '/services/collector',
"headers": {
"Authorization": `Splunk ${TOKEN}`,
"Content-Type": 'application/json',
"Content-Length": body.length.toString()
},
"ca": CA
};
var request = https.request(options, function (response) {
response.on('end', function () {
callback(null, { "statusCode": response.statusCode, "statusMessage": response.statusMessage, "body": response.read() });
});
});
request.on('error', function () {
callback({ "errCode": request.errCode }, null);
});
request.end(body, function () {
print("[request] SUCCESS");
});
}
Function Usage Example
/*
<INSERT ABOVE SNIPPET HERE WITH SET CONFIGURATIONS>
*/
//=================================================================
log.setLevel(-1); //-1:NONE 0:ERROR 1:WARNING 2:DEBUG 3:TRACE
log.printLevel(2); //0:DISABLE 1:LOG 2:CONSOLE 3:BOTH
//=================================================================
// MAIN SCENARIO
//=================================================================
/**
* Callback to fetch error/response from the request.
* @function callback
* @param {object} err - Error returned if the request failed. Has one property - `errCode`.
* @param {object} data - Response returned by a successfully completed request. Has three properties - `statusCode`, `statusMessage`, and `body`.
*/
var callback = function (err, data) {
if (err) {
print("[error]", err.errCode);
} else {
print("[status]", data.statusCode, data.statusMessage);
print("[response]", data.body);
}
};
var payload = {
"index": 'neqto',
"event": {
"sensor_reading" : 123
},
"sourcetype": 'neqtoDevice_1'
};
send_splunk(payload, callback);
The company names and product names mentioned above are registered trademarks or trademarks of their respective companies.
Updated: 2021-08-18