Splunk
This snippet provides a function to send IoT data to Splunk.
Resources used: HTTPS x 1
Details
The send_splunk function can be used to POST the passed JSON object 'payload' to Splunk server via HEC (HTTP Event Collector), over HTTPS. The result (error/response) is then passed to the callback function.
To start using this snippet, HOST (Address of the Splunk server), TOKEN (HEC instance token), and CA are required to be configured by the user.
NOTE: The provided function can handle data sizes up to 4KB. To handle larger data sizes, please refer to divided writing for https objects in the neqto.js documentation.
//=================================================================
// SPLUNK SNIPPET
//=================================================================
//=================================================================
// The following configuration are MANDATORY. Set by user.
//=================================================================
// The address of the Splunk instance.
// eg. example.com or 192.168.0.1.
var HOST = '<YOUR_HOST>';
// An HEC token to authenticate HEC requests.
// eg. xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
var TOKEN = '<YOUR_TOKEN>';
// Public certificate of the certificate authority that signed the Splunk server certificate for SSL/TLS handshake.
// eg. '-----BEGIN CERTIFICATE-----\n...<CA>...\n-----END CERTIFICATE-----'
var CA = '<YOUR_CA>';
//=================================================================
/**
* Post data to Splunk server using HEC (HTTP Event Collector).
* https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
* @function send_splunk
* @param {string} payload - Data to be sent to Splunk server, as an Object.
* @param {function} callback - User callback to return the result (error/response).
* @returns {undefined}
*/
var send_splunk = function (payload, callback) {
var body = JSON.stringify(payload);
var options = {
"method": 'POST',
"host": HOST,
"port": 8088,
"path": '/services/collector',
"headers": {
"Authorization": `Splunk ${TOKEN}`,
"Content-Type": 'application/json',
"Content-Length": body.length.toString()
},
"ca": CA
};
var request = https.request(options, function (response) {
response.on('end', function () {
callback(null, { "statusCode": response.statusCode, "statusMessage": response.statusMessage, "body": response.read() });
});
});
request.on('error', function () {
callback({ "errCode": request.errCode }, null);
});
request.end(body, function () {
print("[request] SUCCESS");
});
}
Function Usage Example
/*
<INSERT ABOVE SNIPPET HERE WITH SET CONFIGURATIONS>
*/
//=================================================================
log.setLevel(-1); //-1:NONE 0:ERROR 1:WARNING 2:DEBUG 3:TRACE
log.printLevel(2); //0:DISABLE 1:LOG 2:CONSOLE 3:BOTH
//=================================================================
// MAIN SCENARIO
//=================================================================
/**
* Callback to fetch error/response from the request.
* @function callback
* @param {object} err - Error returned if the request failed. Has one property - `errCode`.
* @param {object} data - Response returned by a successfully completed request. Has three properties - `statusCode`, `statusMessage`, and `body`.
*/
var callback = function (err, data) {
if (err) {
print("[error]", err.errCode);
} else {
print("[status]", data.statusCode, data.statusMessage);
print("[response]", data.body);
}
};
var payload = {
"index": 'neqto',
"event": {
"sensor_reading" : 123
},
"sourcetype": 'neqtoDevice_1'
};
send_splunk(payload, callback);
The company names and product names mentioned above are registered trademarks or trademarks of their respective companies.
Updated: 2021-08-18