A package for store plugins packaged with this project.
This package contains store plugins that are packaged as part of this
project. The store plugins implement a function named
accepts input records and typically stores them into a persistent data
store. The event plugins also implement and a function named
that perform cleanup work when called.
Filesystem store plugin.
A plugin to store records on the filesystem.
Create an instance of
Parameters: path (str) – Path of directory where files are written to.
Perform final cleanup tasks.
This method is called after all records have been written. In this example implementation, we properly terminate the JSON array in the .tmp file. Then we rename the .tmp file to .json file.
Note that other implementations of a store may perform tasks like closing a connection to a remote store or flushing any remaining records in a buffer.
Write JSON records to the file system.
This method is called once for every
recordread from a cloud. In this example implementation of a store, we simply write the
recordin JSON format to a file. The list of records is maintained as JSON array in the file. The origin worker name in
record['com']['origin_worker']is used to determine the filename.
The records are written to a
.tmpfile because we don’t want to delete the existing complete and useful
Note that other implementations of a store may choose to buffer the records in memory instead of writing each record to the store immediately. They may then flush the buffer to the store based on certain conditions such as buffer size, time interval, etc.
Parameters: record (dict) – Data to write to the file system.
SplunkStore plugin to index data in Splunk using HEC token.
SplunkHECStore(uri, token, index, ca_cert, buffer_size=1000)¶
SplunkHECStore plugin to index cloud data in Splunk using HEC token.
Create an instance of
- uri (str) – Splunk collector service URI.
- token (str) – Splunk HEC token.
- index (str) – Splunk HEC token accessible index.
- ca_cert (str) – Location of cetificate file to verify the identity of host in URI, or False to disable verification
- buffer_size (int) – Maximum number of records to hold in in-memory buffer for each record type.
Flush any remaining records.