-
Notifications
You must be signed in to change notification settings - Fork 36
/
Copy pathexample.py
66 lines (51 loc) · 2.31 KB
/
example.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
from splunk_http_event_collector import http_event_collector
import random
import json
import logging
import sys
def commitCrime():
# list of sample values
suspects = ['Miss Scarett','Professor Plum','Miss Peacock','Mr. Green','Colonel Mustard','Mrs. White']
weapons = ['candlestick','knife','lead pipe','revolver','rope','wrench']
rooms = ['kitchen','ballroom','conservatory','dining room','cellar','billiard room','library','lounge','hall','study']
return {"killer":random.choice(suspects), "weapon":random.choice(weapons), "location":random.choice(rooms), "victim":"Mr Boddy"}
# init logging config, this would be job of your main code using this class.
logging.basicConfig(format='%(asctime)s %(name)s %(levelname)s %(message)s', datefmt='%Y-%m-%d %H:%M:%S %z')
# Create event collector object, default SSL and HTTP Event Collector Port
http_event_collector_key = "4D14F8D9-D788-4E6E-BF2D-D1A46441242E"
http_event_collector_host = "localhost"
testevent = http_event_collector(http_event_collector_key, http_event_collector_host)
# perform a HEC reachable check
hec_reachable = testevent.check_connectivity()
if not hec_reachable:
sys.exit(1)
# Set to pop null fields. Always a good idea
testevent.popNullFields = True
# set logging to DEBUG for example
testevent.log.setLevel(logging.DEBUG)
# Start event payload and add the metadata information
payload = {}
payload.update({"index":"test"})
payload.update({"sourcetype":"crime"})
payload.update({"source":"witness"})
payload.update({"host":"mansion"})
# Report 5 Crimes
for i in range(5):
event = commitCrime()
event.update({"action":"success"})
event.update({"crime_type":"single"})
event.update({"crime_number":i})
payload.update({"event":event})
testevent.sendEvent(payload)
# Report 50,000 Crimes
# Do NOT make more than 99,999 events in same timestamp.
# It will cause Splunk to error on any searches due to more 100K or more events in the index for the same timestamp.
for i in range(50000):
event = commitCrime()
event.update({"action":"success"})
event.update({"crime_type":"batch"})
event.update({"crime_number":i})
payload.update({"event":event})
testevent.batchEvent(payload)
testevent.flushBatch()
# be sure to call flushBatch() before ending your code. Otherwise you risk ending before all threads have flushed.