forked from influxdata/telegraf
-
Notifications
You must be signed in to change notification settings - Fork 0
/
splunkmetric.go
228 lines (187 loc) · 6.1 KB
/
splunkmetric.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
package splunkmetric
import (
"encoding/json"
"fmt"
"log"
"github.com/influxdata/telegraf"
)
type serializer struct {
HecRouting bool
SplunkmetricMultiMetric bool
}
type CommonTags struct {
Time float64
Host string
Index string
Source string
Fields map[string]interface{}
}
type HECTimeSeries struct {
Time float64 `json:"time"`
Event string `json:"event"`
Host string `json:"host,omitempty"`
Index string `json:"index,omitempty"`
Source string `json:"source,omitempty"`
Fields map[string]interface{} `json:"fields"`
}
// NewSerializer Setup our new serializer
func NewSerializer(splunkmetric_hec_routing bool, splunkmetric_multimetric bool) (*serializer, error) {
/* Define output params */
s := &serializer{
HecRouting: splunkmetric_hec_routing,
SplunkmetricMultiMetric: splunkmetric_multimetric,
}
return s, nil
}
func (s *serializer) Serialize(metric telegraf.Metric) ([]byte, error) {
m, err := s.createObject(metric)
if err != nil {
return nil, fmt.Errorf("D! [serializer.splunkmetric] Dropping invalid metric: %s", metric.Name())
}
return m, nil
}
func (s *serializer) SerializeBatch(metrics []telegraf.Metric) ([]byte, error) {
var serialized []byte
for _, metric := range metrics {
m, err := s.createObject(metric)
if err != nil {
return nil, fmt.Errorf("D! [serializer.splunkmetric] Dropping invalid metric: %s", metric.Name())
} else if m != nil {
serialized = append(serialized, m...)
}
}
return serialized, nil
}
func (s *serializer) createMulti(metric telegraf.Metric, dataGroup HECTimeSeries, commonTags CommonTags) (metricGroup []byte, err error) {
/* When splunkmetric_multimetric is true, then we can write out multiple name=value pairs as part of the same
** event payload. This only works when the time, host, and dimensions are the same for every name=value pair
** in the timeseries data.
**
** The format for multimetric data is 'metric_name:nameOfMetric = valueOfMetric'
*/
var metricJSON []byte
// Set the event data from the commonTags above.
dataGroup.Event = "metric"
dataGroup.Time = commonTags.Time
dataGroup.Host = commonTags.Host
dataGroup.Index = commonTags.Index
dataGroup.Source = commonTags.Source
dataGroup.Fields = commonTags.Fields
// Stuff the metric data into the structure.
for _, field := range metric.FieldList() {
value, valid := verifyValue(field.Value)
if !valid {
log.Printf("D! Can not parse value: %v for key: %v", field.Value, field.Key)
continue
}
dataGroup.Fields["metric_name:"+metric.Name()+"."+field.Key] = value
}
// Manage the rest of the event details based upon HEC routing rules
switch s.HecRouting {
case true:
// Output the data as a fields array and host,index,time,source overrides for the HEC.
metricJSON, err = json.Marshal(dataGroup)
default:
// Just output the data and the time, useful for file based outputs
dataGroup.Fields["time"] = dataGroup.Time
metricJSON, err = json.Marshal(dataGroup.Fields)
}
if err != nil {
return nil, err
}
// Let the JSON fall through to the return below
metricGroup = metricJSON
return metricGroup, nil
}
func (s *serializer) createSingle(metric telegraf.Metric, dataGroup HECTimeSeries, commonTags CommonTags) (metricGroup []byte, err error) {
/* The default mode is to generate one JSON entity per metric (required for pre-8.0 Splunks)
**
** The format for single metric is 'nameOfMetric = valueOfMetric'
*/
var metricJSON []byte
for _, field := range metric.FieldList() {
value, valid := verifyValue(field.Value)
if !valid {
log.Printf("D! Can not parse value: %v for key: %v", field.Value, field.Key)
continue
}
dataGroup.Event = "metric"
dataGroup.Time = commonTags.Time
// Apply the common tags from above to every record.
dataGroup.Host = commonTags.Host
dataGroup.Index = commonTags.Index
dataGroup.Source = commonTags.Source
dataGroup.Fields = commonTags.Fields
dataGroup.Fields["metric_name"] = metric.Name() + "." + field.Key
dataGroup.Fields["_value"] = value
switch s.HecRouting {
case true:
// Output the data as a fields array and host,index,time,source overrides for the HEC.
metricJSON, err = json.Marshal(dataGroup)
default:
// Just output the data and the time, useful for file based outputs
dataGroup.Fields["time"] = dataGroup.Time
metricJSON, err = json.Marshal(dataGroup.Fields)
}
metricGroup = append(metricGroup, metricJSON...)
if err != nil {
return nil, err
}
}
return metricGroup, nil
}
func (s *serializer) createObject(metric telegraf.Metric) (metricGroup []byte, err error) {
/* Splunk supports one metric json object, and does _not_ support an array of JSON objects.
** Splunk has the following required names for the metric store:
** metric_name: The name of the metric
** _value: The value for the metric
** time: The timestamp for the metric
** All other index fields become dimensions.
*/
dataGroup := HECTimeSeries{}
// The tags are common to all events in this timeseries
commonTags := CommonTags{}
commonTags.Fields = map[string]interface{}{}
// Break tags out into key(n)=value(t) pairs
for n, t := range metric.Tags() {
if n == "host" {
commonTags.Host = t
} else if n == "index" {
commonTags.Index = t
} else if n == "source" {
commonTags.Source = t
} else {
commonTags.Fields[n] = t
}
}
commonTags.Time = float64(metric.Time().UnixNano()) / float64(1000000000)
switch s.SplunkmetricMultiMetric {
case true:
metricGroup, _ = s.createMulti(metric, dataGroup, commonTags)
default:
metricGroup, _ = s.createSingle(metric, dataGroup, commonTags)
}
// Return the metric group regardless of if it's multimetric or single metric.
return metricGroup, nil
}
func verifyValue(v interface{}) (value interface{}, valid bool) {
switch v.(type) {
case string:
valid = false
value = v
case bool:
if v == bool(true) {
// Store 1 for a "true" value
valid = true
value = 1
} else {
// Otherwise store 0
valid = true
value = 0
}
default:
valid = true
value = v
}
return value, valid
}