Dual Python 2.7 and 3+ compatibility.
App will run on :
Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime
added JAXB dependencies for JRE 9+
fixed Splunk 8 compatibility for manager.xml file
added trial key functionality
minor manager xml ui tweak for 7.1
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Splunk 7.1 compatible
Added a new message handler that just dumps the message body :
Minor HEC data handling tweaks
Added support to optional output to Splunk via a HEC (HTTP Event Collector) endpoint
Enabled TLS1.2 support by default.
Made the core Modular Input Framework compatible with latest Splunk Java SDK
Please use a Java Runtime version 7+
If you need to use SSLv3 , you can turn this on in bin/jms.py
SECURE_TRANSPORT = "tls"
#SECURE_TRANSPORT = "ssl"
Changed the point in the code where client ID is set for durable topic subscriptions
Added a LocalConnectionFactory for ActiveMQ
Added the ability to declare custom JVM System Properties in your stanzas
Minor cosmetic fix
Added system property javax.net.ssl.trustStorePassword to LocalMQConnectionFactory
Added a custom local JMS resource factory for Websphere MQ users that allows you to create a MQConnectionFactory class instance directly vs looking it up via JNDI.
The implementation class name you can declare in you stanza is : com.splunk.modinput.jms.custom.factory.LocalMQConnectionFactory
It depends on the MQ JMS jar files being in SPLUNK_HOME/etc/apps/jms_ta/bin/lib
Parameter values supported are (showing example values) :
You declare these in the stanza also in a key=value string , comma delimited :
Changed suffix to .spl
Removed field validation constraints when selecting local mode
Updated configuration screen , hopefully it is simpler and more intuitive
More verbose error logging ++ Removed usage of hostname for REST callbacks and replaced with localhost to alleviate issues where admins haven't setup local DNS correctly
Added support for very large message payloads, basically a refactoring of the XML streaming output so that SplunkD can correctly process large message payloads
Refactored the core engine so that now you can declare a pluggable JMS Message handler.For the most part you'll probably just rely on the default message handler that is part of the mod input. But given that a message producer can basically put anything in the message payload, there may be scenarios where you need some custom handling for the raw message payload ,so this new features provides this flexibility.
Patched a hole whereby the "disabled" property is not passed to the Mod Input by SplunkD when it is first created
Added more detailed error logging (written to $SPLUNK_HOME/var/log/splunk/splunkd.log) for troubleshooting
Fixed a possible(in theory) race condition scenario at startup ++ Added support for Queue Browsing , user can choose browsing mode(dump all messages or output summary stats about the queue) and the browsing frequency.
Some core framework tweaks++Added config option so users can specify whether or not to strip newline characters from the message body
Added runtime support for solaris, aix, freebsd, hp-ux***Added support to prefix your destination name with a server identifier , which now makes it possible to setup jms stanzas that have the same destination name but on different servers
Added REST API polling calls to the mod input so that it can poll SplunkD for the enabled/disabled status of each queue/topic stanza and stop message polling threads accordingly or terminate the entire mod input process if all queue/topic stanzas have been disabled.Using the Splunk Java SDK v1.0 for the REST API call, hence splunk.jar is now included in this release.
Added better handling of Binary message types
Added support for providing user/pass for the topic/queue
Cosmetic fix, added screenshot.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.