Protocol Data Inputs
Overview
Details
This is a Splunk Add-On for receiving data via a number of different data protocols such as TCP , TCP(s) ,HTTP(s) PUT/POST/File Upload , UDP , Websockets , SockJS. The event driven , non blocking , asynchronous architecture is designed to handle connections and data at scale. The polyglot event bus allows you to declaratively plug in custom data handlers in numerous different languages(Java , Javascript , Python, Groovy , Scala , Clojure , Ruby etc..) to pre-process raw data before indexing in Splunk. Secure transport channels also allow for client certificate authentication.
The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.
Release Notes
Version 1.9.3
upgraded logging functionality
Version 1.9.2
docs update
Version 1.9.1
added a setup page to encrypt any credentials you require in your configuration
Version 1.9
enforced python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.8).
Version 1.8
Dual Python 2.7 and 3+ compatibility.
App will run on :
Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime
Version 1.7
added JAXB dependencies for JRE 9+
fixed Splunk 8 compatibility for manager.xml file
Version 1.6.5
Search/Replace (with chars or a hash) Custom Data Handler Example
Version 1.6.4
cosmetic fixes
Version 1.6.3
cosmetic fixes
Version 1.6.2
updated docs
Version 1.6.1
added trial key functionality
Version 1.6
docs updated
Version 1.5.1
minor manager xml ui tweak for 7.1
Version 1.5
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Docs updated
Splunk 7.1 compatible
Version 1.3
Added the latest jython jar to the main classpath because the jython language module that
is dynamically installed is missing some useful jython modules ie:json
Version 1.2
Added an example handler for decompressing gzip content
com.splunk.modinput.protocol.handlerverticle.GZipHandler
Version 1.1
Minor HEC data handling tweaks
Version 1.0
Added support to optional output to Splunk via a HEC (HTTP Event Collector) endpoint
Version 0.7
Enabled TLS1.2 support by default.
Made the core Modular Input Framework compatible with latest Splunk Java SDK
Please use a Java Runtime version 7+
If you need to use SSLv3 , you can turn this on in bin/protocol.py
SECURE_TRANSPORT = "tls"
#SECURE_TRANSPORT = "ssl"
Version 0.6
Abstracted the output transport logic out into verticles.
So you can choose from STDOUT (default for Modular Inputs) or bypass this and output
data to Splunk over other transports ie: TCP.
This also makes it easy to add other output transports in the future.
Futhermore , this makes the implementation of custom data handlers much cleaner as you don't have
worry out output transport logic or formatting Modular Input Stream XML for STDOUT transports.
Version 0.5.1
Added langs.properties and repos.txt to the classpath
Version 0.5
Initial beta release