splunk
Protocol Data Inputs
Overview
Details
The ORIGINAL Data Stream Processing Solution for Splunk and still going strong !
This is a Splunk Add-On for receiving data via a number of different data protocols such as TCP , TCP(s) ,HTTP(s) PUT/POST/File Upload , UDP , Websockets , SockJS. The event driven , non blocking , asynchronous architecture is designed to handle connections and data at scale. The polyglot event bus allows you to declaratively plug in custom data handlers in numerous different languages(Java , Javascript , Python, Groovy , Scala , Clojure , Ruby etc..) to pre-process raw data before indexing in Splunk. Secure transport channels also allow for client certificate authentication.
The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.
For details of the support we offer for our Apps , browse to : https://www.baboonbones.com/#support
This App is fully AppInspect passed for running in your own Splunk Enterprise environments or running on your own Forwarders and sending the data into Splunk Cloud.
This is a Splunk Add-On for receiving data via a number of different data protocols such as TCP , TCP(s) ,HTTP(s) PUT/POST/File Upload , UDP , Websockets , SockJS. The event driven , non blocking , asynchronous architecture is designed to handle connections and data at scale. The polyglot event bus allows you to declaratively plug in custom data handlers in numerous different languages(Java , Javascript , Python, Groovy , Scala , Clojure , Ruby etc..) to pre-process raw data before indexing in Splunk. Secure transport channels also allow for client certificate authentication.
The Python code in this App is dual 2.7/3 compatible.
This version of the App enforces Python 3 for execution of the modular input script when running on Splunk 8+ in order to satisfy Splunkbase AppInspect requirements.
If running this App on Splunk versions prior to 8 , then Python 2.7 will get executed.
For details of the support we offer for our Apps , browse to : https://www.baboonbones.com/#support
This App is fully AppInspect passed for running in your own Splunk Enterprise environments or running on your own Forwarders and sending the data into Splunk Cloud.
Release Notes
Version 1.9.7
June 18, 2022
-
in order to support huge modular input configuration xml strings when users want to run a very large number of inputs on 1 single instance of this app , we had to change the way that the child java process is invoked. Previously the xml string was passed as a program argument which could break the max argument size in the Linux kernel. Now we changed the logic to pass the xml string to the java process via the STDIN pipe.
-
The app performs periodic socket pings to the splunkd management port to determine if splunkd is still alive and if splunkd is not responding , usually because it has exited or is not network reachable, then the app self exits it's running java process.The default timeout is now 300 seconds. You can change this timeout value in bin/protocol.py by setting the
SPLUNKD_TIMEOUT_SECSvariable. -
upgraded internal logging libraries to Log4j2 v2.17.2
Version 1.9.6
Dec. 23, 2021
upgraded internal logging libraries to Log4j2 v2.17.0
Version 1.9.5
Dec. 15, 2021
upgraded internal logging libraries to Log4j2 v2.16.0
Version 1.9.4
Dec. 11, 2021
upgraded internal logging libraries to Log4j2 v2.15.0
Version 1.9.3
Oct. 6, 2020
upgraded logging functionality
Version 1.9.2
Sept. 29, 2020
docs update
Version 1.9.1
Aug. 30, 2020
added a setup page to encrypt any credentials you require in your configuration
Version 1.9
Aug. 23, 2020
enforced python3 for execution of the modular input script.If you require Python2.7 , then download a prior version (such as 1.8).
Version 1.8
May 16, 2020
Dual Python 2.7 and 3+ compatibility.
App will run on :
Splunk Enterprise versions back to Splunk 5 where there is only a Python 2.7 runtime shipped
Splunk Enterprise version 8 where there is both a Python 2.7 and Python 3+ runtime shipped
Future versions of Splunk Enterprise where there is only a Python 3+ runtime
Version 1.7
Dec. 30, 2019
added JAXB dependencies for JRE 9+
fixed Splunk 8 compatibility for manager.xml file
Version 1.6.5
June 30, 2019
Search/Replace (with chars or a hash) Custom Data Handler Example
Version 1.6.4
June 25, 2019
cosmetic fixes
Version 1.6.3
May 10, 2019
cosmetic fixes
Version 1.6.2
April 23, 2019
updated docs
Version 1.6.1
April 19, 2019
added trial key functionality
Version 1.6
March 28, 2019
docs updated
Version 1.5.1
June 3, 2018
minor manager xml ui tweak for 7.1
Version 1.5
May 27, 2018
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Docs updated
Splunk 7.1 compatible
Version 1.3
Nov. 17, 2016
Added the latest jython jar to the main classpath because the jython language module that
is dynamically installed is missing some useful jython modules ie:json
Version 1.2
July 28, 2016
Added an example handler for decompressing gzip content
com.splunk.modinput.protocol.handlerverticle.GZipHandler
Version 1.1
Nov. 24, 2015
Minor HEC data handling tweaks
Version 1.0
Sept. 22, 2015
Added support to optional output to Splunk via a HEC (HTTP Event Collector) endpoint
Version 0.7
Feb. 11, 2015
Enabled TLS1.2 support by default.
Made the core Modular Input Framework compatible with latest Splunk Java SDK
Please use a Java Runtime version 7+
If you need to use SSLv3 , you can turn this on in bin/protocol.py
SECURE_TRANSPORT = "tls"
SECURE_TRANSPORT = "ssl"
Version 0.6
Nov. 15, 2014
Abstracted the output transport logic out into verticles.
So you can choose from STDOUT (default for Modular Inputs) or bypass this and output
data to Splunk over other transports ie: TCP.
This also makes it easy to add other output transports in the future.
Futhermore , this makes the implementation of custom data handlers much cleaner as you don't have
worry out output transport logic or formatting Modular Input Stream XML for STDOUT transports.
Version 0.5.1
Nov. 11, 2014
Added langs.properties and repos.txt to the classpath
Version 0.5
Nov. 10, 2014
Initial beta release