Package io.quarkiverse.logging.splunk

Class SplunkConfig

  • @ConfigRoot(phase=RUN_TIME,
            name="log.handler.splunk")
public class SplunkConfig
extends Object
    Configuration for Splunk HEC logging

    • Field Detail

      • enabled

        @ConfigItem(defaultValue="true")
public boolean enabled
        Determine whether to enable the handler

      • level

        @ConfigItem(defaultValue="ALL")
public Level level
        The splunk handler log level. By default, it is no more strict than the root handler level.

      • url

        @ConfigItem(defaultValue="https://localhost:8088/")
public String url
        Splunk HEC endpoint base url.

        With raw events, the endpoint targeted is /services/collector/raw. With flat or nested JSON events, the endpoint targeted is /services/collector/event/1.0.

      • disableCertificateValidation

        @ConfigItem(defaultValue="false")
public boolean disableCertificateValidation
        Disable TLS certificate validation with HEC endpoint

      • token

        @ConfigItem
public Optional<String> token
        The application token to authenticate with HEC, the token is mandatory if the extension is enabled https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#HEC_token

      • sendMode

        @ConfigItem(defaultValue="sequential")
public SplunkConfig.SendMode sendMode
        The strategy to send events to HEC.

        In sequential mode, there is only one HTTP connection to HEC and the order of events is preserved, but performance is lower. In parallel mode, event batches are sent asynchronously over multiple HTTP connections, and events with the same timestamp (that has 1 millisecond resolution) may be indexed out of order by Splunk.

      • channel

        @ConfigItem
public Optional<String> channel
        A GUID to identify an HEC client and guarantee isolation at HEC level in case of slow clients. https://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHECIDXAck#About_channels_and_sending_data

      • batchInterval

        @ConfigItem(defaultValue="10s")
public Duration batchInterval
        Batching delay before sending a group of events. If 0, the events are sent immediately.

      • batchSizeCount

        @ConfigItem(defaultValue="10")
public long batchSizeCount
        Maximum number of events in a batch. By default 10, if 0 no batching.

      • batchSizeBytes

        @ConfigItem(defaultValue="10")
public long batchSizeBytes
        Maximum total size in bytes of events in a batch. By default 10KB, if 0 no batching.

      • maxRetries

        @ConfigItem(defaultValue="0")
public long maxRetries
        Maximum number of retries in case of I/O exceptions with HEC connection.

      • format

        @ConfigItem(defaultValue="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n")
public String format
        The log format, defining which metadata are inlined inside the log main payload.

        Specific metadata (hostname, category, thread name, ...), as well as MDC key/value map, can also be sent in a structured way.

      • includeException

        @ConfigItem(defaultValue="false")
public boolean includeException
        Whether to send the thrown exception message as a structured metadata of the log event (as opposed to %e in a formatted message, it does not include the exception name or stacktrace). Only applicable to 'nested' serialization.

      • includeLoggerName

        @ConfigItem(defaultValue="false")
public boolean includeLoggerName
        Whether to send the logger name as a structured metadata of the log event (equivalent of %c in a formatted message). Only applicable to 'nested' serialization.

      • includeThreadName

        @ConfigItem(defaultValue="false")
public boolean includeThreadName
        Whether to send the thread name as a structured metadata of the log event (equivalent of %t in a formatted message). Only applicable to 'nested' serialization.

      • metadataHost

        @ConfigItem(defaultValueDocumentation="The equivalent of %h in a formatted message")
public Optional<String> metadataHost
        Overrides the host name metadata value.

      • metadataSource

        @ConfigItem
public Optional<String> metadataSource
        The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app. https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata

      • metadataSourceType

        @ConfigItem(defaultValueDocumentation="_json for nested serialization, not set otherwise")
public Optional<String> metadataSourceType
        The optional format of the events, to enable some parsing on Splunk side. https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata

        A given source type may have indexed fields extraction enabled, which is the case of the built-in _json used for nested serialization.

      • metadataIndex

        @ConfigItem
public Optional<String> metadataIndex
        The optional name of the index by which the event data is to be stored. If set, it must be within the list of allowed indexes of the token (if it has the indexes parameter set). https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata

      • metadataFields

        @ConfigItem
public Map<String,​String> metadataFields
        Optional static key/value pairs to populate the "fields" key of event metadata. This isn't applicable to raw serialization. https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata

      • metadataSeverityFieldName

        @ConfigItem(defaultValue="severity")
public String metadataSeverityFieldName
        The name of the key used to convey the severity / log level in the metadata fields. Only applicable to 'flat' serialization. With 'nested' serialization, there is already a 'severity' field.

      • raw

        @Deprecated(forRemoval=true)
@ConfigItem(defaultValue="false")
public boolean raw
        Deprecated, for removal: This API element is subject to removal in a future version.
        Use serialization
        Determines whether the events are sent in raw mode. In case the raw event (i.e. the actual log message) is not a JSON object you need to explicitly set a source type or Splunk will reject the event (the default source type, _json, assumes that the incoming event can be parsed as JSON)

      • serialization

        @ConfigItem(defaultValue="nested")
public SplunkConfig.SerializationFormat serialization
        The format of the payload.
        • With raw serialization, the log message is sent 'as is' in the HTTP body. Metadata can only be common to a whole batch and are sent via HTTP parameters.
        • With nested serialization, the log message is sent into a 'message' field of a JSON structure which also contains dynamic metadata.
        • With flat serialization, the log message is sent into the root 'event' field. Dynamic metadata is sent via the 'fields' root object.

    • Constructor Detail

      • SplunkConfig

        public SplunkConfig()