forked from vectordotdev/vector
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsplunk_hec.cue
206 lines (178 loc) · 6.51 KB
/
splunk_hec.cue
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
package metadata
base: components: sources: splunk_hec: configuration: {
acknowledgements: {
description: "Acknowledgement configuration for the `splunk_hec` source."
required: false
type: object: options: {
ack_idle_cleanup: {
description: """
Whether or not to remove channels after idling for `max_idle_time` seconds.
A channel is idling if it is not used for sending data or querying acknowledgement statuses.
"""
required: false
type: bool: default: false
}
enabled: {
description: "Enables end-to-end acknowledgements."
required: false
type: bool: {}
}
max_idle_time: {
description: """
The amount of time, in seconds, a channel is allowed to idle before removal.
Channels can potentially idle for longer than this setting but clients should not rely on such behavior.
Minimum of `1`.
"""
required: false
type: uint: default: 300
}
max_number_of_ack_channels: {
description: """
The maximum number of Splunk HEC channels clients can use with this source.
Minimum of `1`.
"""
required: false
type: uint: default: 1000000
}
max_pending_acks: {
description: """
The maximum number of acknowledgement statuses pending query across all channels.
Equivalent to the `max_number_of_acked_requests_pending_query` Splunk HEC setting.
Minimum of `1`.
"""
required: false
type: uint: default: 10000000
}
max_pending_acks_per_channel: {
description: """
The maximum number of acknowledgement statuses pending query for a single channel.
Equivalent to the `max_number_of_acked_requests_pending_query_per_ack_channel` Splunk HEC setting.
Minimum of `1`.
"""
required: false
type: uint: default: 1000000
}
}
}
address: {
description: """
The socket address to listen for connections on.
The address _must_ include a port.
"""
required: false
type: string: default: "0.0.0.0:8088"
}
store_hec_token: {
description: """
Whether or not to forward the Splunk HEC authentication token with events.
If set to `true`, when incoming requests contain a Splunk HEC token, the token used is kept in the
event metadata and preferentially used if the event is sent to a Splunk HEC sink.
"""
required: false
type: bool: default: false
}
tls: {
description: "Configures the TLS options for incoming/outgoing connections."
required: false
type: object: options: {
alpn_protocols: {
description: """
Sets the list of supported ALPN protocols.
Declare the supported ALPN protocols, which are used during negotiation with peer. They are prioritized in the order
that they are defined.
"""
required: false
type: array: items: type: string: examples: ["h2"]
}
ca_file: {
description: """
Absolute path to an additional CA certificate file.
The certificate must be in the DER or PEM (X.509) format. Additionally, the certificate can be provided as an inline string in PEM format.
"""
required: false
type: string: examples: ["/path/to/certificate_authority.crt"]
}
crt_file: {
description: """
Absolute path to a certificate file used to identify this server.
The certificate must be in DER, PEM (X.509), or PKCS#12 format. Additionally, the certificate can be provided as
an inline string in PEM format.
If this is set, and is not a PKCS#12 archive, `key_file` must also be set.
"""
required: false
type: string: examples: ["/path/to/host_certificate.crt"]
}
enabled: {
description: """
Whether or not to require TLS for incoming or outgoing connections.
When enabled and used for incoming connections, an identity certificate is also required. See `tls.crt_file` for
more information.
"""
required: false
type: bool: {}
}
key_file: {
description: """
Absolute path to a private key file used to identify this server.
The key must be in DER or PEM (PKCS#8) format. Additionally, the key can be provided as an inline string in PEM format.
"""
required: false
type: string: examples: ["/path/to/host_certificate.key"]
}
key_pass: {
description: """
Passphrase used to unlock the encrypted key file.
This has no effect unless `key_file` is set.
"""
required: false
type: string: examples: ["${KEY_PASS_ENV_VAR}", "PassWord1"]
}
verify_certificate: {
description: """
Enables certificate verification.
If enabled, certificates must not be expired and must be issued by a trusted
issuer. This verification operates in a hierarchical manner, checking that the leaf certificate (the
certificate presented by the client/server) is not only valid, but that the issuer of that certificate is also valid, and
so on until the verification process reaches a root certificate.
Relevant for both incoming and outgoing connections.
Do NOT set this to `false` unless you understand the risks of not verifying the validity of certificates.
"""
required: false
type: bool: {}
}
verify_hostname: {
description: """
Enables hostname verification.
If enabled, the hostname used to connect to the remote host must be present in the TLS certificate presented by
the remote host, either as the Common Name or as an entry in the Subject Alternative Name extension.
Only relevant for outgoing connections.
Do NOT set this to `false` unless you understand the risks of not verifying the remote hostname.
"""
required: false
type: bool: {}
}
}
}
token: {
deprecated: true
deprecated_message: "This option has been deprecated, use `valid_tokens` instead."
description: """
Optional authorization token.
If supplied, incoming requests must supply this token in the `Authorization` header, just as a client would if
it was communicating with the Splunk HEC endpoint directly.
If _not_ supplied, the `Authorization` header is ignored and requests are not authenticated.
"""
required: false
type: string: {}
}
valid_tokens: {
description: """
Optional list of valid authorization tokens.
If supplied, incoming requests must supply one of these tokens in the `Authorization` header, just as a client
would if it was communicating with the Splunk HEC endpoint directly.
If _not_ supplied, the `Authorization` header is ignored and requests are not authenticated.
"""
required: false
type: array: items: type: string: examples: ["A94A8FE5CCB19BA61C4C08"]
}
}