jay-johnson/splunk_send_json_fields_over_tcp.py

## splunk_send_json_fields_over_tcp.py
#!/usr/bin/env python

import os
import sys
import json
import socket
import datetime
import time


SPLUNK_TOKEN = os.getenv(
    'SPLUNK_TOKEN',
    None)
SPLUNK_TCP_ADDRESS = os.getenv(
    'SPLUNK_TCP_ADDRESS',
    'splunkenterprise:1514')


def format_record(
        token=None):
    """format_record

    :param token: existing splunk token
    """
    use_token = token
    if not use_token:
        use_token = SPLUNK_TOKEN
    if not use_token:
        print('missing token or env var for SPLUNK_TOKEN')
        return None
    log_dict = {
        'name': 'payments',
        'message': 'testing messages with json fields show up in splunk',
        'env': 'dev',
        'dc': 'openshift',
        'tags': [
            'pci',
            'ecomm'
        ],
        'levelname': 'INFO',
        'timestamp': time.time(),
        'date': datetime.datetime.utcnow().strftime(
            '%Y-%m-%d %H:%M:%S')
    }
    log_msg = ('{}').format(
        json.dumps(log_dict))
    if token:
        log_msg = ('token={}, body={}').format(
            use_token,
            json.dumps(log_dict))
    return log_msg
# end of format_record


def run_main(
        token=None,
        address=None):
    """run_main

    Publish logs to Splunk over a TCP data input with
    the sourcetype set to ``_json``

    :param token: splunk token to use
    :param address: splunk TCP endpoint address <fqdn:port>
    """

    use_token = token
    if not use_token:
        use_token = SPLUNK_TOKEN
    use_address = address
    if not use_address:
        use_address = SPLUNK_TCP_ADDRESS

    address_split = use_address.split(':')
    host = address_split[0]
    port = int(address_split[1])
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((host, port))
    log_msg = format_record(
        token=token)
    if log_msg:
        print('publishing log={} address={}'.format(
            log_msg,
            use_address))
        is_py2 = sys.version[0] == '2'
        if is_py2:
            s.send(log_msg)
        else:
            s.send(log_msg.encode())
    else:
        print('failed to build a log msg={}'.format(
            log_msg))
# end of run_main


if __name__ == '__main__':
    run_main()
	#!/usr/bin/env python

	import os
	import sys
	import json
	import socket
	import datetime
	import time


	SPLUNK_TOKEN = os.getenv(
	'SPLUNK_TOKEN',
	None)
	SPLUNK_TCP_ADDRESS = os.getenv(
	'SPLUNK_TCP_ADDRESS',
	'splunkenterprise:1514')


	def format_record(
	token=None):
	"""format_record

	:param token: existing splunk token
	"""
	use_token = token
	if not use_token:
	use_token = SPLUNK_TOKEN
	if not use_token:
	print('missing token or env var for SPLUNK_TOKEN')
	return None
	log_dict = {
	'name': 'payments',
	'message': 'testing messages with json fields show up in splunk',
	'env': 'dev',
	'dc': 'openshift',
	'tags': [
	'pci',
	'ecomm'
	],
	'levelname': 'INFO',
	'timestamp': time.time(),
	'date': datetime.datetime.utcnow().strftime(
	'%Y-%m-%d %H:%M:%S')
	}
	log_msg = ('{}').format(
	json.dumps(log_dict))
	if token:
	log_msg = ('token={}, body={}').format(
	use_token,
	json.dumps(log_dict))
	return log_msg
	# end of format_record


	def run_main(
	token=None,
	address=None):
	"""run_main

	Publish logs to Splunk over a TCP data input with
	the sourcetype set to ``_json``

	:param token: splunk token to use
	:param address: splunk TCP endpoint address <fqdn:port>
	"""

	use_token = token
	if not use_token:
	use_token = SPLUNK_TOKEN
	use_address = address
	if not use_address:
	use_address = SPLUNK_TCP_ADDRESS

	address_split = use_address.split(':')
	host = address_split[0]
	port = int(address_split[1])
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((host, port))
	log_msg = format_record(
	token=token)
	if log_msg:
	print('publishing log={} address={}'.format(
	log_msg,
	use_address))
	is_py2 = sys.version[0] == '2'
	if is_py2:
	s.send(log_msg)
	else:
	s.send(log_msg.encode())
	else:
	print('failed to build a log msg={}'.format(
	log_msg))
	# end of run_main


	if __name__ == '__main__':
	run_main()