A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
pip install splunk-hec-handler
import logging
from splunk_hec_handler import SplunkHecHandler
logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)
# If using self-signed certificate, set ssl_verify to False
# If using http, set proto to http
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
'EA33046C-6FEC-4DC0-AC66-4326E58B54C3',
port=8888, proto='https', ssl_verify=True,
source="HEC_example")
logger.addHandler(splunk_handler)
Following should result in a Splunk entry with _time set to current timestamp.
logger.info("Testing Splunk HEC Info message")
Following should result in a Splunk entry of Monday, 08/06/2018 4:33:43 AM, and contain two custom fields (color, api_endpoint). Custom fields can be seen in verbose mode.
dict_obj = {'time': 1533530023, 'fields': {'color': 'yellow', 'api_endpoint': '/results'},
'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.error(dict_obj)
:warning: In order to use custom fields, 'sourcetype' property must be specified in the event and sourcetype definition must enable indexed field extractions.
See http://dev.splunk.com/view/event-collector/SP-CAAAE6P for 'fields'
Using 'fields', many of the metadata fields associated with an event can be changed from the default. Additionally, new fields, which are not part of the event, can be also added.
In the following example, we are sending events to two different indexes (see "Select Allowed Indexes (optional)" setting) and overriding 'host', 'source', 'sourcetype' fields, while adding some new fields ('color', 'api_endpoint').
import logging
from splunk_hec_handler import SplunkHecHandler
logger = logging.getLogger('SplunkHecHandlerExample')
logger.setLevel(logging.DEBUG)
stream_handler = logging.StreamHandler()
stream_handler.level = logging.DEBUG
logger.addHandler(stream_handler)
token = "EA33046C-6FEC-4DC0-AC66-4326E58B54C3'
splunk_handler = SplunkHecHandler('splunkfw.domain.tld',
token, index="hec",
port=8080, proto='https', ssl_verify=False
source="evtx2json", sourcetype='xxxxxxxx_json')
logger.addHandler(splunk_handler)
dict_obj = {'fields': {'color': 'yellow', 'api_endpoint': '/results', 'host': 'app01', 'index':'hec'},
'user': 'foobar', 'app': 'my demo', 'severity': 'low', 'error codes': [1, 23, 34, 456]}
logger.info(dict_obj)
log_summary_evt = {'fields': {'index': 'adhoc', 'sourcetype': '_json', 'source': 'adv_example'}, 'exit code': 0, 'events logged': 100}
logger.debug(log_summary_evt)
FAQs
A Python logging handler to sends logs to Splunk using HTTP event collector (HEC)
We found that splunk-hec-handler demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Malicious Go packages are impersonating popular libraries to install hidden loader malware on Linux and macOS, targeting developers with obfuscated payloads.
Security News
Bybit's $1.46B hack by North Korea's Lazarus Group pushes 2025 crypto losses to $1.6B in just two months, already surpassing all of 2024's $1.49B total.
Security News
OpenSSF has published OSPS Baseline, an initiative designed to establish a minimum set of security-related best practices for open source software projects.