service = $service; } // === Operations === /** * Logs one or more events to the specified index. * * In addition to the index name it is highly recommended to specify * a sourcetype explicitly. * * @param string $data Raw event text. * This may contain data for multiple events. * Under the default configuration, line breaks * ("\n") can be inserted to separate multiple events. * @param array $args (optional) {
* **host**: (optional) The value to populate in the host field * for events from this data input.
* **host_regex**: (optional) A regular expression used to * extract the host value from each event.
* **index**: (optional) The index to send events from this * input to. Highly recommended. Defaults to "default".
* **source**: (optional) The source value to fill in the * metadata for this input's events.
* **sourcetype**: (optional) The sourcetype to apply to * events from this input.
* } * @throws Splunk_IOException * @link http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fsimple */ public function submit($data, $args=array()) { // (Avoid the normal post() method, since we aren't sending form data.) $this->service->sendRequest( 'post', '/services/receivers/simple', array('Content-Type' => 'text/plain'), $data, $args); } /** * Creates a stream for logging events to the specified index. * * In addition to the index name it is highly recommended to specify * a sourcetype explicitly. * * The returned stream should eventually be closed via fclose(). * * @param array $args (optional) {
* **host**: (optional) The value to populate in the host field * for events from this data input.
* **host_regex**: (optional) A regular expression used to * extract the host value from each event.
* **index**: (optional) The index to send events from this * input to. Highly recommended. Defaults to "default".
* **source**: (optional) The source value to fill in the * metadata for this input's events.
* **sourcetype**: (optional) The sourcetype to apply to * events from this input.
* } * @return resource A stream that you can write event text to. * @throws Splunk_IOException * @link http://docs.splunk.com/Documentation/Splunk/latest/RESTAPI/RESTinput#receivers.2Fstream */ public function attach($args=array()) { $scheme = $this->service->getScheme(); $host = $this->service->getHost(); $port = $this->service->getPort(); $errno = 0; $errstr = ''; if ($scheme == 'http') $stream = @fsockopen($host, $port, /*out*/ $errno, /*out*/ $errstr); else if ($scheme == 'https') $stream = @fsockopen('ssl://' . $host, $port, /*out*/ $errno, /*out*/ $errstr); else throw new Splunk_UnsupportedOperationException( 'Unsupported URL scheme.'); if ($stream === FALSE) throw new Splunk_ConnectException($errstr, $errno); $path = '/services/receivers/stream?' . http_build_query($args); $token = $this->service->getToken(); $headers = array( "POST {$path} HTTP/1.1\r\n", "Host: {$host}:{$port}\r\n", "Accept-Encoding: identity\r\n", "Authorization: {$token}\r\n", "X-Splunk-Input-Mode: Streaming\r\n", "\r\n", ); Splunk_Util::fwriteall($stream, implode('', $headers)); return $stream; } }