vector/sinks/splunk_hec/common/mod.rs
1pub mod acknowledgements;
2pub mod request;
3pub mod response;
4pub mod service;
5pub mod util;
6
7pub use util::*;
8use vector_lib::configurable::configurable_component;
9
10pub(super) const SOURCE_FIELD: &str = "source";
11pub(super) const SOURCETYPE_FIELD: &str = "sourcetype";
12pub(super) const INDEX_FIELD: &str = "index";
13pub(super) const HOST_FIELD: &str = "host";
14pub(super) const AUTO_EXTRACT_TIMESTAMP_FIELD: &str = "auto_extract_timestamp";
15
16/// Splunk HEC endpoint configuration.
17#[configurable_component]
18#[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
19#[serde(rename_all = "snake_case")]
20pub enum EndpointTarget {
21 /// Events are sent to the [raw endpoint][raw_endpoint_docs].
22 ///
23 /// When the raw endpoint is used, configured [event metadata][event_metadata_docs] is sent as
24 /// query parameters on the request, except for the `timestamp` field.
25 ///
26 /// [raw_endpoint_docs]: https://docs.splunk.com/Documentation/Splunk/8.0.0/RESTREF/RESTinput#services.2Fcollector.2Fraw
27 /// [event_metadata_docs]: https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata
28 Raw,
29
30 /// Events are sent to the [event endpoint][event_endpoint_docs].
31 ///
32 /// When the event endpoint is used, configured [event metadata][event_metadata_docs] is sent
33 /// directly with each event.
34 ///
35 /// [event_endpoint_docs]: https://docs.splunk.com/Documentation/Splunk/8.0.0/RESTREF/RESTinput#services.2Fcollector.2Fevent
36 /// [event_metadata_docs]: https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#Event_metadata
37 #[default]
38 Event,
39}