Skip to content

parsedmarc.sink.splunk 🔗

Splunk 🔗

Splunk(
    name: str = "default",
    config: dict[str, Any] | None = None,
)

Bases: Sink

Sink that stores reports using the SPlunk HTTP Events Collector (HEC)

References:

- http://docs.splunk.com/Documentation/Splunk/latest/Data/AboutHEC
- http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector

New in 9.0.

PARAMETER DESCRIPTION
name

profile name for this instance, ideally should be unqiue to easily idenfity this instance and any log messages it produces

TYPE: str DEFAULT: 'default'

config

config for this instance

TYPE: dict[str, Any] | None DEFAULT: None

state property 🔗

state: AppState

Read only Sink state

cleanup 🔗

cleanup() -> None

Perform cleanup on this source.

This method is called as a part of self.shutdown.

Child classes can override this method to implement their own logic. It is still recomended to call super().cleanup().

process_report 🔗

process_report(report: Report) -> None

Default method for processing reports.

Rather than directly processing reports, checks for methods matching a given report type and if it exists passes teh report to it. If no method exists for the given report does nothing.

Supported methods:

  • process_aggregate_report
  • process_forensic_report

shutdown 🔗

shutdown(
    timeout: int | float = 120, force: bool = False
) -> None

Attempt to gracefully shutdown this source.

PARAMETER DESCRIPTION
timeout

Giveup after this many seonds (TODO)

TYPE: int | float DEFAULT: 120

force

If a timeout would occur, instead force shutdown.

TYPE: bool DEFAULT: False

validate_config 🔗

validate_config() -> None

Validate the config of this instance

Child classes can override this method to implement their own logic. It is still recomended to call super().validate_config().

SplunkClientConfig 🔗

Bases: BaseModel

Splunk Client Config

SplunkConfig 🔗

Bases: BaseConfig

Splunk Config