Merge branch 'develop' into feature/ci-laste-orca

Author: chenziliang

.gitignore

@@ -1,8 +1,8 @@
 .idea
 
-tools/*
-!tools/*.template
-!tools/*.go
+tools/dump_app_info/dump_app_info
+tools/data_gen/data_gen
+
 
 cache.db
 *.out

README.md

@@ -47,108 +47,53 @@ uaac -t member add doppler.firehose splunk-nozzle
 `cloud_controller.admin_read_only` will work for cf v241
 or later. Earlier versions should use `cloud_controller.admin` instead.
 
-
-#### Environment Parameters (declare parameters by making a copy of tools/nozzle.sh.template)
-
-DEBUG -
-Enable debug mode (forward to standard out instead of Splunk).
-
-Cloud Foundry configuration parameters:
-API_ENDPOINT -
-Cloud Foundry API endpoint address.
-
-API_USER -
-Cloud Foundry user name. (Must have scope described above)
-
-API_PASSWORD -
-Cloud Foundry user password.
-
-Splunk configuration parameters:
-SPLUNK_TOKEN -
-[Splunk HTTP event collector token](http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector/).
-
-SPLUNK_HOST -
-Splunk HTTP event collector host.
-example: https://example.cloud.splunk.com:8088
-
-SPLUNK_INDEX -
-The Splunk index events will be sent to.
-Warning: Setting an invalid index will cause events to be lost.
-
-JOB_NAME -
-Tag nozzle log events with job name.
-
-JOB_INDEX -
-Tag nozzle log events with job index.
-
-JOB_HOST -
-Tag nozzle log events with job host.
-
-SKIP_SSL_VALIDATION_CF -
-Skip SSL certificate validation for connection to CF. Secure communications will not check SSL certificates against a trusted CA Authority.
-(recommended for dev environments only).
-
-SKIP_SSL_VALIDATION_SPLUNK -
-Skip SSL certificate validation for connection to Splunk. Secure communications will not check SSL certificates against a trusted CA Authority.
-(recommended for dev environments only).
-
-FIREHOSE_SUBSCRIPTION_ID -
-Tag nozzle events with a firehose subscription id. (More information on  - https://docs.pivotal.io/pivotalcf/1-11/loggregator/log-ops-guide.html).
-
-FIREHOSE_KEEP_ALIVE -
-Keep Alive duration for the firehose consumer.
-
-ADD_APP_INFO -
-Enrich raw data with app details.
-
-IGNORE_MISSING_APP -
-If application is missing, stop repeatedly querying application info from Cloud Foundry.
-
-MISSING_APP_CACHE_INVALIDATE_TTL -
-How frequently the missing app info cache invalidates.
-
-APP_CACHE_INVALIDATE_TTL -
-How frequently the app info local cache invalidates.
-
-APP_LIMITS -
-Restrict to APP_LIMITS most updated apps per request when populating the app metadata cache.
-
-BOLTDB_PATH -
-Bolt Database path.
-
-EVENTS -
-Comma separated list of events to include.
-possible values: ValueMetric,CounterEvent,Error,LogMessage,HttpStartStop,ContainerMetric
-
-EXTRA_FIELDS -
-Extra fields you want to annotate your events with (format is key:value,key:value).
-
-FLUSH_INTERVAL -
-Time interval for flushing queue to Splunk regardless of CONSUMER_QUEUE_SIZE. Protects against stale events in low throughput systems.
-
-CONSUMER_QUEUE_SIZE -
-Set the internal consumer queue buffer size. Events wil be pushed to Splunk after queue is full.
-
-HEC_BATCH_SIZE -
-Set the batch size for the events to push to HEC (Splunk HTTP Event Collector).
-
-HEC_RETRIES -
-Retry count for sending events to Splunk. After expiring events will begin dropping causing data loss.
-
-HEC_WORKERS -
-Set the amount of Splunk HEC workers to increase concurrency while ingesting in Splunk.
-
-SPLUNK_VERSION - Splunk version will determine how metadata fields are ingested for HEC.(example: 6.6).
-
-ENABLE_EVENT_TRACING -
-Enable event trace logging. Splunk events will now contain a UUID, Splunk Nozzle Event Count and Subscription-ID
-for Splunk correlation searches.
+- - - -
+#### Environment Parameters
+You can declare parameters by making a copy of the scripts/nozzle.sh.template. 
+* `DEBUG`: Enable debug mode (forward to standard out instead of Splunk).
+
+__Cloud Foundry configuration parameters:__
+* `API_ENDPOINT`: Cloud Foundry API endpoint address.
+* `API_USER`: Cloud Foundry user name. (Must have scope described above)
+* `API_PASSWORD`: Cloud Foundry user password.
+
+__Splunk configuration parameters:__
+* `SPLUNK_TOKEN`: [Splunk HTTP event collector token](http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector/).
+* `SPLUNK_HOST`: Splunk HTTP event collector host. example: https://example.cloud.splunk.com:8088
+* `SPLUNK_INDEX`: The Splunk index events will be sent to. Warning: Setting an invalid index will cause events to be lost. This index must match one of the selected indexes for the Splunk HTTP event collector token used for the SPLUNK_TOKEN parameter.
+
+__Advanced Configuration Features:__
+* `JOB_NAME`: Tags nozzle log events with job name.
+* `JOB_INDEX`: Tags nozzle log events with job index.
+* `JOB_HOST`: Tags nozzle log events with job host.
+* `SKIP_SSL_VALIDATION_CF`: Skips SSL certificate validation for connection to Cloud Foundry. Secure communications will not check SSL certificates against a trusted certificate authority.
+This is recommended for dev environments only.
+* `SKIP_SSL_VALIDATION_SPLUNK`: Skips SSL certificate validation for connection to Splunk. Secure communications will not check SSL certificates against a trusted certificate authority. 
+This is recommended for dev environments only.
+* `FIREHOSE_SUBSCRIPTION_ID`: Tags nozzle events with a Firehose subscription id. See https://docs.pivotal.io/pivotalcf/1-11/loggregator/log-ops-guide.html.
+* `FIREHOSE_KEEP_ALIVE`: Keep alive duration for the Firehose consumer.
+* `ADD_APP_INFO`: Enriches raw data with app details.
+* `IGNORE_MISSING_APP`: If the application is missing, then stop repeatedly querying application info from Cloud Foundry.
+* `MISSING_APP_CACHE_INVALIDATE_TTL`:  How frequently the missing app info cache invalidates.
+* `APP_CACHE_INVALIDATE_TTL`: How frequently the app info local cache invalidates.
+* `APP_LIMITS`: Restrict to APP_LIMITS the most updated apps per request when populating the app metadata cache.
+* `BOLTDB_PATH`: Bolt database path.
+* `EVENTS`: A comma separated list of events to include. Possible values: ValueMetric,CounterEvent,Error,LogMessage,HttpStartStop,ContainerMetric
+* `EXTRA_FIELDS`: Extra fields to annotate your events with (format is key:value,key:value).
+* `FLUSH_INTERVAL`: Time interval for flushing queue to Splunk regardless of CONSUMER_QUEUE_SIZE. Protects against stale events in low throughput systems.
+* `CONSUMER_QUEUE_SIZE`: Sets the internal consumer queue buffer size. Events will be pushed to Splunk after queue is full.
+* `HEC_BATCH_SIZE`: Set the batch size for the events to push to HEC (Splunk HTTP Event Collector).
+* `HEC_RETRIES`: Retry count for sending events to Splunk. After expiring, events will begin dropping causing data loss.
+* `HEC_WORKERS`: Set the amount of Splunk HEC workers to increase concurrency while ingesting in Splunk.
+* `SPLUNK_VERSION`: The Splunk version that determines how HEC ingests metadata fields. For example: 6.6.
+* `ENABLE_EVENT_TRACING`: Enables event trace logging. Splunk events will now contain a UUID, Splunk Nozzle Event Counts, and a Subscription-ID for Splunk correlation searches.
+
+- - - -
 
 ### Push as an App to Cloud Foundry
 
 [splunk-firehose-nozzle-release](https://github.com/cloudfoundry-community/splunk-firehose-nozzle-release)
-packages this code into a
-[BOSH](https://bosh.io) release for deployment. The code could also be run on
+packages this code into a [BOSH](https://bosh.io) release for deployment. The code could also be run on
 Cloud Foundry as an application. See the **Setup** section for details
 on making a user and credentials.
 

events/events.go

@@ -1,6 +1,7 @@
 package events
 
 import (
+	"encoding/json"
 	"fmt"
 	"sort"
 	"strings"
@@ -235,13 +236,19 @@ func AuthorizedEvents() string {
 }
 
 func ParseSelectedEvents(wantedEvents string) (map[string]bool, error) {
+	wantedEvents = strings.TrimSpace(wantedEvents)
 	selectedEvents := make(map[string]bool)
 	if wantedEvents == "" {
 		selectedEvents["LogMessage"] = true
 		return selectedEvents, nil
 	}
 
-	for _, event := range strings.Split(wantedEvents, ",") {
+	var events []string
+	if err := json.Unmarshal([]byte(wantedEvents), &events); err != nil {
+		events = strings.Split(wantedEvents, ",")
+	}
+
+	for _, event := range events {
 		event = strings.TrimSpace(event)
 		if IsAuthorizedEvent(event) {
 			selectedEvents[event] = true

tile/build.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ "$0" != "./build.sh" ]; then
+  echo "build.sh should be run from within the tile directory"
+  exit 1
+fi
+
+echo "building go binary"
+pushd ..
+curdir=`pwd`
+go get github.com/cloudfoundry-community/splunk-firehose-nozzle
+cd $GOPATH/src/github.com/cloudfoundry-community/splunk-firehose-nozzle && git checkout master && env GOOS=linux GOARCH=amd64 make build VERSION=1.0.0
+cp $GOPATH/src/github.com/cloudfoundry-community/splunk-firehose-nozzle/splunk-firehose-nozzle ${curdir}/../splunk-firehose-nozzle/
+cd ${curdir}
+popd
+
+echo "building tile"
+tile build

tile/icon.png

@@ -0,0 +1,4 @@
+---
+history:
+- 0.2.1
+version: 1.0.0

tile/tile-history.yml

@@ -0,0 +1,134 @@
+---
+name: splunk-nozzle
+label: Splunk Firehose Nozzle for PCF
+description: Forward firehose logs & metrics to Splunk
+icon_file: icon.png
+
+apply_open_security_group: true       # Apply open security group, default: false
+allow_paid_service_plans: true        # Allow paid service plans, default: false
+
+stemcell_criteria:
+  os: ubuntu-trusty
+  requires_cpi: false
+  version: '3421'
+
+properties:
+- name: author
+  type: string
+  label: Author
+  value: Shubham Jain
+
+forms:
+- name: splunk-config
+  label: Splunk Settings
+  description: Splunk HTTP Event Collector Settings
+  markdown: |
+    Configure your Splunk HTTP Event Collector. See http://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
+  properties:
+  - name: splunk_host
+    type: string
+    label: HTTP Event Collector Endpoint URL
+    description: HTTP Event Collector endpoint URL. 
+  - name: splunk_token
+    type: secret
+    label: HTTP Event Collector Token
+    description: Splunk HTTP Event Collector token.
+  - name: skip_ssl_validation_splunk
+    type: boolean
+    label: Skip SSL Validation
+    default: false
+    description: Skip SSL certificate validation for connection to Splunk. Secure communications will not check SSL certificates against a trusted Certificate Authority. Skipping SSL validation in production environment is not recommended.
+  - name: splunk_index
+    type: string
+    label: Index
+    description: The name of the Splunk index that events will be sent to. WARNING:Setting an invalid index will cause events to be lost.
+    default: main      
+
+- name: cf-config
+  label: Cloud Foundry Settings
+  description: Cloud Foundry Connection Settings
+  properties:
+  - name: api_endpoint
+    type: string
+    label: API Endpoint
+    description: Cloud Foundry API endpoint.
+  - name: api_user
+    type: string
+    label: API User
+    description: API username
+  - name: api_password
+    type: secret
+    label: API Password
+    description: Password for API user
+  - name: skip_ssl_validation_cf
+    type: boolean
+    label: Skip SSL Validation
+    default: false
+    description: Skip SSL certificate validation for connection to Cloud Foundry. Secure communications will not check SSL certificates against a trusted Certificate Authority. Skipping SSL validation in production environment is not recommended.
+  - name: events
+    type: multi_select_options
+    label: Event Types
+    default: ['HttpStartStop', 'LogMessage', 'ValueMetric', 'CounterEvent', 'Error', 'ContainerMetric']
+    options:
+      - name: HttpStartStop
+        label: HttpStartStop
+      - name: LogMessage
+        label: LogMessage
+      - name: ValueMetric
+        label: ValueMetric
+      - name: CounterEvent
+
+        label: CounterEvent
+      - name: Error
+        label: Error
+      - name: ContainerMetric
+        label: ContainerMetric
+    description: Event types to forward to Splunk.     
+
+- name: advanced
+  label: Advanced
+  description: Additional Nozzle Configuration
+  properties: 
+  - name: scale_out_nozzle
+    type: integer
+    label: Scale Out Nozzle
+    description: Scale out Splunk nozzle. Recommendation:Run 2 or more nozzles for high availability.
+    default: 2
+  - name: firehose_subscription_id
+    type: string
+    label: Firehose Subscription ID
+    description: Unique subscription ID to nozzle. Firehose balances across socket connections with the same ID. 
+    optional: true
+  - name: extra_fields
+    type: string
+    label: Additional Fields
+    description: A set of user defined key:value pairs that are added to all Splunk events that do not occur in the event payload. Expected format - key1:value1, key2:value2, key3:value3
+    optional: true
+  - name: add_app_info
+    type: boolean
+    default: false
+    label: Add App Information
+    description: Enriches raw data with application metadata, such as application name, space name, org name, etc.
+  - name: enable_event_tracing  
+    type: boolean
+    label: Enable Event Tracing
+    default: false
+    description: Enables data loss tracing.
+    
+
+packages:
+- name: splunk-firehose-nozzle
+  type: app
+  label: Splunk-Firehose-Nozzle
+  manifest:
+    memory: 256M
+    instances: MY_INSTANCE_COUNT
+    buildpack: binary_buildpack
+    health-check-type: process
+    no-route: true
+    path: ../splunk-firehose-nozzle
+    command: ./splunk-firehose-nozzle
+    env:
+      GOPACKAGENAME: main
+  pre_deploy: |
+    sed -i "s/MY_INSTANCE_COUNT/$SCALE_OUT_NOZZLE/g" $PACKAGE_PATH/splunk_firehose_nozzle/manifest.yml