Skip to content

Allows to specify index when using splunk HTTP Event collector#232

Open
william-billaud wants to merge 1 commit into
fox-it:mainfrom
william-billaud:improve_splunk_adapter
Open

Allows to specify index when using splunk HTTP Event collector#232
william-billaud wants to merge 1 commit into
fox-it:mainfrom
william-billaud:improve_splunk_adapter

Conversation

@william-billaud

Copy link
Copy Markdown
Contributor

Changes:

  • Make Splunk help more consistent with other adapter (Optional arguments + how default/possible value are presented).

  • Add an optional argument : [INDEX]: The name of the index by which the event data is to be indexed (default: None, use token default index). Ignored when PROTOCOL is tcp.

Test

Regarding testing :

  • Create multiple index (e.g test_dissect_records / test_dissect_json)
  • Add these index to the HTTP event collector (e.g : )
screen_2026_07_01_15_19_11

E.g with a securelog.rec file with 9 records :

records

cat securelog.rec  | uv run --extra splunk rdump -vvv -w "splunk+https://127.0.0.1:8088?token=<XXXX>&sourcetype=records&ssl_verify=false&index=test_dissect_records"
screen_2026_07_01_15_26_44

json

cat securelog.rec  | uv run --extra splunk rdump -vvv -w "splunk+https://127.0.0.1:8088?token=<XXXX>&sourcetype=json&ssl_verify=false&index=test_dissect_json"
screen_2026_07_01_15_28_11

…ts + how default/possible value are presented).

Add an optionnal arguement :     [INDEX]: The name of the index by which the event data is to be indexed (default: None, use token default index).
        Ignored when PROTOCOL is tcp.
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.31%. Comparing base (e6b58fd) to head (71c247b).

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #232      +/-   ##
==========================================
+ Coverage   84.29%   84.31%   +0.02%     
==========================================
  Files          35       35              
  Lines        3756     3761       +5     
==========================================
+ Hits         3166     3171       +5     
  Misses        590      590              
Flag Coverage Δ
unittests 84.31% <100.00%> (+0.02%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Allows to specify index when using splunk HTTP Event collector

1 participant