fix: remove t_edge_hec

splunk · Mar 5, 2024 · 8c29736 · 8c29736
1 parent 7261d6a
commit 8c29736
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 43 deletions.
diff --git a/charts/splunk-connect-for-syslog/templates/statefulset.yaml b/charts/splunk-connect-for-syslog/templates/statefulset.yaml
@@ -56,10 +56,6 @@ spec:
                 key: hec_token
                 name: splunk-connection
           {{- end }}
-          {{- if .Values.splunk.hec_template }}
-          - name: SC4S_HEC_TEMPLATE
-            value: "{{ .Values.splunk.hec_template }}"
-          {{- end }}
           - name: SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY
             value: "{{ .Values.splunk.hec_verify_tls }}"
           {{- if .Values.persistence.enabled }}              

diff --git a/docs/edge_processor.md b/docs/edge_processor.md
@@ -37,27 +37,3 @@ stateDiagram
 
  1. Use IP of EP instance as HEC URL
  2. Use token from EP Global Settings
- 3. Use EP API format: t_edge_hec
-
-### Docker:
-
-Update `env_file`:
-```
-SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=http://x.x.x.x:8088
-SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=secret
-SC4S_HEC_TEMPLATE=t_edge_hec
-```
-
-### Kubernetes:
-
-Update `values.yaml`:
-```
-splunk:
-    hec_url: "http://x.x.x.x:8088"
-    hec_token: "secret"
-    hec_template: "t_edge_hec"
-```
-
-## TLS
-
- Coming soon...
diff --git a/package/etc/conf.d/conflib/_common/t_templates.conf b/package/etc/conf.d/conflib/_common/t_templates.conf
@@ -137,19 +137,6 @@ template t_JSON_5424_SDATA {
     };
 
 template t_splunk_hec {
-    template('$(format-json
-        time=$(if ("${.netsource.sc4s_use_recv_time}" eq "yes") "$R_UNIXTIME" "$S_UNIXTIME")
-        host=$(lowercase ${HOST})
-        source=${.splunk.source:-SC4S}
-        sourcetype=${.splunk.sourcetype:-sc4s:fallback}
-        index=${.splunk.index:-main}
-        event="$(template ${.splunk.sc4s_template:-t_hdr_msg})"
-        fields.sc4s_tags="$(implode "|" $(explode "," "$TAGS"))"
-        fields.*
- )');
-};
-
-template t_edge_hec {
     template('$(format-json
         time=$(if ("${.netsource.sc4s_use_recv_time}" eq "yes") ${R_UNIXTIME} ${S_UNIXTIME})
         host=$(lowercase ${HOST})

diff --git a/package/etc/conf.d/destinations/dest_hec/plugin.py b/package/etc/conf.d/destinations/dest_hec/plugin.py
@@ -21,8 +21,7 @@ def hec_endpoint_collector(hec_path, url_hec):
 )
 tm = templateEnv.get_template("plugin.jinja")
 
-t_hec_template = os.getenv("SC4S_HEC_TEMPLATE", "t_splunk_hec")
-msg_template = "$(template ${.splunk.sc4s_hec_template} $(template %s))" % t_hec_template
+msg_template = "$(template ${.splunk.sc4s_hec_template} $(template t_splunk_hec))"
 dest_mode = "_fmt"
 dests = []