# Copyright 2011-2014 Splunk, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"): you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. try: import xml.etree.cElementTree as ET except ImportError as ie: import xml.etree.ElementTree as ET class Event(object): """Represents an event or fragment of an event to be written by this modular input to Splunk. To write an input to a stream, call the ``write_to`` function, passing in a stream. """ def __init__(self, data=None, stanza=None, time=None, host=None, index=None, source=None, sourcetype=None, done=True, unbroken=True): """There are no required parameters for constructing an Event **Example with minimal configuration**:: my_event = Event( data="This is a test of my new event.", stanza="myStanzaName", time="%.3f" % 1372187084.000 ) **Example with full configuration**:: excellent_event = Event( data="This is a test of my excellent event.", stanza="excellenceOnly", time="%.3f" % 1372274622.493, host="localhost", index="main", source="Splunk", sourcetype="misc", done=True, unbroken=True ) :param data: ``string``, the event's text. :param stanza: ``string``, name of the input this event should be sent to. :param time: ``float``, time in seconds, including up to 3 decimal places to represent milliseconds. :param host: ``string``, the event's host, ex: localhost. :param index: ``string``, the index this event is specified to write to, or None if default index. :param source: ``string``, the source of this event, or None to have Splunk guess. :param sourcetype: ``string``, source type currently set on this event, or None to have Splunk guess. :param done: ``boolean``, is this a complete ``Event``? False if an ``Event`` fragment. :param unbroken: ``boolean``, Is this event completely encapsulated in this ``Event`` object? """ self.data = data self.done = done self.host = host self.index = index self.source = source self.sourceType = sourcetype self.stanza = stanza self.time = time self.unbroken = unbroken def write_to(self, stream): """Write an XML representation of self, an ``Event`` object, to the given stream. The ``Event`` object will only be written if its data field is defined, otherwise a ``ValueError`` is raised. :param stream: stream to write XML to. """ if self.data is None: raise ValueError("Events must have at least the data field set to be written to XML.") event = ET.Element("event") if self.stanza is not None: event.set("stanza", self.stanza) event.set("unbroken", str(int(self.unbroken))) # if a time isn't set, let Splunk guess by not creating a