wip

Author: ykoer

.github/actions/post_logs_to_splunk_hec/Dockerfile

@@ -0,0 +1,8 @@
+# Container image that runs your code
+FROM python:3.8-slim-buster
+
+# Copies your code file from your action repository to the filesystem path `/` of the container
+COPY entrypoint.sh /entrypoint.sh
+
+# Code file to execute when the docker container starts up (`entrypoint.sh`)
+ENTRYPOINT ["/entrypoint.sh"]

.github/actions/post_logs_to_splunk_hec/README.md

@@ -0,0 +1,2 @@
+# POST GitHub Workflow Logs to Splunk HTTP Event Collector
+test

.github/actions/post_logs_to_splunk_hec/action.yml

@@ -0,0 +1,31 @@
+# action.yml
+name: 'Post Logs to Splunk HEC'
+description: 'Upload GitHub Workflow logs to Splunk HEC'
+inputs:
+  splunk-url:
+    description: 'Full URL for Splunk HEC endpoint'
+    required: true
+  hec-token:
+    description: 'Splunk HEC Token'
+    required: true
+  sourcetype:
+    description: 'Splunk Sourcetype'
+    default: 'github_workflow_log_job'
+  source:
+    description: 'GitHub Workflow name'
+    default: ${{ github.workflow }}
+  workflowID:
+    description: 'The Workflow Run number'
+    default: ${{ github.run_id}}
+outputs:
+  status:
+    description: 'value is success/fail based on app inspect result'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+    - ${{ inputs.splunk-url }}
+    - ${{ inputs.hec-token }}
+    - ${{ inputs.sourcetype }}
+    - ${{ inputs.source }}
+    - ${{ inputs.workflowID }}

.github/actions/post_logs_to_splunk_hec/entrypoint.sh

@@ -0,0 +1,46 @@
+#!/bin/sh -l
+
+python3 -m pip install requests
+echo "
+import os
+import requests
+import re
+from datetime import datetime
+import json
+
+logfile = open(os.path.join(os.path.dirname(os.path.abspath(__file__)), \"file.log\"),'r')
+Lines = logfile.readlines()
+
+batch = count = 0
+url = \"$1services/collector/event\"
+token=\"$2\"
+headers = {\"Authorization\": \"Splunk \"+token}
+sourcetype = \"$3\"
+eventBatch = \"\"
+workflowID=\"$5\"
+source=\"$4\"
+host=\"$HOSTNAME\"
+
+for line in Lines:
+    count+=1
+    timestamp = re.search(\"\d{4}-\d{2}-\d{2}T\d+:\d+:\d+.\d+Z\",line.strip())
+    timestamp = re.sub(\"\dZ\",\"\",timestamp.group())
+    timestamp = datetime.strptime(timestamp,\"%Y-%m-%dT%H:%M:%S.%f\")
+    timestamp = (timestamp - datetime(1970,1,1)).total_seconds()
+    x = re.sub(\"\d{4}-\d{2}-\d{2}T\d+:\d+:\d+.\d+Z\",\"\",line.strip())
+    x=x.strip()
+    fields = {'lineNumber':count,'workflowID':workflowID}
+    if x:
+        batch+=1
+        event={'event':x,'sourcetype':sourcetype,'source':source,'host':host,'time':timestamp,'fields':fields}
+        eventBatch=eventBatch+json.dumps(event)
+    else:
+        print(\"skipped line \"+str(count))
+
+    if batch>=1000:
+        batch=0
+        x=requests.post(url, data=eventBatch, headers=headers)
+        eventBatch=\"\"
+
+x=requests.post(url, data=eventBatch, headers=headers)" > t.py
+python3 t.py