public class Event extends Object
Event
class represents an event or fragment of an event to be written by this modular input to Splunk.
To write an Event
to an XML stream, call its writeTo
method with an XMLStreamWriter
object to write to.
The Event
must have at least the data field set or writeTo
will throw a MalformedDataException
. All other
fields are optional. If you omit the time field, the writeTo
method will fill in the current time when it is called.
Typically, you will also want to call setStanza
to specify which instance of the modular input kind this event
should go to, setTime
to set the timestamp, and setSource
, setHost
, and setSourceType
specify where this event came from.Modifier and Type | Field and Description |
---|---|
protected String |
data |
protected boolean |
done |
protected String |
host |
protected String |
index |
protected String |
source |
protected String |
sourceType |
protected String |
stanza |
protected Date |
time |
protected boolean |
unbroken |
Constructor and Description |
---|
Event() |
Modifier and Type | Method and Description |
---|---|
String |
getData()
Gets the text of the event that Splunk should index.
|
String |
getHost()
Gets a host specifying the name of the network host on which this event was produced.
|
String |
getIndex()
Gets an index field specifying which index Splunk should write this event to.
|
String |
getSource()
Gets the file, service, or other producer that this
Event comes from. |
String |
getSourceType()
Gets a classification of this event.
|
String |
getStanza()
Gets the name of the input this event should be sent to.
|
Date |
getTime()
Gets a
java.util.Date object giving the timestamp that should be sent with this event. |
boolean |
isDone()
Gets a value indicating whether this is the last piece of an event broken across multiple
Event objects. |
boolean |
isUnbroken()
Gets a value indicating whether this event is completely encapsulated in this
Event object. |
void |
setData(String data)
Sets the text of the event that Splunk should index.
|
void |
setDone(boolean done)
Sets a value indicating whether this is the last piece of an event broken across multiple
Event objects. |
void |
setHost(String host)
Sets a host specifying the name of the network host on which this event was produced.
|
void |
setIndex(String index)
Sets an index field specifying which index Splunk should write this event to.
|
void |
setSource(String source)
Sets the file, service, or other producer that this
Event comes from. |
void |
setSourceType(String sourceType)
Sets a classification of this event.
|
void |
setStanza(String stanza)
Sets the name of the input this event should be sent to.
|
void |
setTime(Date time)
Sets a
java.util.Date object giving the timestamp that should be sent with this event. |
void |
setUnbroken(boolean unbroken)
Sets a value indicating whether this event is completely encapsulated in this
Event object. |
protected void |
writeFieldTo(XMLStreamWriter out,
String name,
String value) |
void |
writeTo(XMLStreamWriter out)
Writes this event to the given
XMLStreamWriter . |
protected Date time
protected String data
protected String source
protected String sourceType
protected String index
protected String host
protected boolean done
protected boolean unbroken
protected String stanza
protected void writeFieldTo(XMLStreamWriter out, String name, String value) throws XMLStreamException
XMLStreamException
public void writeTo(XMLStreamWriter out) throws XMLStreamException, MalformedDataException
XMLStreamWriter
.out
- The XMLStreamWriter
to append to.XMLStreamException
- if there is a problem in the XMLStreamWriter
.MalformedDataException
- if you have not specified data for this event.public Date getTime()
java.util.Date
object giving the timestamp that should be sent with this event. If this field is null,
Splunk will assign the time at which the event is indexed as its timestamp.java.util.Date
object giving the time assigned to this Event, or null if Splunk should apply a default
timestamp.public void setTime(Date time)
java.util.Date
object giving the timestamp that should be sent with this event. If this field is null,
Splunk will assign the time at which the event is indexed as its timestamp.time
- The java.util.Date
which should be used as this event's timestamp, or null to have Splunk use a
default timestamp.public String getData()
public void setData(String data)
data
- A String containing the event text.public String getSource()
Event
comes from. For lines in log files, it is
typically the full path to the log file. If it is omitted, Splunk will guess a sensible name for the source.public void setSource(String source)
Event
comes from. For lines in log files, it is
typically the full path to the log file. If it is omitted, Splunk will guess a sensible name for the source.source
- A String to be used as the source of this event, or null to have Splunk guess.public String getSourceType()
public void setSourceType(String sourceType)
sourceType
- A String to use as the source type for this event, or null to have Splunk guess.public String getIndex()
public void setIndex(String index)
index
- The name of the index to write to, or null to have Splunk write to the default index.public String getHost()
public void setHost(String host)
host
- A String giving the host name of the event source, or null to use the host Splunk receives
the event from.public void setDone(boolean done)
Event
objects.
Splunk allows events from modular inputs to be sent in pieces. For example, if lines of an event become available
one at a time, they can be sent (in events with setUnbroken(false)
called on them) as hunks. At the end of the
event, you must manually tell Splunk to break after this hunk by setting done to true. Then the next event
received will be taken to be part of another event.
By default, done is true
and unbroken is true
, so if you do not touch these fields, you will send one complete
event per Event
object.done
- Is this the last hunk of an event broken across multiple Event
objects?public boolean isDone()
Event
objects.
Splunk allows events from modular inputs to be sent in pieces. For example, if lines of an event become available
one at a time, they can be sent (in events with setUnbroken(false) called on them) as hunks. At the end of the
event, you must manually tell Splunk to break after this hunk by setting done to true. Then the next event
received will be taken to be part of another event.
By default, done is true
and unbroken is true
, so if you do not touch these fields, you will send one complete
event per Event
object.Event
objects?public void setUnbroken(boolean unbroken)
Event
object.
Splunk allows events from modular inputs to be sent in pieces. If unbroken is set to true
, then this event is
assumed to be a complete event, not a piece of one. By default, unbroken is true
. If you set unbroken to false
,
you need to call setDone(true)
on the last hunk of the complete event for Splunk to know to terminate it.unbroken
- Is this event completely encapsulated in this Event
object?public boolean isUnbroken()
Event
object.
Splunk allows events from modular inputs to be sent in pieces. If unbroken is set to true
, then this event is
assumed to be a complete event, not a piece of one. By default, unbroken is true
. If you set unbroken to false
,
you need to call setDone(true)
on the last hunk of the complete event for Splunk to know to terminate it.Event
object?public String getStanza()
public void setStanza(String stanza)
stanza
- The name of the input this event should be sent to.Copyright © 2022 Splunk, Inc.. All rights reserved.