From 8aee285464c30d1af03fdfbf1dcbdf784b5ace33 Mon Sep 17 00:00:00 2001 From: Hiroshi Hatake Date: Tue, 28 May 2024 14:50:56 +0900 Subject: [PATCH] in_splunk: Store HEC token on enabled HTTP2 and raw endpoints Signed-off-by: Hiroshi Hatake --- plugins/in_splunk/splunk_prot.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c index 7b26be6948b..f59ebddc330 100644 --- a/plugins/in_splunk/splunk_prot.c +++ b/plugins/in_splunk/splunk_prot.c @@ -961,6 +961,10 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request, flb_sds_t tag, struct flb_splunk *ctx) { + int ret = 0; + size_t size = 0; + char *auth_header; + if (request->content_type == NULL) { send_response_ng(response, 400, "error: header 'Content-Type' is not set\n"); @@ -971,6 +975,11 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request, flb_plg_debug(ctx->ins, "Mark as unknown type for ingested payloads"); } + ret = flb_hash_table_get(request->headers, "authorization", 13, (void **)&auth_header, &size); + if (ret != 0) { + ctx->ingested_auth_header = auth_header; + } + if (request->body == NULL || cfl_sds_len(request->body) == 0) { send_response_ng(response, 400, "error: no payload found\n");