in_splunk: Extract x-forwarded-for as a remote_addr record

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>

Author: cosmo0920

plugins/in_splunk/splunk.c

@@ -261,6 +261,16 @@ static struct flb_config_map config_map[] = {
      0, FLB_TRUE, offsetof(struct flb_splunk, tag_key),
      ""
     },
+    {
+     FLB_CONFIG_MAP_BOOL, "add_remote_addr", "false",
+     0, FLB_TRUE, offsetof(struct flb_splunk, add_remote_addr),
+     "Inject a remote address using the X-Forwarded-For header or connection address"
+    },
+    {
+     FLB_CONFIG_MAP_STR, "remote_addr_key", "remote_addr",
+     0, FLB_TRUE, offsetof(struct flb_splunk, remote_addr_key),
+     "Set a record key for storing the remote address"
+    },
 
 
     /* EOF */

plugins/in_splunk/splunk.h

@@ -54,6 +54,8 @@ struct flb_splunk {
     size_t ingested_auth_header_len;
     int store_token_in_metadata;
     flb_sds_t store_token_key;
+    int add_remote_addr;
+    flb_sds_t remote_addr_key;
 
     struct flb_log_event_encoder log_encoder;
 
@@ -71,6 +73,10 @@ struct flb_splunk {
     struct flb_downstream *downstream; /* Client manager */
     struct mk_list connections;        /* linked list of connections */
     struct mk_server *server;
+
+    /* Remote address */
+    flb_sds_t current_remote_addr;
+    size_t current_remote_addr_len;
 };
 
 

plugins/in_splunk/splunk_config.c

@@ -146,6 +146,9 @@ struct flb_splunk *splunk_config_create(struct flb_input_instance *ins)
 
     ctx->ingested_auth_header = NULL;
 
+    ctx->current_remote_addr = NULL;
+    ctx->current_remote_addr_len = 0;
+
     ret = setup_hec_tokens(ctx);
     if (ret != 0) {
         splunk_config_destroy(ctx);