public void ExtractAttributes(MessageDataItem message)
{
if (message.AttributeExists(InputAttribute) && !message.AttributeExists(OutputAttribute))
{
try
{
IPAddress hostIPAddress = IPAddress.Parse(message.GetAttributeAsString(InputAttribute));
IPHostEntry hostInfo = Dns.GetHostEntry(hostIPAddress);
message.AddAttribute(OutputAttribute, hostInfo.HostName);
}
catch
{
// none
}
}
}
private string GetHost(MessageDataItem msg)
{
try
{
return(msg.GetAttributeAsString(outputConfiguration.FieldMappings.HostAttribute));
}
catch
{
if (outputConfiguration.EventMetadataDefaults.Host != null)
{
return(outputConfiguration.EventMetadataDefaults.Host);
}
ServerLogger?.LogEvent(this, Severity.Warning, "SplunkHEC", "Failed to get host from message and no default host, using localhost instead.");
return("localhost");
}
}
private string GetSource(MessageDataItem msg)
{
try
{
return(msg.GetAttributeAsString(outputConfiguration.FieldMappings.SourceAttribute));
}
catch
{
if (outputConfiguration.EventMetadataDefaults.Source != null)
{
return(outputConfiguration.EventMetadataDefaults.Source);
}
ServerLogger?.LogEvent(this, Severity.Warning, "SplunkHEC", "Failed to get source from message and no default source set, using none instead.");
return("none");
}
}
private string GetIndex(MessageDataItem msg)
{
try
{
return(msg.GetAttributeAsString(outputConfiguration.FieldMappings.IndexAttribute));
}
catch
{
if (outputConfiguration.EventMetadataDefaults.Index != null)
{
return(outputConfiguration.EventMetadataDefaults.Index);
}
ServerLogger?.LogEvent(this, Severity.Warning, "SplunkHEC", "Failed to get index from message and no default index set, using main index instead.");
return("main");
}
}
