output splunk plugin: add possibility to set source with record key

plugins/out_splunk/splunk.c

@@ -269,6 +269,7 @@ static int pack_map_meta(struct flb_splunk *ctx,
                          char *tag, int tag_len)
 {
     int index_key_set = FLB_FALSE;
+    int source_key_set = FLB_FALSE;
     int sourcetype_key_set = FLB_FALSE;
     flb_sds_t str;
     struct mk_list *head;
@@ -294,11 +295,13 @@ static int pack_map_meta(struct flb_splunk *ctx,
         }
     }
 
-    /* event source */
-    if (ctx->event_source) {
-        str = flb_ra_translate(ctx->ra_event_source, tag, tag_len,
+
+    /* event source (key lookup) */
+    if (ctx->event_source_key) {
+        str = flb_ra_translate(ctx->ra_event_source_key, tag, tag_len,
                                map, NULL);
         if (str) {
+            /* source_key was found */
             if (flb_sds_len(str) > 0) {
                 flb_mp_map_header_append(mh);
                 msgpack_pack_str(mp_pck, sizeof(FLB_SPLUNK_DEFAULT_EVENT_SOURCE) -1);
@@ -307,11 +310,25 @@ static int pack_map_meta(struct flb_splunk *ctx,
                                       sizeof(FLB_SPLUNK_DEFAULT_EVENT_SOURCE) - 1);
                 msgpack_pack_str(mp_pck, flb_sds_len(str));
                 msgpack_pack_str_body(mp_pck, str, flb_sds_len(str));
+                source_key_set = FLB_TRUE;
             }
             flb_sds_destroy(str);
         }
+        /* If not found, it will fallback to the value set in event_source */
+    }
+
+    if (source_key_set == FLB_FALSE && ctx->event_source) {
+        flb_mp_map_header_append(mh);
+        msgpack_pack_str(mp_pck, sizeof(FLB_SPLUNK_DEFAULT_EVENT_SOURCE) -1);
+        msgpack_pack_str_body(mp_pck,
+                              FLB_SPLUNK_DEFAULT_EVENT_SOURCE,
+                              sizeof(FLB_SPLUNK_DEFAULT_EVENT_SOURCE) - 1);
+        msgpack_pack_str(mp_pck, flb_sds_len(ctx->event_source));
+        msgpack_pack_str_body(mp_pck,
+                              ctx->event_source, flb_sds_len(ctx->event_source));
     }
 
+
     /* event sourcetype (key lookup) */
     if (ctx->event_sourcetype_key) {
         str = flb_ra_translate(ctx->ra_event_sourcetype_key, tag, tag_len,
@@ -1117,6 +1134,13 @@ static struct flb_config_map config_map[] = {
      "Set the source value to assign to the event data."
     },
 
+    {
+     FLB_CONFIG_MAP_STR, "event_source_key", NULL,
+     0, FLB_TRUE, offsetof(struct flb_splunk, event_source_key),
+     "Set a record key that will populate 'source'. If the key is found, it will "
+     "have precedence over the value set in 'event_source'."
+    },
+
     {
      FLB_CONFIG_MAP_STR, "event_sourcetype", NULL,
      0, FLB_TRUE, offsetof(struct flb_splunk, event_sourcetype),

plugins/out_splunk/splunk.h

@@ -62,7 +62,11 @@ struct flb_splunk {
 
     /* Event source */
     flb_sds_t event_source;
-    struct flb_record_accessor *ra_event_source;
+
+       /* Event source record key */
+    flb_sds_t event_source_key;
+    struct flb_record_accessor *ra_event_source_key;
+
 
     /*
      * NOTE: EVENT SOURCE

plugins/out_splunk/splunk_conf.c

@@ -195,26 +195,27 @@ struct flb_splunk *flb_splunk_conf_create(struct flb_output_instance *ins,
         }
     }
 
-    /* Event source */
-    if (ctx->event_source) {
-        ctx->ra_event_source = flb_ra_create(ctx->event_source, FLB_TRUE);
-        if (!ctx->ra_event_source) {
+    /* Event source (key lookup) */
+    if (ctx->event_source_key) {
+        ctx->ra_event_source_key = flb_ra_create(ctx->event_source_key, FLB_TRUE);
+        if (!ctx->ra_event_source_key) {
             flb_plg_error(ctx->ins,
-                          "cannot create record accessor for event_source pattern: '%s'",
-                          ctx->event_host);
+                          "cannot create record accessor for "
+                          "event_source_key pattern: '%s'",
+                          ctx->event_source_key);
             flb_splunk_conf_destroy(ctx);
             return NULL;
         }
     }
 
-    /* Event source (key lookup) */
+    /* Event sourcetype (key lookup) */
     if (ctx->event_sourcetype_key) {
         ctx->ra_event_sourcetype_key = flb_ra_create(ctx->event_sourcetype_key, FLB_TRUE);
         if (!ctx->ra_event_sourcetype_key) {
             flb_plg_error(ctx->ins,
                           "cannot create record accessor for "
                           "event_sourcetype_key pattern: '%s'",
-                          ctx->event_host);
+                          ctx->event_sourcetype_key);
             flb_splunk_conf_destroy(ctx);
             return NULL;
         }
@@ -227,7 +228,7 @@ struct flb_splunk *flb_splunk_conf_create(struct flb_output_instance *ins,
             flb_plg_error(ctx->ins,
                           "cannot create record accessor for "
                           "event_index_key pattern: '%s'",
-                          ctx->event_host);
+                          ctx->event_index_key);
             flb_splunk_conf_destroy(ctx);
             return NULL;
         }
@@ -273,7 +274,7 @@ struct flb_splunk *flb_splunk_conf_create(struct flb_output_instance *ins,
             flb_plg_error(ctx->ins,
                           "cannot create record accessor for "
                           "metadata_auth_key pattern: '%s'",
-                          ctx->event_host);
+                          ctx->metadata_auth_key);
             flb_splunk_conf_destroy(ctx);
             return NULL;
         }
@@ -312,8 +313,8 @@ int flb_splunk_conf_destroy(struct flb_splunk *ctx)
         flb_ra_destroy(ctx->ra_event_host);
     }
 
-    if (ctx->ra_event_source) {
-        flb_ra_destroy(ctx->ra_event_source);
+    if (ctx->ra_event_source_key) {
+        flb_ra_destroy(ctx->ra_event_source_key);
     }
 
     if (ctx->ra_event_sourcetype_key) {