Will continue to populate data if Humio errors.

corelight · May 27, 2022 · 7674131 · 7674131
1 parent 52f1842
commit 7674131
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/CHANGES b/CHANGES
@@ -1,3 +1,4 @@
+v0.3.12         Will continue to populate data after a Humio error.
 v0.3.11         Added Humio support.
 v0.3.10         Improved Docker components.
 v0.3.9          Fixed a variable check when there is no output.

diff --git a/zeek2es.py b/zeek2es.py
@@ -10,6 +10,7 @@
 import re
 import argparse
 import random
+import time
 # Making these available for lambda filter input.
 import ipaddress
 import os
@@ -86,7 +87,14 @@ def sendbulk(args, outstring, es_index, filename):
         # Send to Humio
         Headers = { "Authorization" : "Bearer "+args['humio'][1] }
         data = [{"messages" : outstring.strip().split('\n') }]
-        r = requests.post(args['humio'][0]+'/api/v1/ingest/humio-unstructured', headers=Headers, json=data)
+        while True:
+            try:
+                r = requests.post(args['humio'][0]+'/api/v1/ingest/humio-unstructured', headers=Headers, json=data)
+                break
+            except Exception as exc:
+                if not args['supresswarnings']:
+                    print("WARNING, Humio error: {}".format(exc))
+                time.sleep(1)
 
 # A function to send the datastream info to ES.
 def senddatastream(args, es_index, mappings):