in_splunk: Store HEC token on enabled HTTP2 and raw endpoints

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
fluent · Jun 2, 2024 · 8aee285 · 8aee285
1 parent ea7b9f4
commit 8aee285
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c
@@ -961,6 +961,10 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request,
                                       flb_sds_t tag,
                                       struct flb_splunk *ctx)
 {
+    int ret = 0;
+    size_t size = 0;
+    char *auth_header;
+
     if (request->content_type == NULL) {
         send_response_ng(response, 400, "error: header 'Content-Type' is not set\n");
 
@@ -971,6 +975,11 @@ static int process_hec_raw_payload_ng(struct flb_http_request *request,
         flb_plg_debug(ctx->ins, "Mark as unknown type for ingested payloads");
     }
 
+    ret = flb_hash_table_get(request->headers, "authorization", 13, (void **)&auth_header, &size);
+    if (ret != 0) {
+        ctx->ingested_auth_header = auth_header;
+    }
+
     if (request->body == NULL || cfl_sds_len(request->body) == 0) {
         send_response_ng(response, 400, "error: no payload found\n");