splunk · renovate · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024 · Sep 18, 2024
@@ -18,7 +18,7 @@ jobs:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
         # Alpha Release
-        uses: contributor-assistant/github-action@v2.4.0
+        uses: contributor-assistant/github-action@v2.6.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret
@@ -43,7 +43,7 @@ jobs:
       - name: "COC Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the Code of Conduct and I hereby accept the Terms') || github.event_name == 'pull_request_target'
         # Alpha Release
-        uses: contributor-assistant/github-action@v2.4.0
+        uses: contributor-assistant/github-action@v2.6.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret

@@ -86,7 +86,7 @@ jobs:
             type=ref,event=tag
       - name: matrix
         id: matrix
-        uses: splunk/addonfactory-test-matrix-action@v1.13.1
+        uses: splunk/addonfactory-test-matrix-action@v2.1.8
 
   security-fossa-scan:
     continue-on-error: true

@@ -86,7 +86,7 @@ jobs:
             type=ref,event=tag
       - name: matrix
         id: matrix
-        uses: splunk/addonfactory-test-matrix-action@v1.13.1
+        uses: splunk/addonfactory-test-matrix-action@v2.1.8
 
   security-fossa-scan:
     continue-on-error: true

@@ -277,6 +277,16 @@ A syntax error will cause the runtime process to abort in the "preflight" phase
 
 To update your changes, restart SC4S.
 
+### Set source value as 'sc4s'
+
+User can set the source field value to 'sc4s' by using the `SC4S_SET_SOURCE_AS_SC4S` variable.
+
+**Note:** If the source field value is specified in a local parser or the splunk_metadata.csv file, it will take precedence over the `SC4S_SET_SOURCE_AS_SC4S` variable and overwrite the source field value.
+
+| Variable | Values        | Description |
+|----------|---------------|-------------|
+| SC4S_SET_SOURCE_AS_SC4S | yes or no(default) | Set the source field value to 'sc4s'. |
+
 ## Drop all data by IP or subnet (deprecated)
 
 Using `vendor_product_by_source` to null queue is now a deprecated task. See the supported method for dropping data in [Filtering events from output](https://splunk.github.io/splunk-connect-for-syslog/main/sources/#filtering-events-from-output).

@@ -288,6 +288,11 @@ source s_{{ port_id }} {
             };
         };
 
+        {%- if set_source_sc4s == True %}
+            rewrite {
+                set("sc4s", value(".splunk.source"));
+            };
+        {%- endif %}
 
         rewrite {
             set($FACILITY, value("fields.sc4s_syslog_facility") condition(match('facility' template('`SC4S_DEST_SPLUNK_INDEXED_FIELDS`') type(string) flags(substring))));
@@ -475,6 +480,12 @@ source s_{{ port_id }} {
             parser(app-group-sc4s-fallback);
         };
 
+        {%- if set_source_sc4s == True %}
+            rewrite {
+                set("sc4s", value(".splunk.source"));
+            };
+        {%- endif %}
+
         rewrite {
             set($FACILITY, value("fields.sc4s_syslog_facility") condition(match('facility' template('`SC4S_DEST_SPLUNK_INDEXED_FIELDS`') type(string) flags(substring))));
             set($LEVEL, value("fields.sc4s_syslog_severity") condition(match('severity' template('`SC4S_DEST_SPLUNK_INDEXED_FIELDS`') type(string) flags(substring)) ));

@@ -133,5 +133,6 @@ def normalize_env_variable_input(env_variable: str):
         ebpf_no_sockets=int(os.getenv("SC4S_EBPF_NO_SOCKETS", 4)),
         enable_parallelize=normalize_env_variable_input(f"SC4S_ENABLE_PARALLELIZE"),
         parallelize_no_partitions=int(os.getenv(f"SC4S_PARALLELIZE_NO_PARTITION", 4)),
+        set_source_sc4s=normalize_env_variable_input("SC4S_SET_SOURCE_AS_SC4S"),
     )
     print(outputText)
@@ -11,8 +11,8 @@ Jinja2 = "^3.1.3"
 sqlitedict = "^2.0.0"
 requests = "^2.28.1"
 shortuuid = "^1.0.11"
-pyyaml = "6.0.1"
-setuptools = "70.0.0"
+pyyaml = "6.0.2"
+setuptools = "^73.0.1"
 
 
 [tool.poetry.group.dev.dependencies]
@@ -23,7 +23,7 @@ splunk-sdk = "^2.0.0"
 flake8 = "^7.0.0"
 pytz = "^2022.4"
 flaky = "^3.7.0"
-lovely-pytest-docker = "^0.3.0"
+lovely-pytest-docker = "^1.0.0"
 pathlib2 = "^2.3.7"
 requests = "^2.28.1"
 junit-xml = "^1.9"