class SemanticLogger::Appender::Splunk

def call(log, logger)

http://dev.splunk.com/view/event-collector/SP-CAAAE6P
For splunk format requirements see:

Returns [Hash] To send to Splunk.

def call(log, logger)
  h = SemanticLogger::Formatters::Raw.new.call(log, logger)
  h.delete(:time)
  message = {
    source:  logger.application,
    host:    logger.host,
    time:    log.time.utc.to_f,
    message: h.delete(:message),
    event:   h
  }
  message[:environment] = logger.environment if logger.environment
  message[:sourcetype]  = source_type if source_type
  message
end

def initialize(index: "main", source_type: nil, **args, &block)

The Proc must return true or false.
Proc: Only include log messages where the supplied Proc returns true
regular expression. All other messages will be ignored.
RegExp: Only include log messages where the class name matches the supplied.
filter: [Regexp|Proc]

Default: Use the built-in formatter (See: #call)
the output from this appender
An instance of a class that implements #call, or a Proc to be used to format
formatter: [Object|Proc]

Default: SemanticLogger.default_level
Override the log level for this appender.
level: [:trace | :debug | :info | :warn | :error | :fatal]

Default: SemanticLogger.host
Name of this host to appear in log messages.
host: [String]

Default: SemanticLogger.application
The :source forwarded to Splunk
application: [String]

Optional: Source type to display in Splunk
source_type: [String]

Client key.
:ssl_client_key [OpenSSL::PKey::RSA | OpenSSL::PKey::DSA]

Client certificate.
:ssl_client_cert [OpenSSL::X509::Certificate]

Application namespace instance.
:namespace [Namespace]

Default: 'main'
Splunk index to use.
:index [String]

Default: :https
Either :https or :http
:scheme [Symbol]

Default: 8089
The Splunk management port.
:port [Integer]

Default: 'localhost'
Splunk server host name.
:host [String]

Not required if username and password are supplied.
Supply a preauthenticated Splunk token instead of username and password.
:token

Not required if :token has been supplied.
Password to log into splunk with.
:password [String]

Not required if :token has been supplied.
User name to log into splunk with.
:username [String]
Parameters

Write to Splunk.

def initialize(index: "main", source_type: nil, **args, &block)
  @index       = index
  @source_type = source_type
  super(**args, &block)
  reopen
end

def log(log)

Log the message to Splunk

def log(log)
  event = formatter.call(log, self)
  service_index.submit(event.delete(:message), event)
  true
end

def reopen

open the handles to resources
After forking an active process call #reopen to re-open

def reopen
  # Connect to splunk. Connect is a synonym for creating a Service by hand and calling login.
  @service = ::Splunk.connect(config)
  # The index we are logging to
  @service_index = service.indexes[index]
end