Skip to content

feat: add reliable batched HEC delivery#3

Draft
alexb-splunk wants to merge 5 commits into
mainfrom
codex/v1.1-hec-delivery
Draft

feat: add reliable batched HEC delivery#3
alexb-splunk wants to merge 5 commits into
mainfrom
codex/v1.1-hec-delivery

Conversation

@alexb-splunk

Copy link
Copy Markdown
Collaborator

Summary

  • send HecForwarder.forward_events() payloads as one concatenated HEC JSON request
  • add opt-in blocking indexer acknowledgment with a persistent request channel and typed failures
  • add BatchHecForwarder, a bounded in-memory queue with count/byte batching, timed and explicit flushing, backpressure, and fail-closed worker errors
  • let HecHandler opt into the batch forwarder while preserving its synchronous default
  • fix retry handling so a successful retry response is returned to the caller
  • add context manager support and explicit lifecycle documentation

This is intended to produce the v1.1.0 feature release. It preserves the Python 3.9 floor and existing method signatures/default behavior.

The request and acknowledgment behavior follows the current Splunk documentation:

Validation

  • uv --no-config run --no-sync tox -e lint
  • Python 3.9: 37 unit tests passed
  • Python 3.14: 37 unit tests passed
  • source distribution and wheel build passed
  • local PEP 723 smoke harness syntax and lint checks passed

Draft readiness gate

The live HEC smoke suite has intentionally not been run yet. Keep this PR in draft until .local/hec_smoke.py passes against an ephemeral Splunk instance, including exact event counts, duplicate detection, and the optional indexer-acknowledgment cases.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant