Increase default Splunk HEC response timeout to 60 seconds

2026-04-10 23:58:54 +00:00 · 2018-12-19 17:15:38 -05:00
parent cbe554ae5f
commit fe73f21df4
2 changed files with 11 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@

 - Bugfix: Crash when parsing invalid forensic reports (#38)
 - Bugfix: Crash when IMAp connection is lost
+- Increase default Splunk HEC response timeout to 60 seconds

 5.1.0
 -----
--- a/parsedmarc/splunk.py
+++ b/parsedmarc/splunk.py
@@ -25,7 +25,7 @@ class HECClient(object):
    # http://docs.splunk.com/Documentation/Splunk/latest/RESTREF/RESTinput#services.2Fcollector

    def __init__(self, url, access_token, index,
-                 source="parsedmarc", verify=True):
+                 source="parsedmarc", verify=True, timeout=60):
        """
        Initializes the HECClient
        Args:
@@ -34,6 +34,8 @@ class HECClient(object):
            index (str): The name of the index
            source (str): The source name
            verify (bool): Verify SSL certificates
+            timeout (float): Number of seconds to wait for the server to send
+            data before giving up
        """
        url = urlparse(url)
        self.url = "{0}://{1}/services/collector/event/1.0".format(url.scheme,
@@ -43,6 +45,7 @@ class HECClient(object):
        self.host = socket.getfqdn()
        self.source = source
        self.session = requests.Session()
+        self.timeout = timeout
        self.session.verify = verify
        self._common_data = dict(host=self.host, source=self.source,
                                 index=self.index)
@@ -111,7 +114,9 @@ class HECClient(object):
        if not self.session.verify:
            logger.debug("Skipping certificate verification for Splunk HEC")
        try:
-            response = self.session.post(self.url, data=json_str).json()
+            response = self.session.post(self.url, data=json_str,
+                                         timeout=self.timeout)
+            response = response.json()
        except Exception as e:
            raise SplunkError(e.__str__())
        if response["code"] != 0:
@@ -124,7 +129,6 @@ class HECClient(object):
        Args:
            forensic_reports (list):  A list of forensic report dictionaries
            to save in Splunk
-
        """
        logger.debug("Saving forensic reports to Splunk")
        if type(forensic_reports) == dict:
@@ -146,7 +150,9 @@ class HECClient(object):
        if not self.session.verify:
            logger.debug("Skipping certificate verification for Splunk HEC")
        try:
-            response = self.session.post(self.url, data=json_str).json()
+            response = self.session.post(self.url, data=json_str,
+                                         timeout=self.timeout)
+            response = response.json()
        except Exception as e:
            raise SplunkError(e.__str__())
        if response["code"] != 0: