chore(deps): update dependency splunk-sdk to v2.1.1 - abandoned

ansible/resources/env_file

@@ -1,4 +1,4 @@
-SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=http://xxx.xxx.xxx.xxx:8088
+SC4S_DEST_SPLUNK_HEC_DEFAULT_URL=https://xxx.xxx.xxx.xxx:8088
 SC4S_DEST_SPLUNK_HEC_DEFAULT_TOKEN=xxxxxxxxxxxxxxxxxx
 #Uncomment the following line if using untrusted SSL certificates
 #SC4S_DEST_SPLUNK_HEC_DEFAULT_TLS_VERIFY=no

docs/gettingstarted/ansible-docker-podman.md

@@ -23,16 +23,16 @@ docker exec -it ansible_sc4s /bin/bash
 
 * To authenticate with username and password:
 ``` bash 
-ansible-playbook -i path/to/inventory.yaml -u <username> --ask-pass path/to/playbooks/docker.yml
+ansible-playbook -i ansible/inventory/inventory.yaml -u <username> --ask-pass ansible/playbooks/playbooks/docker.yml
 or
-ansible-playbook -i path/to/inventory.yaml -u <username> --ask-pass path/to/playbooks/podman.yml
+ansible-playbook -i ansible/inventory/inventory.yaml -u <username> --ask-pass ansible/playbooks/playbooks/podman.yml
 
 ```
 * To authenticate using a key pair:
 ``` bash 
-ansible-playbook -i path/to/inventory.yaml -u <username> --key-file <key_file> path/to/playbooks/docker.yml
+ansible-playbook -i ansible/inventory/inventory.yaml -u <username> --key-file <key_file> ansible/playbooks/playbooks/docker.yml
 or
-ansible-playbook -i path/to/inventory.yaml -u <username> --key-file <key_file> path/to/playbooks/podman.yml
+ansible-playbook -i ansible/inventory/inventory.yaml -u <username> --key-file <key_file> ansible/playbooks/playbooks/podman.yml
 ```
 
 # Step 3: Validate your configuration

docs/gettingstarted/ansible-docker-swarm.md

@@ -51,7 +51,7 @@ ansible-playbook -i path/to/inventory_swarm.yaml -u <username> --key-file <key_f
 |sc4s    | 1        | Swarm        |
 
 * To scale your number of services:
-```sudo docker service update --replicas 2 sc4s_sc4s```
+```sudo docker service update --replicas 2 SC4S_sc4s```
 
 * To see services running in a given stack: 
 ```sudo docker stack services sc4s```

docs/gettingstarted/eks.md

@@ -0,0 +1,106 @@
+You can install SC4S on AWS with EKS. To do this, you can use a deployment file and a basic configuration information.
+
+Refer to AWS [documentation](https://docs.aws.amazon.com/eks/latest/userguide/sample-deployment.html) on how to set up your AWS environment. 
+
+Before you begin you also need to have `kubectl` installed.
+
+# Prepare your initial configuration
+1. First create a file named `/opt/sc4s/env_file` and add the following environment variables and values:
+
+``` dotenv
+--8<---- "ansible/resources/env_file"
+```
+Then create a configmap with variables provided in the file
+```
+kubectl create configmap sc4s-config --from-env-file=/opt/sc4s/env_file -n sc4s
+```
+
+2. Create a deployment configuration file based on this:
+``` yaml
+--8<---- "docs/resources/docker/sc4s_deployment.yaml"
+```
+
+Please note that this file may need to be modified based on your requirements, such as the ports being used.
+You can view the default range of ports opened by the nodePort [here](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
+
+3. (Optioinal) To use local filters you have to load them into a configmap, and uncomment parts of the deployment file related to them:
+
+```
+kubectl create configmap sc4s-local-filter-config \                  
+  --from-file=/opt/sc4s/local/config/app_parsers  -n sc4s
+```
+
+This loads files from app_parsers directory only, [here](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/#create-configmaps-from-files) is the documentation explaining other use cases.
+
+# Deploy SC4S with your configuration
+1. To run SC4S simply run this command in the directory where your deployment file is located:
+```bash
+kubectl apply -f sc4s_deployment.yaml
+```
+
+You can use a load balancer with SC4S, to set it up properly refer to our [documentation](../architecture/lb/index.md).
+
+2. You can use following commands to check if SC4S deployment and NodePort service is running.
+
+To get pods:
+```bash
+kubectl get pods -n sc4s
+```
+
+To get NodePort service:
+```bash
+kubectl get services -n sc4s
+```
+
+Check the logs using this command:
+```bash
+kubectl logs {your_pod_name} -n sc4s
+```
+
+You should see something like this:
+```ini
+SC4S_ENV_CHECK_HEC: Splunk HEC connection test successful to index=main for sourcetype=sc4s:fallback...
+SC4S_ENV_CHECK_HEC: Splunk HEC connection test successful to index=main for sourcetype=sc4s:events...
+syslog-ng checking config
+sc4s version=3.37.0
+Configuring the health check port to: 8080
+[2025-08-01 17:40:50 +0000] [130] [INFO] Starting gunicorn 23.0.0
+[2025-08-01 17:40:50 +0000] [130] [INFO] Listening at: http://0.0.0.0:8080 (130)
+[2025-08-01 17:40:50 +0000] [130] [INFO] Using worker: sync
+[2025-08-01 17:40:50 +0000] [133] [INFO] Booting worker with pid: 133
+starting syslog-ng
+```
+
+If the pod does not start you can debug it with this command:
+```bash
+kubectl describe pod {your_pod_name} -n sc4s
+```
+
+3. You can use following commands to check if SC4S deployment and NodePort service is running.
+
+
+# Validate your configuration
+
+SC4S performs checks to ensure that the container starts properly and that the syntax of the underlying syslog-ng
+configuration is correct. Once the checks are complete, validate that SC4S properly communicate with Splunk.
+To do this, execute the following search in Splunk:
+
+```ini
+index=* sourcetype=sc4s:events "starting up"
+```
+
+# Update SC4S 
+Whenever the image is upgraded or when you want your configuration changes to be applied, run the command:
+
+```bash
+kubectl apply -f sc4s_deployment.yaml
+```
+
+Kubectl will detect if there are any changes to be made and rollout new pods if necessary.
+
+# Stop SC4S
+
+To delete the deployment run this command in the directory where your deployment file is located:
+```bash
+kubectl delete -f sc4s_deployment.yaml
+```

docs/resources/docker/sc4s_deployment.yaml

@@ -0,0 +1,85 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sc4s-deployment
+  namespace: sc4s
+  labels:
+    app: sc4s-app
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: sc4s-app
+  template:
+    metadata:
+      labels:
+        app: sc4s-app
+    spec:
+      volumes:
+      - name: config-volume
+        configMap:
+          name: sc4s-config
+      # Uncomment only if local parser used
+      # - name: local-filter-config
+      #   configMap:
+      #     name: sc4s-local-filter-config 
+
+      containers:
+      - name: sc4s
+        image: ghcr.io/splunk/splunk-connect-for-syslog/container3:latest
+        imagePullPolicy: IfNotPresent
+
+        resources:  
+          requests:
+            cpu: "500m"
+            memory: "512Mi"
+          limits:
+            cpu: "2000m"
+            memory: "2Gi"
+
+        envFrom:
+          - configMapRef:
+              name: sc4s-config
+
+        # Uncomment only if local parser used
+        # volumeMounts:
+        # - name: local-filter-config
+        #   mountPath: /etc/syslog-ng/conf.d/local/config/app_parsers
+        #   readOnly: true
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: sc4s-nodeport-service
+  namespace: sc4s
+spec:
+  selector:
+    app: sc4s-app
+  type: NodePort 
+  ports:
+    - port: 514
+      targetPort: 514
+      name: "tcp514"
+      protocol: TCP
+      nodePort: 30514
+    - port: 514
+      targetPort: 514
+      name: "udp514"
+      protocol: UDP
+      nodePort: 30514
+    - port: 601
+      targetPort: 601
+      name: "tcp601"
+      protocol: TCP
+      nodePort: 30601
+    - port: 6514
+      targetPort: 6514
+      name: "tcp6514"
+      protocol: TCP
+      nodePort: 30515
+    - port: 8080
+      targetPort: 8080
+      name: "healthcheck"
+      protocol: TCP
+      nodePort: 30080

mkdocs.yml

@@ -64,6 +64,8 @@ nav:
           - Docker Swarm: "gettingstarted/ansible-docker-swarm.md"
           - Podman/Docker: "gettingstarted/ansible-docker-podman.md"
           - mk8s: "gettingstarted/ansible-mk8s.md"
+        - Cloud (Experimental):
+          - EKS (Experimental): "gettingstarted/eks.md"
   - Create a parser: "create-parser.md"
   - Configuration: "configuration.md"
   - Destinations: "destinations.md"

package/Dockerfile

@@ -21,35 +21,35 @@ FROM ghcr.io/axoflow/axosyslog:${SYSLOGNG_VERSION}
 
 
 RUN apk add -U --upgrade --no-cache \
-      bash \
-      libxml2 \
-      expat \
-      binutils \
-      musl \
-      build-base \
-      curl \
-      grep \
-      less \
-      net-tools \
-      netcat-openbsd \
-      openssl \
-      postgresql-libs \
-      procps \
-      py3-pip \
-      python3 \
-      python3-dev \
-      libffi-dev \
-      shadow \
-      socat \
-      tzdata \
-      wget \
-      cargo \
-      ca-certificates \
-      poetry \
-      gdb \
-      py3-poetry-plugin-export \
-      py3-virtualenv \
-      xz-libs \
+    bash \
+    binutils \
+    build-base \
+    ca-certificates \
+    cargo \
+    curl \
+    expat \
+    gdb \
+    grep \
+    less \
+    libffi-dev \
+    libxml2 \
+    musl \
+    net-tools \
+    netcat-openbsd \
+    openssl \
+    poetry \
+    postgresql-libs \
+    procps \
+    py3-pip \
+    py3-poetry-plugin-export \
+    py3-virtualenv \
+    python3 \
+    python3-dev \
+    shadow \
+    socat \
+    tzdata \
+    wget \
+    xz-libs \
     && groupadd --gid 1024 syslog \
     && useradd -M -g 1024 -u 1024 syslog \
     && usermod -L syslog \

package/Dockerfile.enterprise

@@ -21,35 +21,35 @@ FROM ghcr.io/axoflow/axosyslog:${SYSLOGNG_VERSION}
 
 
 RUN apk add -U --upgrade --no-cache \
-      bash \
-      libxml2 \
-      expat \
-      binutils \
-      musl \
-      build-base \
-      curl \
-      grep \
-      less \
-      net-tools \
-      netcat-openbsd \
-      openssl \
-      postgresql-libs \
-      procps \
-      py3-pip \
-      python3 \
-      python3-dev \
-      libffi-dev \
-      shadow \
-      socat \
-      tzdata \
-      wget \
-      cargo \
-      ca-certificates \
-      poetry \
-      gdb \
-      py3-poetry-plugin-export \
-      py3-virtualenv \
-      xz-libs \
+    bash \
+    binutils \
+    build-base \
+    ca-certificates \
+    cargo \
+    curl \
+    expat \
+    gdb \
+    grep \
+    less \
+    libffi-dev \
+    libxml2 \
+    musl \
+    net-tools \
+    netcat-openbsd \
+    openssl \
+    poetry \
+    postgresql-libs \
+    procps \
+    py3-pip \
+    py3-poetry-plugin-export \
+    py3-virtualenv \
+    python3 \
+    python3-dev \
+    shadow \
+    socat \
+    tzdata \
+    wget \
+    xz-libs \
     && groupadd --gid 1024 syslog \
     && useradd -M -g 1024 -u 1024 syslog \
     && usermod -L syslog \
@@ -64,13 +64,14 @@ EXPOSE 6514/tcp
 #/dev/log a low priv user cannot read this and the container will fail in SC4S
 #and other uses the low user may be selected
 
-HEALTHCHECK --interval=2m --timeout=5s --start-period=30s CMD /usr/sbin/syslog-ng-ctl healthcheck --timeout 5
+HEALTHCHECK --interval=2m --timeout=5s --start-period=30s CMD ["/usr/sbin/syslog-ng-ctl", "healthcheck", "--timeout", "5"]
 
 COPY pyproject.toml /
 COPY poetry.lock /
 
 RUN python3 -m venv /var/lib/python-venv \
-    && poetry export --format requirements.txt --without-hashes | /var/lib/python-venv/bin/pip3 --no-cache-dir install -r /dev/stdin \
+    && poetry export --format requirements.txt --without-hashes \
+    | /var/lib/python-venv/bin/pip3 --no-cache-dir install -r /dev/stdin \
     && /var/lib/python-venv/bin/pip3 install --no-cache-dir --upgrade tornado==6.4.2 \
     && apk del build-base python3-dev libffi-dev
 
@@ -87,7 +88,7 @@ COPY package/sbin/source_ports_validator.py /
 
 ENV SC4S_CONTAINER_OPTS=--no-caps
 ARG VERSION=unknown
-RUN echo $VERSION>/etc/syslog-ng/VERSION
+RUN echo "$VERSION">/etc/syslog-ng/VERSION
 
 ENTRYPOINT ["/entrypoint.sh"]