in_splunk: preserve raw payload without auth header

edsiper · edsiper · commit 15299f08b09c · 2026-03-15T20:21:54.000-06:00
Signed-off-by: Eduardo Silva &lt;eduardo@chronosphere.io&gt;
diff --git a/plugins/in_splunk/splunk_prot.c b/plugins/in_splunk/splunk_prot.c
@@ -189,16 +189,21 @@ static int process_raw_payload_pack(struct flb_splunk *ctx,
         }
     }
     else {
-        if (ingested_auth_header != NULL) {
-            if (ret == FLB_EVENT_ENCODER_SUCCESS) {
+        if (ret == FLB_EVENT_ENCODER_SUCCESS) {
+            if (ingested_auth_header != NULL) {
                 ret = flb_log_event_encoder_append_body_values(
                     encoder,
                     FLB_LOG_EVENT_CSTRING_VALUE(ctx->store_token_key),
                     FLB_LOG_EVENT_STRING_VALUE(ingested_auth_header,
                                                ingested_auth_header_len),
                     FLB_LOG_EVENT_CSTRING_VALUE("log"),
                     FLB_LOG_EVENT_STRING_VALUE(buf, size));
-
+            }
+            else {
+                ret = flb_log_event_encoder_append_body_values(
+                    encoder,
+                    FLB_LOG_EVENT_CSTRING_VALUE("log"),
+                    FLB_LOG_EVENT_STRING_VALUE(buf, size));
             }
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -189,16 +189,21 @@ static int process_raw_payload_pack(struct flb_splunk *ctx,`
`189`	`189`	`}`
`190`	`190`	`}`
`191`	`191`	`else {`
`192`		`- if (ingested_auth_header != NULL) {`
`193`		`- if (ret == FLB_EVENT_ENCODER_SUCCESS) {`
	`192`	`+ if (ret == FLB_EVENT_ENCODER_SUCCESS) {`
	`193`	`+ if (ingested_auth_header != NULL) {`
`194`	`194`	`ret = flb_log_event_encoder_append_body_values(`
`195`	`195`	`encoder,`
`196`	`196`	`FLB_LOG_EVENT_CSTRING_VALUE(ctx->store_token_key),`
`197`	`197`	`FLB_LOG_EVENT_STRING_VALUE(ingested_auth_header,`
`198`	`198`	`ingested_auth_header_len),`
`199`	`199`	`FLB_LOG_EVENT_CSTRING_VALUE("log"),`
`200`	`200`	`FLB_LOG_EVENT_STRING_VALUE(buf, size));`
`201`		`-`
	`201`	`+ }`
	`202`	`+ else {`
	`203`	`+ ret = flb_log_event_encoder_append_body_values(`
	`204`	`+ encoder,`
	`205`	`+ FLB_LOG_EVENT_CSTRING_VALUE("log"),`
	`206`	`+ FLB_LOG_EVENT_STRING_VALUE(buf, size));`
`202`	`207`	`}`
`203`	`208`	`}`
`204`	`209`	`}`