out_splunk: change http_passwd default value from "" to NULL

[CrashLaker]

addresses #11301

from FLB_CONFIG_MAP_STR, "http_passwd", "",

to FLB_CONFIG_MAP_STR, "http_passwd", NULL,

---

Enter [N/A] in the box, if an item is not applicable to your change.

Testing
Before we can approve your change; please submit the following in a comment:

• Example configuration file for the change
• Debug log output from testing the change

example run:

conf

[INPUT]
  name splunk
  listen 0.0.0.0
  port 8088
  tls off
  tls.verify off
  store_token_in_metadata true

[OUTPUT]
  name stdout
  match *

[OUTPUT]
  name splunk
  match *
  host localhost
  port 8888
  tls off
  tls.verify off
  http_user ZZZ

conf2

[INPUT]
  name dummy

[OUTPUT]
  name splunk
  host localhost
  port 8088
  tls off
  tls.verify off
  Splunk_Token AAA

conf3

[INPUT]
  name dummy

[OUTPUT]
  name splunk
  host localhost
  port 8088
  tls off
  tls.verify off
  Splunk_Token BBB

start print

Fluent Bit v4.2.2
* Copyright (C) 2015-2025 The Fluent Bit Authors
* Fluent Bit is a CNCF graduated project under the Fluent organization
* https://fluentbit.io

______ _                  _    ______ _ _             ___   _____ 
|  ___| |                | |   | ___ (_) |           /   | / __  \
| |_  | |_   _  ___ _ __ | |_  | |_/ /_| |_  __   __/ /| | `' / /'
|  _| | | | | |/ _ \ '_ \| __| | ___ \ | __| \ \ / / /_| |   / /  
| |   | | |_| |  __/ | | | |_  | |_/ / | |_   \ V /\___  |_./ /___
\_|   |_|\__,_|\___|_| |_|\__| \____/|_|\__|   \_/     |_(_)_____/
                                                                  
             Fluent Bit v4.2 – Direct Routes Ahead
         Celebrating 10 Years of Open, Fluent Innovation!

[2025/12/24 21:24:51.95145216] [ info] [fluent bit] version=4.2.2, commit=ddfef360d7, pid=63145
[2025/12/24 21:24:51.95213048] [ info] [storage] ver=1.5.4, type=memory, sync=normal, checksum=off, max_chunks_up=128
[2025/12/24 21:24:51.95229948] [ info] [simd    ] disabled
[2025/12/24 21:24:51.95235329] [ info] [cmetrics] version=1.0.6
[2025/12/24 21:24:51.95244089] [ info] [ctraces ] version=0.6.6
[2025/12/24 21:24:51.95322881] [ info] [input:splunk:splunk.0] initializing
[2025/12/24 21:24:51.95335211] [ info] [input:splunk:splunk.0] storage_strategy='memory' (memory only)
[2025/12/24 21:24:51.95441444] [ info] [input:splunk:splunk.0] listening on 0.0.0.0:8088
[2025/12/24 21:24:51.95757213] [ info] [output:stdout:stdout.0] worker #0 started
[2025/12/24 21:24:51.95979679] [ info] [output:splunk:splunk.1] worker #0 started
[2025/12/24 21:24:51.96092022] [ info] [sp] stream processor started
[2025/12/24 21:24:51.96123483] [ info] [output:splunk:splunk.1] worker #1 started
[2025/12/24 21:24:51.96148123] [ info] [engine] Shutdown Grace Period=5, Shutdown Input Grace Period=2
[0] splunk.0: [[1766611491.302205969, {"hec_token"=>"Splunk BBB"}], {"time"=>1766611480.299107, "event"=>{"message"=>"dummy"}}]
[1] splunk.0: [[1766611491.302364073, {"hec_token"=>"Splunk BBB"}], {"time"=>1766611484.299124, "event"=>{"message"=>"dummy"}}]
[2] splunk.0: [[1766611491.302420675, {"hec_token"=>"Splunk AAA"}], {"time"=>1766611479.299183, "event"=>{"message"=>"dummy"}}]

flask app

from flask import Flask, request
app = Flask(__name__)

@app.route('/services/collector/event', methods=['POST'])
def hello_world():
    print(request.headers)
    return 'Hello, World!'

if __name__ == '__main__':
    app.run(host="0.0.0.0", port="8888", debug=True)

flask application to get headers

Please refer to the Developer Guide for instructions on building Fluent Bit with Valgrind support:
https://github.com/fluent/fluent-bit/blob/master/DEVELOPER_GUIDE.md#valgrind
Invoke Fluent Bit and Valgrind as: $ valgrind --leak-check=full ./bin/fluent-bit

valgrind run
valgrind ./fluent-bit -c conf

ending

[2025/12/24 21:23:27.304159569] [ info] [output:stdout:stdout.0] thread worker #0 stopping...
[2025/12/24 21:23:27.310661178] [ info] [output:stdout:stdout.0] thread worker #0 stopped
[2025/12/24 21:23:27.344923999] [ info] [output:splunk:splunk.1] thread worker #0 stopping...
[2025/12/24 21:23:27.346641964] [ info] [output:splunk:splunk.1] thread worker #0 stopped
[2025/12/24 21:23:27.348299827] [ info] [output:splunk:splunk.1] thread worker #1 stopping...
[2025/12/24 21:23:27.348608595] [ info] [output:splunk:splunk.1] thread worker #1 stopped
==63061== 
==63061== HEAP SUMMARY:
==63061==     in use at exit: 0 bytes in 0 blocks
==63061==   total heap usage: 13,061 allocs, 13,061 frees, 12,303,089 bytes allocated
==63061== 
==63061== All heap blocks were freed -- no leaks are possible
==63061== 
==63061== Use --track-origins=yes to see where uninitialised values come from
==63061== For lists of detected and suppressed errors, rerun with: -s
==63061== ERROR SUMMARY: 325184 errors from 1000 contexts (suppressed: 0 from 0)

---

Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.

Summary by CodeRabbit

• Bug Fixes
  • Splunk plugin now treats a missing HTTP password as unset (null) rather than as an empty string. This ensures credentials are detected and validated consistently, prevents unintended empty-password behavior, and improves error handling during configuration and authentication.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

📝 Walkthrough

Walkthrough

The Splunk output plugin config map now initializes the http_passwd field to NULL instead of an empty string, changing the plugin context's initial representation of absent HTTP password credentials.

Changes

Cohort / File(s)	Summary
Splunk plugin config default plugins/out_splunk/splunk.c	Changed default for http_passwd in the plugin config map from "" (empty string) to NULL, altering initial credential state.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• edsiper
• koleini

Poem

I nibble on lines of config neat,
A tiny swap, precise and small,
From empty string to NULL I leap,
Quiet change beneath the heap,
Hoppity code, we fixed it all 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: updating the http_passwd default value from an empty string to NULL in the out_splunk plugin.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

---

📜 Recent review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5563e16 and 74abd69.

📒 Files selected for processing (1)

• plugins/out_splunk/splunk.c

🚧 Files skipped from review as they are similar to previous changes (1)

• plugins/out_splunk/splunk.c

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[cosmo0920]

The patch is good but we need to follow the guideline for commit message.
Plus, our linter of commit messages complains like:

❌ Commit 8cd1b3accd failed:
Missing prefix in commit subject: 'change http_passwd default value from "" to NULL'


Commit prefix validation failed.

[CrashLaker]

hi @cosmo0920
thank you for reviewing the PR
i'm afraid i don't know how to add a new commit to an existing PR. could you please help me?

if I just add a new commit to the branch in my account CrashLaker:out_splunk-http_passwd-NULL-default2 will it appear here?

edit:
just rewrote the commit message with git commit --amend

regards,c

[cosmo0920]

We need to use out_splunk: prefix in a commit message like:

out_splunk: change http_passwd default value to NULL

[CrashLaker]

Hi sorry. not used to use signed commits
tried now with git commit -s --amend
hope it now works

regards,c

[cosmo0920]

Committer and Author still differ:

Commit sha: [5563e16](https://github.com/fluent/fluent-bit/pull/11314/commits/5563e16546ba38be05b15b3fd90fa9924fdbef0b), Author: Your Name, Committer: Your Name; Expected "Your Name [[email protected]](mailto:[email protected])", but got "Crashlaker [[email protected]](mailto:[email protected])".

[CrashLaker]

fixed. let's try now.

regards,c