Python2 is EOL

Collecting hpfeeds-logger
  Downloading https://files.pythonhosted.org/packages/c0/bd/f7c119ea6bc6c9646e2113a7454bd60c1a9fffd7733e33dd942d2a9f748a/hpfeeds-logger-0.0.7.7.tar.gz
    Complete output from command python setup.py egg_info:
    Downloading https://pypi.python.org/packages/source/d/distribute/distribute-0.6.14.tar.gz
    Extracting in /tmp/tmpay1463ms
    Traceback (most recent call last):
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 143, in use_setuptools
        raise ImportError
    ImportError
    
    During handling of the above exception, another exception occurred:
    
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/setup.py", line 16, in <module>
        use_setuptools()
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 145, in use_setuptools
        return _do_download(version, download_base, to_dir, download_delay)
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 125, in _do_download
        _build_egg(egg, tarball, to_dir)
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 99, in _build_egg
        _extractall(tar)
      File "/tmp/pip-build-unfas0o4/hpfeeds-logger/ez_setup.py", line 467, in _extractall
        self.chown(tarinfo, dirpath)
    TypeError: chown() missing 1 required positional argument: 'numeric_owner'
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-unfas0o4/hpfeeds-logger/

Could commit fe41b4a be reverted?

Unfortunately I wasn't able to quickly find any justification for this commit, but I would like to request that it be reverted.

Assumption

My assumption is that src_ip and dest_ip always hold ip addresses

Justification

According to Splunk's Common Information Model (CIM) the Network Traffic model, dest_ip and src_ip should hold the ip address of the destination and source device when available. The src/dest fields should be populated with the src/dest ip, hostname, or mac address depending on what's available in the log. Thus when searching for an ip address, its standard to use src_ip/dest_ip.

While I can account for this in Splunk itself by using a regex to extract src to src_ip (similar for dest) if src/dest appear to be ip addresses, it is less work for the system, to just copy anything in the src_ip field to the src field. Even the documentation suggest src could be aliased from src_ip, src_mac etc (although best practice is not to alias but copy, but that's an advanced Splunk administration topic)

While that may seem like a very small thing (and it is), Splunk does these field extractions at search time. So every time that record is returned in a search result (okay there are exceptions and I'm simplifying), that extraction is done and it has to be done for EVERY search result of this sourcetype (again simplification; typically done by sourcetype but could be done in other ways).

When you consider its more performant on the Splunk side to reverse this change AND it simplifies the code here (quite trivially, but still), I believe this request is justified. Again, there's a huge caveat that I don't know why it was originally added and without that context I may be overlooking other issues.