THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block |
|---|
splunk://[endpoint]?[options] |
Producer Endpoints:
Endpoint | Description |
|---|---|
stream | streaming mode. |
submit | submit mode. |
tcp | tcp mode. Requires a open receiver port in Splunk. |
Example
| Code Block |
|---|
from("direct:start").to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...
|
Consumer Endpoints:
Endpoint | Description |
|---|---|
normal | Performs normal search and requires a search query in the search option. |
realtime | Performs realtime search in Splunk and requires a search query in the search option. |
savedsearch | Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. |
Example
| Code Block |
|---|
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result");
|