...
Endpoint | Description |
---|---|
stream | streaming mode. When using stream mode be aware of that Splunk has some internal buffer (about 1MB or so) before events gets to the index. If you need realtime better use submit or tcp mode. |
submit | submit mode. |
tcp | tcp mode. Requires a open receiver port in Splunk. |
...
Name | Default Value | Context | Description |
---|---|---|---|
host | localhost | Shared Both | The Splunk host. |
port | 8089 | Shared Both | Splunk port |
username | null | Shared Both | Mandatory Username for Splunk username |
password | null | Shared Both | Mandatory Password for Splunk password |
connectionTimeout | 5000 | Shared Both | Timeout in MS when connecting to Splunk server |
useSunHttpsHandler | false | Shared Both | Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling. |
index | null | Producer | Splunk index to write to |
sourceType | null | Producer | Splunk SourceType arguement |
source | null | Producer | Splunk Source arguement |
tcpReceiverPort | 0 | Producer | Splunk tcp reciever port when using tcp producer endpoint. |
initEarliestTime | null | Consumer | Initial start offset of the first search. Required |
earliestTime | null | Consumer | Earliest time of the search time window. |
latestTime | null | Consumer | Latest time of the search time window. |
count | 0 | Consumer | A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
search | null | Consumer | The Splunk query to run |
savedSearch | null | Consumer | The name of the query saved in Splunk to run |