...
Code Block |
---|
from("direct:start").to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")... |
When publishing events the message body should contain a SplunkEvent.
Consumer Endpoints:
Endpoint | Description |
---|---|
normal | Performs normal search and requires a search query in the search option. |
realtime | Performs realtime search in Splunk and requires a search query in the search option. |
savedsearch | Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. |
...
Code Block |
---|
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result"); |
camel-splunk creates a route exchange per search result with a SplunkEvent in the body.
URI Options
Name | Default Value | Context | Description |
---|---|---|---|
host | localhost | Both | Splunk host. |
port | 8089 | Both | Splunk port |
username | null | Both | Username for Splunk |
password | null | Both | Password for Splunk |
connectionTimeout | 5000 | Both | Timeout in MS when connecting to Splunk server |
useSunHttpsHandler | false | Both | Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling. |
index | null | Producer | Splunk index to write to |
sourceType | null | Producer | Splunk SourceType arguement |
source | null | Producer | Splunk Source arguement |
tcpReceiverPort | 0 | Producer | Splunk tcp reciever port when using tcp producer endpoint. |
initEarliestTime | null | Consumer | Initial start offset of the first search. Required |
earliestTime | null | Consumer | Earliest time of the search time window. |
latestTime | null | Consumer | Latest time of the search time window. |
count | 0 | Consumer | A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
search | null | Consumer | The Splunk query to run |
savedSearch | null | Consumer | The name of the query saved in Splunk to run |