Page History

...

Code Block
from("direct:start").to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...

When publishing events the message body should contain a SplunkEvent.

Endpoint	Description
normal	Performs normal search and requires a search query in the search option.
realtime	Performs realtime search in Splunk and requires a search query in the search option.
savedsearch	Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option.

...

Code Block
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result");

camel-splunk creates a route exchange per search result with a SplunkEvent in the body.

Name	Default Value	Context	Description
host	localhost	Both	Splunk host.
port	8089	Both	Splunk port
username	null	Both	Username for Splunk
password	null	Both	Password for Splunk
connectionTimeout	5000	Both	Timeout in MS when connecting to Splunk server
useSunHttpsHandler	false	Both	Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling.
index	null	Producer	Splunk index to write to
sourceType	null	Producer	Splunk SourceType arguement
source	null	Producer	Splunk Source arguement
tcpReceiverPort	0	Producer	Splunk tcp reciever port when using tcp producer endpoint.
initEarliestTime	null	Consumer	Initial start offset of the first search. Required
earliestTime	null	Consumer	Earliest time of the search time window.
latestTime	null	Consumer	Latest time of the search time window.
count	0	Consumer	A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported
search	null	Consumer	The Splunk query to run
savedSearch	null	Consumer	The name of the query saved in Splunk to run

Versions Compared