THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Endpoint | Description |
|---|---|
stream | streaming mode. When using stream mode be aware of that Splunk has some internal buffer (about 1MB or so) before events gets to the index. If you need realtime better use submit or tcp mode. |
submit | submit mode. |
tcp | tcp mode. Requires a open receiver port in Splunk. |
When publishing events the message body should contain a SplunkEvent.
Example
| Code Block |
|---|
from("direct:start").convertBodyTo(SplunkEvent.class).to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...
|
When publishing events the message body should contain a SplunkEventIn this example a converter is required to convert to a SplunkEvent class.
Consumer Endpoints:
Endpoint | Description |
|---|---|
normal | Performs normal search and requires a search query in the search option. |
realtime | Performs realtime search in Splunk and requires a search query in the search option. |
savedsearch | Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. |
...