...
Name | Default Value | Context | Description |
---|---|---|---|
host | localhost | Both | Splunk host. |
port | 8089 | Both | Splunk port |
username | null | Both | Username for Splunk |
password | null | Both | Password for Splunk |
connectionTimeout | 5000 | Both | Timeout in MS when connecting to Splunk server |
useSunHttpsHandler | false | Both | Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling. |
index | null | Producer | Splunk index to write to |
sourceType | null | Producer | Splunk SourceType arguement |
source | null | Producer | Splunk Source arguement |
tcpReceiverPort | 0 | Producer | Splunk tcp reciever port when using tcp producer endpoint. |
initEarliestTime | null | Consumer | Initial start offset of the first search. Required |
earliestTime | null | Consumer | Earliest time of the search time window. |
latestTime | null | Consumer | Latest time of the search time window. |
count | 0 | Consumer | A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
search | null | Consumer | The Splunk query to run |
savedSearch | null | Consumer | The name of the query saved in Splunk to run |
Use Cases
Search Twitter for tweets with music and publish events to Splunk
Code Block |
---|
from("twitter://search?type=polling&keywords=music&delay=10&consumerKey=abc&consumerSecret=def&accessToken=hij&accessTokenSecret=xxx")
.convertBodyTo(SplunkEvent.class)
.to("splunk://submit?username=foo&password=bar&index=camel-tweets&sourceType=twitter&source=music-tweets");
|
Splunk comes with a variety of options for leveraging machine generated data with prebuild apps for analyzing and displaying this.
For example the jmx app. could be used to publish jmx attributes, eg. route and jvm metrics to Splunk, and displaying this on a dashboard.