Versions Compared

Old Version 12

changes.mady.by.user Preben Asmussen

Saved on

compared with

New Version 13

changes.mady.by.user Preben Asmussen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The Splunk component provides access to Splunk using the Splunk provided client api, and it enables you to publish and search for events in Splunk.

...

Endpoint

Description

stream

streaming mode. Streams data to a named index or the default if not specified.
When using stream mode be aware of that Splunk has some internal buffer (about 1MB or so) before events gets to the index.
If you need realtime, better use submit or tcp mode.

submit

submit mode. Uses Splunk rest api to publish events to a named index or the default if not specified.

tcp

tcp mode. Requires Streams data to a tcp port, and requires a open receiver port in Splunk.

...