You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Splunk Component

Available as of Camel 2.13

The Splunk component provides access to Splunk using the Splunk provided client api, and it enables you to publish and search for events in Splunk.

Maven users will need to add the following dependency to their pom.xml for this component:

	<dependency>
    	<groupId>org.apache.camel</groupId>
    	<artifactId>camel-splunk</artifactId>
    	<version>${camel-version}</version>
	</dependency>

URI format 

  splunk://[endpoint]?[options]

Producer Endpoints:

Endpoint

Description

stream

streaming mode.

submit

submit mode.

tcp

tcp mode. Requires a open receiver port in Splunk.

Example

	from("direct:start").to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...

Consumer Endpoints:

Endpoint

Description

normal

Performs normal search and requires a search query in the search option.

realtime

Performs realtime search in Splunk and requires a search query in the search option.

savedsearch

Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option.

Example

	from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result");
  • No labels