THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Splunk Component
Available as of Camel 2.13
The Splunk component provides access to Splunk using the Splunk provided client api, and it enables you to publish and search for events in Splunk.
Maven users will need to add the following dependency to their pom.xml for this component:
<dependency>
<groupId>org.apache.camel</groupId>
<artifactId>camel-splunk</artifactId>
<version>${camel-version}</version>
</dependency>
URI format
splunk://[endpoint]?[options]
Producer Endpoints:
Endpoint |
Description |
|---|---|
stream |
streaming mode. |
submit |
submit mode. |
tcp |
tcp mode. Requires a open receiver port in Splunk. |
Example
from("direct:start").to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...
Consumer Endpoints:
Endpoint |
Description |
|---|---|
normal |
Performs normal search and requires a search query in the search option. |
realtime |
Performs realtime search in Splunk and requires a search query in the search option. |
savedsearch |
Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. |
Example
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype").to("direct:search-result");
URI Options
Name |
Default Value |
Context |
Description |
|---|---|---|---|
host |
localhost |
Shared |
The Splunk host. |
port |
8089 |
Shared |
Splunk port |
username |
null |
Shared |
Mandatory Splunk username |
password |
null |
Shared |
Mandatory Splunk password |
connectionTimeout |
5000 |
Shared |
Timeout in MS when connecting to Splunk server |
useSunHttpsHandler |
false |
Shared |
Use sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk Connection. Can be useful when running in application servers to avoid app. server https handling. |
index |
null |
Producer |
Splunk index to write to |
sourceType |
null |
Producer |
Splunk SourceType arguement |
source |
null |
Producer |
Splunk Source arguement |
tcpReceiverPort |
0 |
Producer |
Splunk tcp reciever port when using tcp producer endpoint. |
initEarliestTime |
null |
Consumer |
Initial start offset of the first search. Required |
earliestTime |
null |
Consumer |
Earliest time of the search time window. |
latestTime |
null |
Consumer |
Latest time of the search time window. |
count |
0 |
Consumer |
A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
search |
null |
Consumer |
The Splunk query to run |
savedSearch |
null |
Consumer |
The name of the query saved in Splunk to run |