Sends flow file content to the specified Splunk server over HTTP or HTTPS. Supports HEC Index Acknowledgement.
splunk, logs, http
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Scheme | Scheme | https |
| The scheme for connecting to Splunk. |
| Hostname | Hostname | localhost | The ip address or hostname of the Splunk server. Supports Expression Language: true (will be evaluated using variable registry only) | |
| HTTP Event Collector Port | Port | 8088 | The HTTP Event Collector HTTP Port Number. Supports Expression Language: true (will be evaluated using variable registry only) | |
| Security Protocol | Security Protocol | TLSv1_2 |
| The security protocol to use for communicating with Splunk. |
| Owner | Owner | The owner to pass to Splunk. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| HTTP Event Collector Token | Token | HTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd' Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Username | Username | The username to authenticate to Splunk. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Password | Password | The password to authenticate to Splunk. Sensitive Property: true | ||
| Splunk Request Channel | request-channel | Identifier of the used request channel. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Source | source | User-defined event source. Sets a default for all events when unspecified. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
| Source Type | source-type | User-defined event sourcetype. Sets a default for all events when unspecified. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
| Host | host | Specify with the host query string parameter. Sets a default for all events when unspecified. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
| Index | index | Index name. Specify with the index query string parameter. Sets a default for all events when unspecified. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
| Content Type | content-type | The media type of the event sent to Splunk. If not set, "mime.type" flow file attribute will be used. In case of neither of them is specified, this information will not be sent to the server. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) | ||
| Character Set | character-set | UTF-8 | The name of the character set. Supports Expression Language: true (will be evaluated using flow file attributes and variable registry) |
| Name | Description |
|---|---|
| success | FlowFiles that are sent successfully to the destination are sent to this relationship. |
| failure | FlowFiles that failed to send to the destination are sent to this relationship. |
| Name | Description |
|---|---|
| mime.type | Uses as value for HTTP Content-Type header if set. |
| Name | Description |
|---|---|
| splunk.acknowledgement.id | The indexing acknowledgement id provided by Splunk. |
| splunk.responded.at | The time of the response of put request for Splunk. |
| Resource | Description |
|---|---|
| MEMORY | An instance of this component can cause high usage of this system resource. Multiple instances or high concurrency settings may result a degradation of performance. |