Splunk

Splunk via Hec output plugin for Fluentd

Overview

More info at https://github.com/splunk/fluent-plugin-splunk-hec

Example output configurations

spec:
  splunkHec:
    hec_host: splunk.default.svc.cluster.local
    hec_port: 8088
    protocol: http

Configuration

SplunkHecOutput

SplunkHecOutput sends your logs to Splunk via Hec

data_type (string, optional)

The type of data that will be sent to Sumo Logic, either event or metric

Default: event

hec_host (string, required)

You can specify SplunkHec host by this parameter.

Default: -

hec_port (int, optional)

The port number for the Hec token or the Hec load balancer.

Default: 8088

protocol (string, optional)

This is the protocol to use for calling the Hec API. Available values are: http, https.

Default: https

hec_token (*secret.Secret, required)

Identifier for the Hec token. Secret

Default: -

metrics_from_event (*bool, optional)

When data_type is set to “metric”, the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set metrics_from_event to false to disable this behavior and use metric_name_key and metric_value_key to define metrics. (Default:true)

Default: -

metric_name_key (string, optional)

Field name that contains the metric name. This parameter only works in conjunction with the metrics_from_event parameter. When this prameter is set, the metrics_from_event parameter is automatically set to false.

Default: true

metric_value_key (string, optional)

Field name that contains the metric value, this parameter is required when metric_name_key is configured.

Default: -

coerce_to_utf8 (*bool, optional)

Indicates whether to allow non-UTF-8 characters in user logs. If set to true, any non-UTF-8 character is replaced by the string specified in non_utf8_replacement_string. If set to false, the Ingest API errors out any non-UTF-8 characters. .

Default: true

non_utf8_replacement_string (string, optional)

If coerce_to_utf8 is set to true, any non-UTF-8 character is replaced by the string you specify in this parameter. .

Default: ’ '

index (string, optional)

Identifier for the Splunk index to be used for indexing events. If this parameter is not set, the indexer is chosen by HEC. Cannot set both index and index_key parameters at the same time.

Default: -

index_key (string, optional)

The field name that contains the Splunk index name. Cannot set both index and index_key parameters at the same time.

Default: -

host (string, optional)

The host location for events. Cannot set both host and host_key parameters at the same time. (Default:hostname)

Default: -

host_key (string, optional)

Key for the host location. Cannot set both host and host_key parameters at the same time.

Default: -

source (string, optional)

The source field for events. If this parameter is not set, the source will be decided by HEC. Cannot set both source and source_key parameters at the same time.

Default: -

source_key (string, optional)

Field name to contain source. Cannot set both source and source_key parameters at the same time.

Default: -

sourcetype (string, optional)

The sourcetype field for events. When not set, the sourcetype is decided by HEC. Cannot set both source and source_key parameters at the same time.

Default: -

sourcetype_key (string, optional)

Field name that contains the sourcetype. Cannot set both source and source_key parameters at the same time.

Default: -

keep_keys (bool, optional)

By default, all the fields used by the *_key parameters are removed from the original input events. To change this behavior, set this parameter to true. This parameter is set to false by default. When set to true, all fields defined in index_key, host_key, source_key, sourcetype_key, metric_name_key, and metric_value_key are saved in the original event.

Default: -

idle_timeout (int, optional)

If a connection has not been used for this number of seconds it will automatically be reset upon the next use to avoid attempting to send to a closed connection. nil means no timeout.

Default: -

read_timeout (int, optional)

The amount of time allowed between reading two chunks from the socket.

Default: -

open_timeout (int, optional)

The amount of time to wait for a connection to be opened.

Default: -

client_cert (*secret.Secret, optional)

The path to a file containing a PEM-format CA certificate for this client. Secret

Default: -

client_key (*secret.Secret, optional)

The private key for this client.’ Secret

Default: -

ca_file (*secret.Secret, optional)

The path to a file containing a PEM-format CA certificate. Secret

Default: -

ca_path (*secret.Secret, optional)

The path to a directory containing CA certificates in PEM format. Secret

Default: -

ssl_ciphers (string, optional)

List of SSL ciphers allowed.

Default: -

insecure_ssl (*bool, optional)

Indicates if insecure SSL connection is allowed

Default: false

fields (Fields, optional)

In this case, parameters inside are used as indexed fields and removed from the original input events

Default: -

format (*Format, optional)

Format

Default: -

buffer (*Buffer, optional)

Buffer

Default: -

slow_flush_log_threshold (string, optional)

The threshold for chunk flush performance check. Parameter type is float, not time, default: 20.0 (seconds) If chunk flush takes longer time than this threshold, fluentd logs warning message and increases metric fluentd_output_status_slow_flush_count.

Default: -

Last modified December 27, 2023: Version number bumps (00b4afd)