SplunkHEC
Based on the Splunk destination of AxoSyslog core.
Example
apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGOutput
metadata:
name: splunkhec
spec:
splunk_hec_event:
url: "https://splunk-endpoint"
token:
valueFrom:
secretKeyRef:
name: splunk-hec
key: token
Configuration
(HTTPOutput, required)
Default: -
token (secret.Secret, optional)
The token that syslog-ng OSE uses to authenticate on the event collector.
Default: -
event (string, optional)
event() accepts a template, which declares the content of the log message sent to Splunk. Default value: ${MSG}
Default: -
index (string, optional)
Splunk index where the messages will be stored.
Default: -
source (string, optional)
Sets the source field.
Default: -
sourcetype (string, optional)
Sets the sourcetype field.
Default: -
host (string, optional)
Sets the host field.
Default: -
time (string, optional)
Sets the time field.
Default: -
default_index (string, optional)
Fallback option for index field. See syslog-ng docs
Default: -
default_source (string, optional)
Fallback option for source field.
Default: -
default_sourcetype (string, optional)
Fallback option for sourcetype field.
Default: -
fields (string, optional)
Additional indexing metadata for Splunk.
Default: -
extra_headers ([]string, optional)
Additional HTTP request headers.
Default: -
extra_queries ([]string, optional)
Additional HTTP request query options.
Default: -
content_type (string, optional)
Additional HTTP request content-type option.
Default: -