SplunkHEC

Based on the Splunk destination of AxoSyslog core.

Example

apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGOutput
metadata:
  name: splunkhec
spec:
  splunk_hec_event:
    url: "https://splunk-endpoint"
    token:
      valueFrom:
          secretKeyRef:
            name: splunk-hec
            key: token

Configuration

(HTTPOutput, required)

Default: -

token (secret.Secret, optional)

The token that syslog-ng OSE uses to authenticate on the event collector.

Default: -

event (string, optional)

event() accepts a template, which declares the content of the log message sent to Splunk. Default value: ${MSG}

Default: -

index (string, optional)

Splunk index where the messages will be stored.

Default: -

source (string, optional)

Sets the source field.

Default: -

sourcetype (string, optional)

Sets the sourcetype field.

Default: -

host (string, optional)

Sets the host field.

Default: -

time (string, optional)

Sets the time field.

Default: -

default_index (string, optional)

Fallback option for index field. See syslog-ng docs

Default: -

default_source (string, optional)

Fallback option for source field.

Default: -

default_sourcetype (string, optional)

Fallback option for sourcetype field.

Default: -

fields (string, optional)

Additional indexing metadata for Splunk.

Default: -

extra_headers ([]string, optional)

Additional HTTP request headers.

Default: -

extra_queries ([]string, optional)

Additional HTTP request query options.

Default: -

content_type (string, optional)

Additional HTTP request content-type option.

Default: -

Last modified December 27, 2023: Version number bumps (00b4afd)