SplunkHEC

Based on the Splunk destination of AxoSyslog core.

Available in Logging operator version 4.4 and later.

Example

apiVersion: logging.banzaicloud.io/v1beta1
kind: SyslogNGOutput
metadata:
  name: splunkhec
spec:
  splunk_hec_event:
    url: "https://splunk-endpoint"
    token:
      valueFrom:
          secretKeyRef:
            name: splunk-hec
            key: token

Configuration

SplunkHECOutput

(HTTPOutput, required)

content_type (string, optional)

Additional HTTP request content-type option.

default_index (string, optional)

Fallback option for index field. For details, see the documentation of the AxoSyslog syslog-ng distribution.

default_source (string, optional)

Fallback option for source field.

default_sourcetype (string, optional)

Fallback option for sourcetype field.

event (string, optional)

event() accepts a template, which declares the content of the log message sent to Splunk. Default value: ${MSG}

extra_headers ([]string, optional)

Additional HTTP request headers.

extra_queries ([]string, optional)

Additional HTTP request query options.

fields (string, optional)

Additional indexing metadata for Splunk.

host (string, optional)

Sets the host field.

index (string, optional)

Splunk index where the messages will be stored.

source (string, optional)

Sets the source field.

sourcetype (string, optional)

Sets the sourcetype field.

time (string, optional)

Sets the time field.

token (secret.Secret, optional)

The token that syslog-ng OSE uses to authenticate on the event collector.

Last modified April 26, 2024: Merge pull request #240 from kube-logging/pepov-patch-1 (e4b8853)