splunk

Consumes messages from Splunk.

Introduced in version 4.30.0.

  • Common

  • Advanced

# Common config fields, showing default values
input:
  label: ""
  splunk:
    url: https://foobar.splunkcloud.com/services/search/v2/jobs/export # No default (required)
    user: "" # No default (required)
    password: "" # No default (required)
    query: "" # No default (required)
    auto_replay_nacks: true
# All config fields, showing default values
input:
  label: ""
  splunk:
    url: https://foobar.splunkcloud.com/services/search/v2/jobs/export # No default (required)
    user: "" # No default (required)
    password: "" # No default (required)
    query: "" # No default (required)
    skip_cert_verify: false
    auto_replay_nacks: true

Fields

url

Full HTTP Search API endpoint URL.

Type: string

# Examples

url: https://foobar.splunkcloud.com/services/search/v2/jobs/export

user

Splunk account user.

Type: string

password

Splunk account password.

This field contains sensitive information that usually shouldn’t be added to a config directly, read our secrets page for more info.

Type: string

query

Splunk search query.

Type: string

skip_cert_verify

Whether to skip server side certificate verification.

Type: bool

Default: false

auto_replay_nacks

Whether messages that are rejected (nacked) at the output level should be automatically replayed indefinitely, eventually resulting in back pressure if the cause of the rejections is persistent. If set to false these messages will instead be deleted. Disabling auto replays can greatly improve memory efficiency of high throughput streams as the original shape of the data can be discarded immediately upon consumption and mutation.

Type: bool

Default: true