Splunk destination plugin
The Splunk destination plugin lets you configure Chronosphere Telemetry Pipeline to send your telemetry data to Splunk.
Supported telemetry types
This plugin supports these telemetry types:
| Logs | Metrics | Traces |
|---|---|---|
Configuration parameters
Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.
General
| Name | Key | Description | Default |
|---|---|---|---|
| Host | host | Required. IP address or hostname of the target Splunk service. | 127.0.0.1 |
| Port | port | Required. TCP port of the target Splunk service. | 8088 |
| Compress | compress | Set payload compression mechanism. Accepted values: gzip, none. | none |
| Splunk HTTP Token | splunk_token | Required. Specify the authentication token for the HTTP Event Collector interface. | none |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enable or disable TLS/SSL support. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | Enable or disable TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: off, on. | on |
| TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Password for private key file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| Splunk Channel | channel | The X-Splunk-Request-Channel header to send to the HTTP Event Collector. | none |
| Enable Splunk Send Raw | splunk_send_raw | When enabled, the record keys and values are set in the top level of the map instead of under the event key. Refer to the Sending Raw Events section from the docs for more details to make this option work properly. Accepted values: true, false. | false |
| Event Key | event_key | Specify the key name that will be used to send a single value as part of the record. | none |
| Event Host | event_host | Set the host value to the event data. The value allows a record accessor pattern. | none |
| Event Source | event_source | Set the source value to assign to the event data. | none |
| Event Source Type | event_sourcetype | Set the sourcetype value to assign to the event data. | none |
| Event Source Type Key | event_sourcetype_key | Set a record key that will populate sourcetype. If the key is found, it will have precedence over the value set in event_sourcetype. | none |
| Event Index | event_index | The name of the index by which the event data is to be indexed. | none |
| Event Index Key | event_index_key | Set a record key that will populate the index field. If the key is found, it will have precedence over the value set in event_index. | none |
| Event Field(s) | event_field | Set event fields for the record. This option can be set multiple times and the format is key_name record_accessor_pattern. | none |
| Proxy | proxy | Specify an HTTP Proxy. The expected format of this value is http://host:port. HTTPS is not supported. | none |
Advanced Networking
| Name | Key | Description | Default |
|---|---|---|---|
| DNS Mode | net.dns.mode | Select the primary DNS connection type, which can be TCP or UDP. | none |
| DNS Resolver | net.dns.resolver | Select the primary DNS connection type, which can be LEGACY or ASYNC. | none |
| Prefer IPv4 | net.dns.prefer_ipv4 | Prioritize IPv4 DNS results when trying to establish a connection. Accepted values: true, false. | false |
| Keepalive | net.keepalive | Enable or disable Keepalive support. Accepted values: true, false. | true |
| Keepalive Idle Timeout | net.keepalive_idle_timeout | Set maximum time allowed for an idle Keepalive connection. | 30s |
| Max Connect Timeout | net.connect_timeout | Set maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
| Max Connect Timeout Log Error | net.connect_timeout_log_error | On connection timeout, specify if it should log an error. When disabled, the timeout is logged as a debug message. Accepted values: true, false. | true |
| Max Keepalive Recycle | net.keepalive_max_recycle | Set maximum number of times a keepalive connection can be used before it's retired. | 2000 |
| Source Address | net.source_address | Specify network address to bind for data traffic. | none |
Basic Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| HTTP Username | http_user | Basic auth username. | none |
| HTTP Password | http_passwd | Basic auth password. Requires http_user to be set. | none |
Debugging
| Name | Key | Description | Default |
|---|---|---|---|
| HTTP Buffer Size | http_buffer_size | Specify the buffer size used to read the response from the Splunk HTTP service. This option is used for debugging purposes when it's required to read full responses. Response size grows depending of the number of records inserted. To set an unlimited amount of memory, set this value to false. Otherwise the value must be according to the Unit Size specification. | none |
| Enable HTTP Debug Bad Request | http_debug_bad_request | If the server returns an HTTP 400 Bad Request status code and this flag is enabled, it will print the full HTTP request and response to the stdout interface. Used for debugging purposes. Accepted values: true, false. | false |