Splunk destination plugin
The Splunk destination plugin lets you configure Chronosphere Telemetry Pipeline to send your telemetry data to Splunk.
Supported telemetry types
This plugin supports these telemetry types:
| Logs | Metrics | Traces |
|---|---|---|
Configuration parameters
Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.
General
| Name | Key | Description | Default |
|---|---|---|---|
| Host | host | Required. IP address or hostname of the target Splunk service. | 127.0.0.1 |
| Port | port | Required. TCP port of the target Splunk service. | 8088 |
| Compress | compress | Sets the payload compression mechanism. Accepted values: gzip, none. | none |
| Splunk HTTP Token | splunk_token | Required. Specifies the authentication token for the HTTP Event Collector interface. | none |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enables or disables TLS/SSL support. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | Enables or disables TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: off, on. | on |
| TLS Debug Level | tls.debug | Sets TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Password for private key file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| Splunk Channel | channel | The X-Splunk-Request-Channel header to send to the HTTP Event Collector. | none |
| Enable Splunk Send Raw | splunk_send_raw | When enabled, the record keys and values are set in the top level of the map instead of under the event key. Refer to the Sending Raw Events section from the docs for more details to make this option work properly. Accepted values: true, false. | false |
| Event Key | event_key | Specifies the key name that will be used to send a single value as part of the record. | none |
| Event Host | event_host | Sets the host value to the event data. The value allows a record accessor pattern. | none |
| Event Source | event_source | Sets the source value to assign to the event data. | none |
| Event Source Type | event_sourcetype | Sets the sourcetype value to assign to the event data. | none |
| Event Source Type Key | event_sourcetype_key | Sets a record key that will populate sourcetype. If the key is found, it will have precedence over the value set in event_sourcetype. | none |
| Event Index | event_index | The name of the index by which the event data is to be indexed. | none |
| Event Index Key | event_index_key | Sets a record key that will populate the index field. If the key is found, it will have precedence over the value set in event_index. | none |
| Event Field(s) | event_field | Sets event fields for the record. This option can be set multiple times and the format is key_name record_accessor_pattern. | none |
| Proxy | proxy | Specifies an HTTP Proxy. The expected format of this value is http://host:port. HTTPS is not supported. | none |
Advanced Networking
| Name | Key | Description | Default |
|---|---|---|---|
| DNS Mode | net.dns.mode | Selects the primary DNS connection type, which can be TCP or UDP. | none |
| DNS Resolver | net.dns.resolver | Selects the primary DNS connection type, which can be LEGACY or ASYNC. | none |
| Prefer IPv4 | net.dns.prefer_ipv4 | Prioritizes IPv4 DNS results when trying to establish a connection. Accepted values: true, false. | false |
| Keepalive | net.keepalive | Enables or disables Keepalive support. Accepted values: true, false. | true |
| Keepalive Idle Timeout | net.keepalive_idle_timeout | Sets the maximum time allowed for an idle Keepalive connection. | 30s |
| Max Connect Timeout | net.connect_timeout | Sets the maximum time allowed to establish a connection, which includes the TLS handshake. | 10s |
| Max Connect Timeout Log Error | net.connect_timeout_log_error | Specifies whether to log an error on connection timeout. When disabled, the timeout is logged as a debug message. Accepted values: true, false. | true |
| Max Keepalive Recycle | net.keepalive_max_recycle | Sets the maximum number of times a keepalive connection can be used before it's retired. | 2000 |
| Source Address | net.source_address | Specifies the network address to bind for data traffic. | none |
Basic Authentication
| Name | Key | Description | Default |
|---|---|---|---|
| HTTP Username | http_user | Basic auth username. | none |
| HTTP Password | http_passwd | Basic auth password. Requires http_user to be set. | none |
Debugging
| Name | Key | Description | Default |
|---|---|---|---|
| HTTP Buffer Size | http_buffer_size | Specifies the buffer size used to read the response from the Splunk HTTP service. This option is used for debugging purposes when it's required to read full responses. Response size grows depending of the number of records inserted. To set an unlimited amount of memory, set this value to false. Otherwise the value must be according to the Unit Size specification. | none |
| Enable HTTP Debug Bad Request | http_debug_bad_request | If the server returns an HTTP 400 Bad Request status code and this flag is enabled, it will print the full HTTP request and response to the stdout interface. Used for debugging purposes. Accepted values: true, false. | false |