Splunk HEC source plugin

The Splunk HEC plugin lets you ingest log data from the Splunk HTTP Event Collector.

Supported telemetry types

This plugin supports these telemetry types:

Logs	Metrics	Traces

Configuration parameters

Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.

General

Name	Key	Description	Default
Address to Listen On	`listen`	Required. The address to listen on.	`0.0.0.0`
Port	`port`	Required. The port for Telemetry Pipeline to listen on.	`9880`
Tag Key	`tag`	Specifies the key name to overwrite a tag. If set, the value of that key overwrites the tag.	none
Buffer Max Size	`buffer_max_size`	Specifies the maximum buffer size in KB to receive a JSON message.	`4M`
Buffer Chunk Size	`buffer_chunk_size`	Required. Sets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by `buffer_max_size`.	`512K`
Splunk Token	`splunk_token`	Your Splunk token for HTTP HEC.	none

Security and TLS

Name	Key	Description	Default
TLS	`tls`	Enables or disables TLS/SSL support. Accepted values: `true`, `false`.	`false`
TLS Certificate Validation	`tls.verify`	Enables or disables TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: `off`, `on`.	`on`
TLS Debug Level	`tls.debug`	Sets TLS debug verbosity level. Accepted values: `0` (No debug), `1` (Error), `2` (State change), `3` (Informational), `4` (Verbose).	`1`
CA Certificate File Path	`tls.ca_file`	Absolute path to CA certificate file.	none
Certificate File Path	`tls.crt_file`	Absolute path to certificate file.	none
Private Key File Path	`tls.key_file`	Absolute path to private key file.	none
Private Key Path Password	`tls.key_passwd`	Password for private key file.	none
TLS SNI Hostname Extension	`tls.vhost`	Hostname to be used for TLS SNI extension.	none

Slack Splunk UF