Splunk HEC source plugin
The Splunk HEC plugin lets you ingest log data from the Splunk HTTP Event Collector.
Configuration parameters
The Splunk HEC plugin accepts these configuration parameters. Items in the Name column are displayed in the Calyptia Dashboard. Items in the Key column are the YAML keys to use in pipeline configuration files.
General
| Name | Key | Description | Default |
|---|---|---|---|
| Address to Listen On | listen | Required. The address to listen on. | 0.0.0.0 |
| Port | port | Required. The port for Fluent Bit to listen on. | 9880 |
| Tag Key | tag | Specify the key name to overwrite a tag. If set, the tag will be overwritten by a value of the key. | none |
| Buffer Max Size | buffer_max_size | Specify the maximum buffer size in KB to receive a JSON message. | 4M |
| Buffer Chunk Size | buffer_chunk_size | Required. Sets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by buffer_max_size. | 512K |
| Splunk Token | splunk_token | Add a Splunk token for HTTP HEC. | none |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enable or disable TLS/SSL support. | none |
| TLS Certificate Validation | tls.verify | Turn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled. | on |
| TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Optional password for tls.key_file file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |