Splunk HEC source plugin

The Splunk HEC plugin lets you ingest log data from the Splunk HTTP Event Collector.

Configuration parameters

The Splunk HEC plugin accepts these configuration parameters. Items in the Name column are displayed in the Calyptia Dashboard. Items in the Key column are the YAML keys to use in pipeline configuration files.

Metadata

NameKeyDescriptionDefault
NameNamePlugin instance name for identification purposes.none

General

NameKeyDescriptionDefault
Address to Listen OnlistenRequired. The address to listen on.0.0.0.0
PortportRequired. The port for Fluent Bit to listen on.9880
Tag KeytagSpecify the key name to overwrite a tag. If set, the tag will be overwritten by a value of the key.none
Buffer Max Sizebuffer_max_sizeSpecify the maximum buffer size in KB to receive a JSON message.4M
Buffer Chunk Sizebuffer_chunk_sizeRequired. Sets the chunk size for incoming JSON messages. Chunks are stored and managed in the space available by buffer_max_size.512K
Splunk Tokensplunk_tokenAdd a Splunk token for HTTP HEC.none

Security and TLS

NameKeyDescriptionDefault
TLStlsEnable or disable TLS/SSL support.none
TLS Certificate Validationtls.verifyTurn TLS/SSL certificate validation on or off. TLS must be on for this setting to be enabled.on
TLS Debug Leveltls.debugSet TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose).1
CA Certificate File Pathtls.ca_fileAbsolute path to CA certificate file.none
Certificate File Pathtls.crt_fileAbsolute path to certificate file.none
Private Key File Pathtls.key_fileAbsolute path to private key file.none
Private Key Path Passwordtls.key_passwdOptional password for tls.key_file file.none
TLS SNI Hostname Extensiontls.vhostHostname to be used for TLS SNI extension.none