Splunk UF source plugin
You can use the Splunk UF source plugin to configure Chronosphere Telemetry Pipeline to collect data from your Splunk Universal Forwarder instances.
Supported telemetry types
This plugin supports these telemetry types:
| Logs | Metrics | Traces |
|---|---|---|
Configuration parameters
Use the parameters in this section to configure your plugin. The Telemetry Pipeline web interface uses the values in the Name column to describe the parameters. Items in the Key column are the YAML keys to use in pipeline configuration files.
Required
| Name | Key | Description | Default |
|---|---|---|---|
| Port | port | Required. The TCP port used for listening for incoming messages. | 5170 |
Advanced
| Name | Key | Description | Default |
|---|---|---|---|
| Format | format | Sets the format. Accepted values: json, none. | none |
| Set Separator | separator | Sets separator. | none |
| Chunk Size | chunk_size | Sets the chunk size for incoming messages. | 256kb |
| Buffer Size | buffer_Size | Sets the chunk size for incoming JSON messages. These chunks are then stored and managed in the space available by buffer_size. | none |
Security and TLS
| Name | Key | Description | Default |
|---|---|---|---|
| TLS | tls | Enable or disable TLS/SSL support. Accepted values: true, false. | false |
| TLS Certificate Validation | tls.verify | Enable or disable TLS/SSL certificate validation. TLS must be enabled for certificates to be validated. Accepted values: off, on. | on |
| TLS Debug Level | tls.debug | Set TLS debug verbosity level. Accepted values: 0 (No debug), 1 (Error), 2 (State change), 3 (Informational), 4 (Verbose). | 1 |
| CA Certificate File Path | tls.ca_file | Absolute path to CA certificate file. | none |
| Certificate File Path | tls.crt_file | Absolute path to certificate file. | none |
| Private Key File Path | tls.key_file | Absolute path to private key file. | none |
| Private Key Path Password | tls.key_passwd | Password for private key file. | none |
| TLS SNI Hostname Extension | tls.vhost | Hostname to be used for TLS SNI extension. | none |
Splunk Universal Forwarder configuration
[tcpout]
defaultGroup = calyptia
disabled = false
[tcpout:calyptia]
server = <CALYPTIA CORE HOST>:<PIPELINE PORT>
sendCookedData = false
negotiateProtocolLevel = 0