PutSplunkHTTP

Description:

Sends flow file content to the specified Splunk server over HTTP or HTTPS. Supports HEC Index Acknowledgement.

Additional Details...

Tags:

splunk, logs, http

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the NiFi Expression Language, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.

NameDefault ValueAllowable ValuesDescription
Schemehttps
  • https
  • http
The scheme for connecting to Splunk.
HostnamelocalhostThe ip address or hostname of the Splunk server.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector Port8088The HTTP Event Collector HTTP Port Number.
Supports Expression Language: true (will be evaluated using variable registry only)
Security ProtocolTLSv1_2
  • TLSv1_2
  • TLSv1_1
  • TLSv1
  • SSLv3
The security protocol to use for communicating with Splunk.
OwnerThe owner to pass to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector TokenHTTP Event Collector token starting with the string Splunk. For example Splunk 1234578-abcd-1234-abcd-1234abcd
Supports Expression Language: true (will be evaluated using variable registry only)
UsernameThe username to authenticate to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
PasswordThe password to authenticate to Splunk.
Sensitive Property: true
Splunk Request ChannelIdentifier of the used request channel.
Supports Expression Language: true (will be evaluated using variable registry only)
SourceUser-defined event source. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using variable registry only)
Source TypeUser-defined event sourcetype. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using variable registry only)
HostSpecify with the host query string parameter. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using variable registry only)
IndexIndex name. Specify with the index query string parameter. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using variable registry only)
Content TypeThe media type of the event sent to Splunk. If not set, "mime.type" flow file attribute will be used. In case of neither of them is specified, this information will not be sent to the server.
Supports Expression Language: true (will be evaluated using variable registry only)
Character SetUTF-8The name of the character set.
Supports Expression Language: true (will be evaluated using variable registry only)

Relationships:

NameDescription
successFlowFiles that are sent successfully to the destination are sent to this relationship.
failureFlowFiles that failed to send to the destination are sent to this relationship.

Reads Attributes:

NameDescription
mime.typeUses as value for HTTP Content-Type header if set.

Writes Attributes:

NameDescription
splunk.acknowledgement.idThe indexing acknowledgement id provided by Splunk.
splunk.responded.atThe time of the response of put request for Splunk.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

ResourceDescription
MEMORYAn instance of this component can cause high usage of this system resource. Multiple instances or high concurrency settings may result a degradation of performance.

See Also:

QuerySplunkIndexingStatus