QuerySplunkIndexingStatus

Description:

Queries Splunk server in order to acquire the status of indexing acknowledgement.

Additional Details...

Tags:

splunk, logs, http, acknowledgement

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
SchemeSchemehttps
  • https
  • http
The scheme for connecting to Splunk.
HostnameHostnamelocalhostThe ip address or hostname of the Splunk server.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector PortPort8088The HTTP Event Collector HTTP Port Number.
Supports Expression Language: true (will be evaluated using variable registry only)
Security ProtocolSecurity ProtocolTLSv1_2
  • TLSv1_2
  • TLSv1_1
  • TLSv1
  • SSLv3
The security protocol to use for communicating with Splunk.
OwnerOwnerThe owner to pass to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector TokenTokenHTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd'
Supports Expression Language: true (will be evaluated using variable registry only)
UsernameUsernameThe username to authenticate to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
PasswordPasswordThe password to authenticate to Splunk.
Sensitive Property: true
Splunk Request Channelrequest-channelIdentifier of the used request channel.
Supports Expression Language: true (will be evaluated using variable registry only)
Maximum Waiting Timettl1 hourThe maximum time the processor tries to acquire acknowledgement confirmation for an index, from the point of registration. After the given amount of time, the processor considers the index as not acknowledged and transfers the FlowFile to the "unacknowledged" relationship.
Maximum Query Sizemax-query-size10000The maximum number of acknowledgement identifiers the outgoing query contains in one batch. It is recommended not to set it too low in order to reduce network communication.

Relationships:

NameDescription
successA FlowFile is transferred to this relationship when the acknowledgement was successful.
unacknowledgedA FlowFile is transferred to this relationship when the acknowledgement was not successful. This can happen when the acknowledgement did not happened within the time period set for Maximum Waiting Time. FlowFiles with acknowledgement id unknown for the Splunk server will be transferred to this relationship after the Maximum Waiting Time is reached.
undeterminedA FlowFile is transferred to this relationship when the acknowledgement state is not determined. FlowFiles transferred to this relationship might be penalized. This happens when Splunk returns with HTTP 200 but with false response for the acknowledgement id in the flow file attribute.
failureA FlowFile is transferred to this relationship when the acknowledgement was not successful due to errors during the communication. FlowFiles are timing out or unknown by the Splunk server will transferred to "undetermined" relationship.

Reads Attributes:

NameDescription
splunk.acknowledgement.idThe indexing acknowledgement id provided by Splunk.
splunk.responded.atThe time of the response of put request for Splunk.

Writes Attributes:

None specified.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

None specified.

See Also:

PutSplunkHTTP