PutSplunkHTTP

Description:

Sends flow file content to the specified Splunk server over HTTP or HTTPS. Supports HEC Index Acknowledgement.

Additional Details...

Tags:

splunk, logs, http

Properties:

In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.

Display NameAPI NameDefault ValueAllowable ValuesDescription
SchemeSchemehttps
  • https
  • http
The scheme for connecting to Splunk.
HostnameHostnamelocalhostThe ip address or hostname of the Splunk server.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector PortPort8088The HTTP Event Collector HTTP Port Number.
Supports Expression Language: true (will be evaluated using variable registry only)
Security ProtocolSecurity ProtocolTLSv1_2
  • TLSv1_2
  • TLSv1_1
  • TLSv1
  • SSLv3
The security protocol to use for communicating with Splunk.
OwnerOwnerThe owner to pass to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
HTTP Event Collector TokenTokenHTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd'
Supports Expression Language: true (will be evaluated using variable registry only)
UsernameUsernameThe username to authenticate to Splunk.
Supports Expression Language: true (will be evaluated using variable registry only)
PasswordPasswordThe password to authenticate to Splunk.
Sensitive Property: true
Splunk Request Channelrequest-channelIdentifier of the used request channel.
Supports Expression Language: true (will be evaluated using variable registry only)
SourcesourceUser-defined event source. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
Source Typesource-typeUser-defined event sourcetype. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
HosthostSpecify with the host query string parameter. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
IndexindexIndex name. Specify with the index query string parameter. Sets a default for all events when unspecified.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
Content Typecontent-typeThe media type of the event sent to Splunk. If not set, "mime.type" flow file attribute will be used. In case of neither of them is specified, this information will not be sent to the server.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)
Character Setcharacter-setUTF-8The name of the character set.
Supports Expression Language: true (will be evaluated using flow file attributes and variable registry)

Relationships:

NameDescription
successFlowFiles that are sent successfully to the destination are sent to this relationship.
failureFlowFiles that failed to send to the destination are sent to this relationship.

Reads Attributes:

NameDescription
mime.typeUses as value for HTTP Content-Type header if set.

Writes Attributes:

NameDescription
splunk.acknowledgement.idThe indexing acknowledgement id provided by Splunk.
splunk.responded.atThe time of the response of put request for Splunk.

State management:

This component does not store state.

Restricted:

This component is not restricted.

Input requirement:

This component requires an incoming relationship.

System Resource Considerations:

ResourceDescription
MEMORYAn instance of this component can cause high usage of this system resource. Multiple instances or high concurrency settings may result a degradation of performance.

See Also:

QuerySplunkIndexingStatus