PutSplunkHTTP
Description
Sends flow file content to the specified Splunk server over HTTP or HTTPS. Supports HEC Index Acknowledgement.
Tags
http, logs, splunk
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Scheme * | Scheme | https |
| The scheme for connecting to Splunk. |
| Hostname * | Hostname | localhost | The ip address or hostname of the Splunk server. Supports Expression Language, using Environment variables. | |
| HTTP Event Collector Port * | Port | 8088 | The HTTP Event Collector HTTP Port Number. Supports Expression Language, using Environment variables. | |
| Security Protocol | Security Protocol | TLSv1_2 |
| The security protocol to use for communicating with Splunk. |
| Owner | Owner | The owner to pass to Splunk. Supports Expression Language, using Environment variables. | ||
| HTTP Event Collector Token | Token | HTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd' Supports Expression Language, using Environment variables. | ||
| Username | Username | The username to authenticate to Splunk. Supports Expression Language, using Environment variables. | ||
| Password | Password | The password to authenticate to Splunk. | ||
| Splunk Request Channel * | request-channel | Identifier of the used request channel. Supports Expression Language, using Environment variables. | ||
| Source | source | User-defined event source. Sets a default for all events when unspecified. Supports Expression Language, using FlowFile attributes and Environment variables. | ||
| Source Type | source-type | User-defined event sourcetype. Sets a default for all events when unspecified. Supports Expression Language, using FlowFile attributes and Environment variables. | ||
| Host | host | Specify with the host query string parameter. Sets a default for all events when unspecified. Supports Expression Language, using FlowFile attributes and Environment variables. | ||
| Index | index | Index name. Specify with the index query string parameter. Sets a default for all events when unspecified. Supports Expression Language, using FlowFile attributes and Environment variables. | ||
| Content Type | content-type | The media type of the event sent to Splunk. If not set, "mime.type" flow file attribute will be used. In case of neither of them is specified, this information will not be sent to the server. Supports Expression Language, using FlowFile attributes and Environment variables. | ||
| Character Set * | character-set | UTF-8 | The name of the character set. Supports Expression Language, using FlowFile attributes and Environment variables. |
Dynamic Properties
This component does not support dynamic properties.
Relationships
| Name | Description |
|---|---|
| failure | FlowFiles that failed to send to the destination are sent to this relationship. |
| success | FlowFiles that are sent successfully to the destination are sent to this relationship. |
Reads Attributes
| Name | Description |
|---|---|
| mime.type | Uses as value for HTTP Content-Type header if set. |
Writes Attributes
| Name | Description |
|---|---|
| splunk.acknowledgement.id | The indexing acknowledgement id provided by Splunk. |
| splunk.responded.at | The time of the response of put request for Splunk. |
State Management
This component does not store state.
Restricted
This component is not restricted.
Input Requirement
This component requires an incoming relationship.
System Resource Considerations
| Scope | Description |
|---|---|
| MEMORY | An instance of this component can cause high usage of this system resource. Multiple instances or high concurrency settings may result a degradation of performance. |