QuerySplunkIndexingStatus
Description
Queries Splunk server in order to acquire the status of indexing acknowledgement.
Tags
acknowledgement, http, logs, splunk
Properties
In the list below required Properties are shown with an asterisk (*). Other properties are considered optional. The table also indicates any default values, and whether a property supports the NiFi Expression Language.
| Display Name | API Name | Default Value | Allowable Values | Description |
|---|---|---|---|---|
| Scheme * | Scheme | https |
| The scheme for connecting to Splunk. |
| Hostname * | Hostname | localhost | The ip address or hostname of the Splunk server. Supports Expression Language, using Environment variables. | |
| HTTP Event Collector Port * | Port | 8088 | The HTTP Event Collector HTTP Port Number. Supports Expression Language, using Environment variables. | |
| Security Protocol | Security Protocol | TLSv1_2 |
| The security protocol to use for communicating with Splunk. |
| Owner | Owner | The owner to pass to Splunk. Supports Expression Language, using Environment variables. | ||
| HTTP Event Collector Token | Token | HTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd' Supports Expression Language, using Environment variables. | ||
| Username | Username | The username to authenticate to Splunk. Supports Expression Language, using Environment variables. | ||
| Password | Password | The password to authenticate to Splunk. | ||
| Splunk Request Channel * | request-channel | Identifier of the used request channel. Supports Expression Language, using Environment variables. | ||
| Maximum Waiting Time * | ttl | 1 hour | The maximum time the processor tries to acquire acknowledgement confirmation for an index, from the point of registration. After the given amount of time, the processor considers the index as not acknowledged and transfers the FlowFile to the "unacknowledged" relationship. | |
| Maximum Query Size * | max-query-size | 10000 | The maximum number of acknowledgement identifiers the outgoing query contains in one batch. It is recommended not to set it too low in order to reduce network communication. |
Dynamic Properties
This component does not support dynamic properties.
Relationships
| Name | Description |
|---|---|
| failure | A FlowFile is transferred to this relationship when the acknowledgement was not successful due to errors during the communication. FlowFiles are timing out or unknown by the Splunk server will transferred to "undetermined" relationship. |
| success | A FlowFile is transferred to this relationship when the acknowledgement was successful. |
| unacknowledged | A FlowFile is transferred to this relationship when the acknowledgement was not successful. This can happen when the acknowledgement did not happened within the time period set for Maximum Waiting Time. FlowFiles with acknowledgement id unknown for the Splunk server will be transferred to this relationship after the Maximum Waiting Time is reached. |
| undetermined | A FlowFile is transferred to this relationship when the acknowledgement state is not determined. FlowFiles transferred to this relationship might be penalized. This happens when Splunk returns with HTTP 200 but with false response for the acknowledgement id in the flow file attribute. |
Reads Attributes
| Name | Description |
|---|---|
| splunk.acknowledgement.id | The indexing acknowledgement id provided by Splunk. |
| splunk.responded.at | The time of the response of put request for Splunk. |
Writes Attributes
This processor does not write attributes.
State Management
This component does not store state.
Restricted
This component is not restricted.
Input Requirement
This component requires an incoming relationship.
System Resource Considerations
This component does not specify system resource considerations.