In order to start performing the checks, you can run the plugin from the command line or through the configuration file.
The tag for the Splunk input plugin is set by adding the tag to the end of the request URL by default. This tag is then used to route the event through the system. The default behavior of the splunk input sets the tags for the following endpoints:
The requests for these endpoints are interpreted as
If you want to use the other tags for multiple instantiating input splunk plugin, you have to specify
tagproperty on the each of splunk plugin configurations to prevent collisions of data pipeline.
From the command line you can configure Fluent Bit to handle HTTP HEC requests with the following options:
$ fluent-bit -i splunk -p port=8088 -o stdout
In your main configuration file append the following Input & Output sections: