Splunk
The splunk input plugin handles Splunk HTTP HEC requests.
Configuration Parameters
Key
Description
default
listen
The address to listen on
0.0.0.0
port
The port for Fluent Bit to listen on
9880
tag_key
Specify the key name to overwrite a tag. If set, the tag will be overwritten by a value of the key.
buffer_max_size
Specify the maximum buffer size in KB to receive a JSON message.
4M
buffer_chunk_size
This sets the chunk size for incoming incoming JSON messages. These chunks are then stored/managed in the space available by buffer_max_size.
512K
successful_response_code
It allows to set successful response code. 200
, 201
and 204
are supported.
201
splunk_token
Specify a Splunk token for HTTP HEC authentication. If multiple tokens are specified (with commas and no spaces), usage will be divided across each of the tokens.
store_token_in_metadata
Store Splunk HEC tokens in the Fluent Bit metadata. If set false, they will be stored as normal key-value pairs in the record data.
true
splunk_token_key
Use the specified key for storing the Splunk token for HTTP HEC. This is only effective when store_token_in_metadata
is false.
@splunk_token
Getting Started
In order to start performing the checks, you can run the plugin from the command line or through the configuration file.
How to set tag
The tag for the Splunk input plugin is set by adding the tag to the end of the request URL by default. This tag is then used to route the event through the system. The default behavior of the splunk input sets the tags for the following endpoints:
/services/collector
/services/collector/event
/services/collector/raw
The requests for these endpoints are interpreted as services_collector
, services_collector_event
, and services_collector_raw
.
If you want to use the other tags for multiple instantiating input splunk plugin, you have to specify tag
property on the each of splunk plugin configurations to prevent collisions of data pipeline.
Command Line
From the command line you can configure Fluent Bit to handle HTTP HEC requests with the following options:
Configuration File
In your main configuration file append the following Input & Output sections:
Last updated