![]() When data_type is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. The port number for the HEC token or the HEC load balancer. ![]() The hostname/IP for the HEC token or the HEC load balancer. This is the protocol to use for calling the HEC API. Parameters for splunk_hec protocol (enum) (optional) Only one type either splunk_hec or splunk_ingest_api is expected to be used when configuring this plugin. Type of plugin value must be set to splunk_hec when using HEC API and to splunk_ingest_api when using the ingest API. You can use the section to customize the dimensions. You should change the configuration to splunk_hecĪll other properties of the input (in this example, "app"), will be sent as dimensions of the metric. send all events to the awesome index, and.Example 3: Overwrite HEC defaults splunk_hec The debug_http flag indicates whether the user wants to print debug logs to stdout. This configuration shows how to use service_client_identifier, service_client_secret_key to get token from token_endpoint and send events to ingest_api_host for the tenant ingest_api_tenant at the endpoint ingest_api_events_endpoint. This example shows the configuration to be used for sending events to ingest API. Ingest_api_events_endpoint //ingest/v1beta2/events Example 2: SCS Ingest Configuration example splunk_ingest_api ![]() And the host of each event is the hostname of the machine which running fluentd. It will use whatever index, source, sourcetype are configured in HEC. This example is very basic, it just tells the plugin to send events to Splunk HEC on (https is the default protocol), using the HEC token 00000000-0000-0000-0000-000000000000. fluent-plugin-splunk-hecįluentd output plugin to send events and metrics to Splunk in 2 modes:ġ) Via Splunk's HEC (HTTP Event Collector) APIĢ) Via the Splunk Cloud Services (SCS) Ingest API Installation RubyGems $ gem install fluent-plugin-splunk-hecĪdd following line to your Gemfile: gem " fluent-plugin-splunk-hec "Įxample 1: Minimum HEC Configuration splunk_hec Until then, only critical security fixes and bug fixes will be provided. After that date, this repository will no longer receive updates from Splunk and will no longer be supported by Splunk. Important: The fluent-plugin-splunk-hec will reach End of Support on January 1, 2024.
0 Comments
Leave a Reply. |