splunk hec sink Splunk HEC Sink

Provided by: "Apache Software Foundation"

Support Level for this Kamelet is: "Stable"

The Splunk HEC sink allows to send data to Splunk using the HTTP Event Collector.

Configuration Options

The following table summarizes the configuration options available for the splunk-hec-sink Kamelet:

Property Name Description Type Default Example

splunkUrl

Splunk URL

Required The URL of your Splunk server. No need to set the protocol prefix.

string

my_server.splunkcloud.com:8088

token

Token

Required The Token of the HEC. Note it is not the user’s authentication token.

string

bodyOnly

Body Only

Send to Splunk only data contained in the body.

boolean

false

headersOnly

Headers Only

Send to Splunk only data contained in the headers.

boolean

false

hostPayload

Host of the Event

The host field set in the data sent to Splunk, it is not related to the Splunk URL or the connection to Splunk server.

string

https

Secure

Use a secure HTTPS connection.

boolean

true

index

Index

Splunk index to write to.

string

skipTlsVerify

Skip TLS Verification

Skip TLS verification.

boolean

false

source

Source

The source named field of the data.

string

sourceType

Source Type

The source named field of the data.

string

time

Time

Time this even occurred. By default, the time will be when this event hits the splunk server.

string

Dependencies

At runtime, the splunk-hec-sink Kamelet relies upon the presence of the following dependencies:

  • camel:core

  • camel:splunk-hec

  • camel:kamelet

Camel JBang usage

Prerequisites

  • You’ve installed JBang.

  • You have executed the following command:

jbang app install camel@apache/camel

Supposing you have a file named route.yaml with this content:

- route:
    from:
      uri: "kamelet:timer-source"
      parameters:
        period: 10000
        message: 'test'
      steps:
        - to:
            uri: "kamelet:log-sink"

You can now run it directly through the following command

camel run route.yaml

Camel K Environment Usage

This section describes how you can use the splunk-hec-sink.

Knative sink

You can use the splunk-hec-sink Kamelet as a Knative sink by binding it to a Knative object.

splunk-hec-sink-pipe.yaml
apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
  name: splunk-hec-sink-pipe
spec:
  source:
    ref:
      kind: Channel
      apiVersion: messaging.knative.dev/v1
      name: mychannel
  sink:
    ref:
      kind: Kamelet
      apiVersion: camel.apache.org/v1
      name: splunk-hec-sink
    properties:
      splunkUrl: my_server.splunkcloud.com:8088
      token: The Token

Prerequisite

You have Camel K installed on the cluster.

Procedure for using the cluster CLI

  1. Save the splunk-hec-sink-pipe.yaml file to your local drive, and then edit it as needed for your configuration.

  2. Run the sink by using the following command:

    kubectl apply -f splunk-hec-sink-pipe.yaml

Procedure for using the Kamel CLI

Configure and run the sink by using the following command:

kamel bind channel:mychannel -p "sink.splunkUrl=my_server.splunkcloud.com:8088" -p "sink.token=The Token" splunk-hec-sink

This command creates the Kamelet Pipe in the current namespace on the cluster.

Kafka sink

You can use the splunk-hec-sink Kamelet as a Kafka sink by binding it to a Kafka topic.

splunk-hec-sink-pipe.yaml
apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
  name: splunk-hec-sink-pipe
spec:
  source:
    ref:
      kind: KafkaTopic
      apiVersion: kafka.strimzi.io/v1beta1
      name: my-topic
  sink:
    ref:
      kind: Kamelet
      apiVersion: camel.apache.org/v1
      name: splunk-hec-sink
    properties:
      splunkUrl: my_server.splunkcloud.com:8088
      token: The Token

Prerequisites

  • You’ve installed Strimzi.

  • You’ve created a topic named my-topic in the current namespace.

  • You have Camel K installed on the cluster.

Procedure for using the cluster CLI

  1. Save the splunk-hec-sink-pipe.yaml file to your local drive, and then edit it as needed for your configuration.

  2. Run the sink by using the following command:

    kubectl apply -f splunk-hec-sink-pipe.yaml

Procedure for using the Kamel CLI

Configure and run the sink by using the following command:

kamel bind kafka.strimzi.io/v1beta1:KafkaTopic:my-topic -p "sink.splunkUrl=my_server.splunkcloud.com:8088" -p "sink.token=The Token" splunk-hec-sink

This command creates the Kamelet Pipe in the current namespace on the cluster.