Splunk HEC Sink
Provided by: "Apache Software Foundation"
Support Level for this Kamelet is: "Stable"
The Splunk HEC sink allows to send data to Splunk using the HTTP Event Collector.
Configuration Options
The following table summarizes the configuration options available for the splunk-hec-sink
Kamelet:
Property | Name | Description | Type | Default | Example |
---|---|---|---|---|---|
Splunk URL | Required The URL of your Splunk server. No need to set the protocol prefix. | string | my_server.splunkcloud.com:8088 | ||
Token | Required The Token of the HEC. Note it is not the user’s authentication token. | string | |||
Body Only | Send to Splunk only data contained in the body. | boolean | false | ||
Headers Only | Send to Splunk only data contained in the headers. | boolean | false | ||
Host of the Event | The host field set in the data sent to Splunk, it is not related to the Splunk URL or the connection to Splunk server. | string | |||
Secure | Use a secure HTTPS connection. | boolean | true | ||
Index | Splunk index to write to. | string | |||
Skip TLS Verification | Skip TLS verification. | boolean | false | ||
Source | The source named field of the data. | string | |||
Source Type | The source named field of the data. | string | |||
Time | Time this event occurred. By default, the time is when this event hits the Splunk server. | string |
Dependencies
At runtime, the splunk-hec-sink
Kamelet relies upon the presence of the following dependencies:
-
camel:core
-
camel:splunk-hec
-
camel:kamelet
Camel JBang usage
Prerequisites
-
You’ve installed JBang.
-
You have executed the following command:
jbang app install camel@apache/camel
Supposing you have a file named route.yaml with this content:
- route:
from:
uri: "kamelet:timer-source"
parameters:
period: 10000
message: 'test'
steps:
- to:
uri: "kamelet:splunk-hec-sink"
You can now run it directly through the following command
camel run route.yaml
Splunk HEC Sink Kamelet Description
Splunk HTTP Event Collector
This Kamelet integrates with Splunk’s HTTP Event Collector (HEC), which provides a fast and efficient way to send data to Splunk over HTTP/HTTPS connections.
High-Performance Data Ingestion
HEC is designed for high-volume data ingestion, supporting:
-
High throughput data streaming
-
Batch and real-time data ingestion
-
Efficient HTTP-based protocol
-
Load balancing across multiple Splunk indexers
Event Formatting
Supports Splunk event formatting with configurable:
-
Source and source type settings
-
Index targeting
-
Host identification
-
Custom field extraction
-
Timestamp handling