Splunk HEC Sink
Provided by: "Apache Software Foundation"
Support Level for this Kamelet is: "Stable"
The Splunk HEC sink allows to send data to Splunk using the HTTP Event Collector.
Configuration Options
The following table summarizes the configuration options available for the splunk-hec-sink Kamelet:
| Property | Name | Description | Type | Default | Example |
|---|---|---|---|---|---|
Splunk URL | Required The URL of your Splunk server. No need to set the protocol prefix. | string | my_server.splunkcloud.com:8088 | ||
Token | Required The Token of the HEC. Note it is not the user’s authentication token. | string | |||
Body Only | Send to Splunk only data contained in the body. | boolean | false | ||
Headers Only | Send to Splunk only data contained in the headers. | boolean | false | ||
Host of the Event | The host field set in the data sent to Splunk, it is not related to the Splunk URL or the connection to Splunk server. | string | |||
Secure | Use a secure HTTPS connection. | boolean | true | ||
Index | Splunk index to write to. | string | |||
Skip TLS Verification | Skip TLS verification. | boolean | false | ||
Source | The source named field of the data. | string | |||
Source Type | The source named field of the data. | string | |||
Time | Time this even occurred. By default, the time will be when this event hits the splunk server. | string |
Dependencies
At runtime, the splunk-hec-sink Kamelet relies upon the presence of the following dependencies:
-
camel:core
-
camel:splunk-hec
-
camel:kamelet
Camel JBang usage
Prerequisites
-
You’ve installed JBang.
-
You have executed the following command:
jbang app install camel@apache/camelSupposing you have a file named route.yaml with this content:
- route:
from:
uri: "kamelet:timer-source"
parameters:
period: 10000
message: 'test'
steps:
- to:
uri: "kamelet:log-sink"You can now run it directly through the following command
camel run route.yamlCamel K Environment Usage
This section describes how you can use the splunk-hec-sink.
Knative sink
You can use the splunk-hec-sink Kamelet as a Knative sink by binding it to a Knative object.
apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
name: splunk-hec-sink-pipe
spec:
source:
ref:
kind: Channel
apiVersion: messaging.knative.dev/v1
name: mychannel
sink:
ref:
kind: Kamelet
apiVersion: camel.apache.org/v1
name: splunk-hec-sink
properties:
splunkUrl: my_server.splunkcloud.com:8088
token: The TokenPrerequisite
You have Camel K installed on the cluster.
Kafka sink
You can use the splunk-hec-sink Kamelet as a Kafka sink by binding it to a Kafka topic.
apiVersion: camel.apache.org/v1
kind: Pipe
metadata:
name: splunk-hec-sink-pipe
spec:
source:
ref:
kind: KafkaTopic
apiVersion: kafka.strimzi.io/v1beta1
name: my-topic
sink:
ref:
kind: Kamelet
apiVersion: camel.apache.org/v1
name: splunk-hec-sink
properties:
splunkUrl: my_server.splunkcloud.com:8088
token: The TokenPrerequisites
-
You’ve installed Strimzi.
-
You’ve created a topic named
my-topicin the current namespace. -
You have Camel K installed on the cluster.
Procedure for using the cluster CLI
-
Save the
splunk-hec-sink-pipe.yamlfile to your local drive, and then edit it as needed for your configuration. -
Run the sink by using the following command:
kubectl apply -f splunk-hec-sink-pipe.yaml
Procedure for using the Kamel CLI
Configure and run the sink by using the following command:
kamel bind kafka.strimzi.io/v1beta1:KafkaTopic:my-topic -p "sink.splunkUrl=my_server.splunkcloud.com:8088" -p "sink.token=The Token" splunk-hec-sinkThis command creates the Kamelet Pipe in the current namespace on the cluster.