Splunk Output0
The Splunk Output transformation step enables you to connect to a Splunk server and write events to a Splunk index. By default, the step writes events as name value pairs separated by newline characters, but can also write arbitrary formats by customizing event data. You must have write access to a Splunk server before you use the Splunk Output step. To learn more about Splunk see their online documentation.
Option |
Definition |
---|---|
Step name |
Name of the step as it appears in the transformation workspace. |
Host name(s) or IP address(es) |
Specifies the network name or address of the Splunk instance or instances. |
Port |
Indicates the port number of the Splunk (splunkd) server. The default value is 8089, but your administrator may have changed the port number. |
Username |
Specifies the username required to access the Splunk server. |
Password |
Indicates the password associated with the Username. |
Index to write to |
Specifies the Splunk index where the events are stored. Usually, this is the main index. Check your Splunk server for a list of available indices. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |
Event host |
Indicates the hostname of the original event host. If you want to gather data from a router and write it to Splunk, use the router's host name. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |
Event source type |
Indicates the format type of the event data. The list of known source types appears here. To define a new format, follow these instructions. |
Event source |
Indicates the source of the event data. See Splunk documentationfor more details. |
Customize Splunk event |
If checked, enables the Splunk Event Data option and allows you to customize the data coming into Splunk. This is useful if you want to write a different format than the default, which is name value pairs separated by newline characters. |
Splunk event data |
Allows you to specify customized event text. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}). |