Splunk Output0

Step name

Name of the step as it appears in the transformation workspace.

Host name(s) or IP address(es)

Specifies the network name or address of the Splunk instance or instances.

Port

Indicates the port number of the Splunk (splunkd) server. The default value is 8089, but your administrator may have changed the port number.

Username

Specifies the username required to access the Splunk server.

Password

Indicates the password associated with the Username.

Index to write to

Specifies the Splunk index where the events are stored. Usually, this is the main index. Check your Splunk server for a list of available indices. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).

Event host

Indicates the hostname of the original event host. If you want to gather data from a router and write it to Splunk, use the router's host name. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).

Event source type

Indicates the format type of the event data. The list of known source types appears here. To define a new format, follow these instructions.

Event source

Indicates the source of the event data. See Splunk documentationfor more details.

Customize Splunk event

If checked, enables the Splunk Event Data option and allows you to customize the data coming into Splunk. This is useful if you want to write a different format than the default, which is name value pairs separated by newline characters.

Splunk event data

Allows you to specify customized event text. This field can be parameterized with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).