Info |
---|
Note |
This plugin is available for Preview in the Hubno longer available as of July 26, 2024. |
This source reads data source from Splunk Enterprise. The data that should be read is specified using data source and filters for that data source.
Configuration
Property | Macro Enabled? | Description |
---|---|---|
Reference Name | No | Required. Name used to uniquely identify this source for lineage, annotating metadata, etc. |
Data Source URL | Yes | Required. URL to point to the Splunk server. The format for URL: \<protocol>://\<host>:\<port> (ex: https://localhost:8089). |
Authentication Type | No | Required. Authentication method to access Splunk API. Choose from Basic Authentication and Token Authentication. Defaults to Basic Authentication. |
Basic Authentication: Username | Yes | Optional. Login name for authentication to the Splunk API. |
Basic Authentication: Password | Yes | Optional. Password for authentication to the Splunk API. |
Token Authentication: Token | Yes | Optional. The value of token created for authentication to the Splunk API. |
Execution Mode | Yes | Required. Defines the behaviour for the Splunk Search. Valid values: Blocking or Normal. If set to Normal, runs an asynchronous search. If set to Blocking, returns the search id (SID) when the job is complete. Default is Normal. |
Output Format | Yes | Required. Specifies the format for the returned output. Valid values: csv, json, or xml. Default is xml. |
Search String | Yes | Optional. Splunk Search String for retrieving results. Search String or Search Id must be specified. |
Search Id | Yes | Optional. Search Id for retrieving job results. Search String or Search Id must be specified. |
Auto Cancel (seconds) | Yes | Optional. The job automatically cancels after this many seconds of inactivity. 0 means never auto-cancel. Default is 0. |
Earliest Time | Yes | Optional. A time string. Sets the earliest (inclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string. |
Latest Time | Yes | Optional. A time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string. |
Indexed Earliest Time | Yes | Optional. A time string. Sets the earliest (inclusive), respectively, time bounds for the search, based on the index time bounds. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string. |
Indexed Latest Time | Yes | Optional. A time string. Sets the latest (exclusive), respectively, time bounds for the search, based on the index time bounds. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string. |
Search Results Count | Yes | Required. The maximum number of results to return. If value is set to 0, then all available results are returned. Default is 0. |
Connect Timeout (milliseconds) | Yes | Required. The time in milliseconds to wait for a connection. Set to 0 for infinite. Default is 60000. |
Read Timeout (milliseconds) | Yes | Required. The time in milliseconds to wait for a read. Set to 0 for infinite. Default is 60000. |
Number of Retries | Yes | Required. The number of times the request should be retried if the request fails. Default is 3. Maximum time in milliseconds retries can take. Set to 0 for infinite. |
Max Retry Wait (milliseconds) | Yes | Required. Maximum time in milliseconds retries can take. Set to 0 for infinite. Default is 60000 (1 minute). |
Max Retry Jitter Wait (milliseconds) | Yes | Required. Maximum time in milliseconds added to retries. Default is 100. |
Poll Interval (milliseconds) | No | Required. The amount of time to wait between each poll in milliseconds. Default is 60000 (1 minute). |