Splunk Streaming Source

This plugin is no longer available as of July 26, 2024.

This source reads data source from Splunk Enterprise. The data that should be read is specified using data source and filters for that data source.

Configuration

Property

Macro Enabled?

Description

Property

Macro Enabled?

Description

Reference Name

No

Required. Name used to uniquely identify this source for lineage, annotating metadata, etc.

Data Source URL

Yes

Required. URL to point to the Splunk server. The format for URL: \<protocol>://\<host>:\<port> (ex: https://localhost:8089).

Authentication Type

No

Required. Authentication method to access Splunk API. Choose from Basic Authentication and Token Authentication.

Defaults to Basic Authentication.

Basic Authentication: Username

Yes

Optional. Login name for authentication to the Splunk API.

Basic Authentication: Password

Yes

Optional. Password for authentication to the Splunk API.

Token Authentication: Token

Yes

Optional. The value of token created for authentication to the Splunk API.

Execution Mode

Yes

Required. Defines the behaviour for the Splunk Search. Valid values: Blocking or Normal.

If set to Normal, runs an asynchronous search.

If set to Blocking, returns the search id (SID) when the job is complete.

Default is Normal.

Output Format

Yes

Required. Specifies the format for the returned output. Valid values: csv, json, or xml.

Default is xml.

Search String

Yes

Optional. Splunk Search String for retrieving results.

Search String or Search Id must be specified.

Search Id

Yes

Optional. Search Id for retrieving job results.

Search String or Search Id must be specified.

Auto Cancel (seconds)

Yes

Optional. The job automatically cancels after this many seconds of inactivity. 0 means never auto-cancel. 

Default is 0.

Earliest Time

Yes

Optional. A time string. Sets the earliest (inclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string.

Latest Time

Yes

Optional. A time string. Sets the latest (exclusive), respectively, time bounds for the search. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string.

Indexed Earliest Time

Yes

Optional. A time string. Sets the earliest (inclusive), respectively, time bounds for the search, based on the index time bounds. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string.

Indexed Latest Time

Yes

Optional. A time string. Sets the latest (exclusive), respectively, time bounds for the search, based on the index time bounds. The time string can be either a UTC time (with fractional seconds), a relative time specifier (to now) or a formatted time string. Refer to Time modifiers for search for information and examples of specifying a time string.

Search Results Count

Yes

Required. The maximum number of results to return. If value is set to 0, then all available results are returned. 

Default is 0.

Connect Timeout (milliseconds)

Yes

Required. The time in milliseconds to wait for a connection. Set to 0 for infinite. 

Default is 60000.

Read Timeout (milliseconds)

Yes

Required. The time in milliseconds to wait for a read. Set to 0 for infinite. 

Default is 60000.

Number of Retries

Yes

Required. The number of times the request should be retried if the request fails. 

Default is 3. Maximum time in milliseconds retries can take. Set to 0 for infinite. 

Max Retry Wait (milliseconds)

Yes

Required. Maximum time in milliseconds retries can take. Set to 0 for infinite. 

Default is 60000 (1 minute).

Max Retry Jitter Wait (milliseconds)

Yes

Required. Maximum time in milliseconds added to retries.

Default is 100.

Poll Interval (milliseconds)

No

Required. The amount of time to wait between each poll in milliseconds. 

Default is 60000 (1 minute).



Created in 2020 by Google Inc.