fluent-plugin-splunkhec, a plugin for Fluentd
Splunk HTTP Event Collector output plugin.
Output data from any Fluent input plugin to the Splunk HTTP Event Collector (Splunk HEC).
The Splunk HEC is running on a Heavy Forwarder or single instance. More info about the Splunk HEC architecture in a distributed environment can be found in the Splunk Docs
<match splunkhec>
@type splunkhec
host splunk.bluefactory.nl
protocol https
port 8080
token BAB747F3-744E-41BA
</source>
The host where the Splunk HEC is listening (Heavy Forwarder or Single Instance).
The protocol on which the Splunk HEC is listening. If you are going to use HTTPS make sure you use a signed certificate. Weak certificates are a work in progress.
The port on which the Splunk HEC is listening.
Every Splunk HEC requires a token to recieve data. You must configure this insite Splunk Splunk HEC docs. Put the token here.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
- Add support for weak certificates
- Add support for custom index, source and sourcetype fields
Copyright (c) 2016 Coen Meerbeek. See LICENSE for details.