Splunk output plugin allows to ingest your records into a Splunk Enterprise service through the HTTP Event Collector (HEC) interface.
To get more details about how to setup the HEC in Splunk please refer to the following documentation: Splunk / Use the HTTP Event Collector
|Host||IP address or hostname of the target Splunk service.||127.0.0.1|
|Port||TCP port of the target Splunk service.||8088|
|Splunk_Token||Specify the Authentication Token for the HTTP Event Collector interface.|
|Splunk_Send_Raw||If enabled, record keys and values are set in the main map.||Off|
|HTTP_User||Optional username for Basic Authentication on HEC|
|HTTP_Passwd||Password for user defined in HTTP_User|
TLS / SSL
Splunk output plugin supports TTL/SSL, for more details about the properties available and general configuration, please refer to the TLS/SSL section.
In order to insert records into a Splunk service, you can run the plugin from the command line or through the configuration file:
The splunk plugin, can read the parameters from the command line in two ways, through the -p argument (property), e.g:
$ fluent-bit -i cpu -t cpu -o splunk -p host=127.0.0.1 -p port=8088 \ -p tls=on -p tls.verify=off -m '*'
In your main configuration file append the following Input & Output sections:
[INPUT] Name cpu Tag cpu [OUTPUT] Name splunk Match * Host 127.0.0.1 Port 8088 TLS On TLS.Verify Off Message_Key my_key