Splunk output plugin allows to ingest your records into a Splunk Enterprise service through the HTTP Event Collector (HEC) interface.

To get more details about how to setup the HEC in Splunk please refer to the following documentation: Splunk / Use the HTTP Event Collector

Configuration Parameters

Key Description default
Host IP address or hostname of the target Splunk service.
Port TCP port of the target Splunk service. 8088
Splunk_Token Specify the Authentication Token for the HTTP Event Collector interface.
Splunk_Send_Raw If enabled, record keys and values are set in the main map. Off
HTTP_User Optional username for Basic Authentication on HEC
HTTP_Passwd Password for user defined in HTTP_User


Splunk output plugin supports TTL/SSL, for more details about the properties available and general configuration, please refer to the TLS/SSL section.

Getting Started

In order to insert records into a Splunk service, you can run the plugin from the command line or through the configuration file:

Command Line

The splunk plugin, can read the parameters from the command line in two ways, through the -p argument (property), e.g:

$ fluent-bit -i cpu -t cpu -o splunk -p host= -p port=8088 \
  -p tls=on -p tls.verify=off -m '*'

Configuration File

In your main configuration file append the following Input & Output sections:

    Name  cpu
    Tag   cpu

    Name        splunk
    Match       *
    Port        8088
    TLS         On
    TLS.Verify  Off
    Message_Key my_key

results matching ""

    No results matching ""