Info |
---|
This page is no longer maintained (Jul 12, 2023). For the most current information, go to Splunk Writer. |
On this Page
Table of Contents | ||||
---|---|---|---|---|
|
Snap type: | Write | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Description: | This Snap writes data to a given Splunk index.
| |||||||||||||
Prerequisites: | [None] | |||||||||||||
Support and limitations: | Ultra pipelines: Works in Ultra Pipelines.Spark mode: Not supported in /wiki/spaces/SD/pages/1437917 modeTask Pipelines. | |||||||||||||
Account: | This Snap uses account references created on the Accounts page of SnapLogic Manager to handle access to this endpoint. The Snap requires a Splunk basic auth account. | |||||||||||||
Views: |
| |||||||||||||
Settings | ||||||||||||||
Label | Required. The name for the Snap. You can modify this to be more specific, especially if you have more than one of the same Snap in your pipeline. | |||||||||||||
Splunk index | Required. A repository for data in Splunk Enterprise. When Splunk Enterprise indexes raw event data, it transforms the data into searchable events. You may select one from the suggested list. If the "=" button is pressed, it can be an expression evaluated with pipeline parameters. Example: main Default value: [None] | |||||||||||||
host | Specify the host argument of the event. For more information refer to Splexicon: Host, and host. Default value: [None] | |||||||||||||
host_regex | Specify the host_regex argument of the event. For more information refer to host_regex. Default value: [None] | |||||||||||||
source | Specify the host_regex argument of the event. For more information refer to Splexicon: Source. Default value: [None] | |||||||||||||
sourcetype | Specify the host_regex argument of the event. For more information refer to sourcetype and Splexicon: Source type. Default value: [None] | |||||||||||||
|
|
Examples
In the Splunk Writer Snap below, the "test_index" is selected from the suggested list of indexes.
The following image shows the preview of Multi File Reader Snap output view. Please note that there are two binary data with "content-type" and "content-location" values. These two files are read from a SFTP server.
The following image is the preview of Splunk Search Snap with a search query "search index=test_index | head 3" and a time setting of "last 1 minute". The Splunk Search Snap is executed immediately after the execution of the above pipeline. Please note this preview shows three events of the "lsof.log" file uploaded in the above pipeline, which correspond to three rows in the log file.
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|