Splunk (HEC)
Prerequisites
Splunk Authentication Token and network access to the Splunk indexer.
Creating a Splunk Token
Got to the Settings Menu--> Tokens
Example: Creating a Token within Splunk
Network Requirements
Network access to the Splunk indexer, TCP: 8088 is the default.
Supported Platforms
| Platform | Logs | Metrics | Traces |
|---|---|---|---|
| Linux | ✓ | ||
| Windows | ✓ | ||
| macOS | ✓ |
Configuration Table
| Parameter | Type | Default | Description |
|---|---|---|---|
| token | string | Authentication token used when connecting to the HTTP Event Collector. | |
| index | string | Optional name of the Splunk index targeted. | |
| hostname | string | localhost | Hostname or IP address of the HTTP Event Collector. |
| port | int | 8088 | TCP port to which the exporter is going to send data. |
| path | string | /services/collector/event | The HTTP API path to which the exporter is going to send data. |
| max_request_size | int | 2097152 | The maximum size (in bytes) of a request sent to the destination. A value of 0 will send unbounded requests. The maximum allowed value is 838860800 (~800MB). |
| max_event_size | int | 2097152 | The maximum size (in bytes) of an individual event. Events larger than this will be dropped. The maximum allowed value is 838860800 (~800MB). |
| enable_compression | bool | true | Compress telemetry data using gzip before sending. |
| enable_tls | bool | false | Whether or not to use TLS. |
| insecure_skip_verify | bool | false | Enable to skip TLS certificate verification. |
| ca_file | string | Certificate authority that is used to validate TLS certificates. |
Configuration
Example: Splunk Destination configuration
Supported Retry and Queuing Settings
This destination supports the following retry and queuing settings:
| Sending Queue | Persistent Queue | Retry on Failure |
|---|---|---|
| ✓ | ✓ | ✓ |