/splunk-helm-chart

Splunk HEC helm chart

Primary LanguageSmartyApache License 2.0Apache-2.0

splunk-helm-chart

Primarily designed for use as a stateless HTTP Event Collector (HEC)

splunk-apps/

Currently this forces on rfc5424-syslog app in splunk-apps/ folder. I'd like to figure out a better, more dyanmic way of including user-provided app tgzs.

+1 thanks to rfc5424-syslog built by David Millis and their use of ccBY3.0 license

Until then, if you'd like to use both the included rfc5424-syslog app and apps directly from splunkbase, your values.yml will end up overriding the default apps_locations, so you'll need to include "/tmp/apps/rfc5424-syslog_11.tgz". Your values will look something like this:

splunk:
  defaultYml:
    splunk:
      apps_locations:
        - "/tmp/apps/rfc5424-syslog_11.tgz"
        - https://splunkbase.splunk.com/app/978/release/1.1/download

curl for testing locally

#!/usr/bin/env bash

case "$1" in
http)
  curl -k "http://splunk.127.0.0.1.xip.io:8080/services/collector/event" \
    -H "Authorization: Splunk b51a8063-8316-4433-8963-a9af78afce17" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'
  ;;

https)
  curl -k "https://splunk.127.0.0.1.xip.io:4443/services/collector/event" \
    -H "Authorization: Splunk b51a8063-8316-4433-8963-a9af78afce17" \
    -d '{"event": "Hello, world!", "sourcetype": "manual"}'
  ;;
esac