This Apache Camel component can be used to publish and query events in Splunk.
see http://www.splunk.com
- navigate to root directory and run mvn clean install
splunk://[endpoint]?[options]
Endpoint |
Description |
stream |
Splunk stream mode. |
submit |
Splunk submit mode. |
tcp |
Splunk tcp mode. Requires a open receiver port in Splunk. |
Endpoint |
Description |
normal |
Performs normal search and requires a search query in the search option. |
realtime |
Performs realtime search in Splunk and requires a search query in the search option. |
savedsearch |
Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. |
Name |
Default value |
Context |
Description |
host |
localhost |
Shared |
The Splunk host. |
port |
8089 |
Shared |
Splunk port |
username |
null |
Shared |
Splunk username |
password |
null |
Shared |
Splunk password |
connectionTimeout |
5000 |
Shared |
Timeout when connecting to Splunk server |
index |
null |
Producer |
Splunk index to write to |
sourceType |
null |
Producer |
Splunk SourceType arguement |
source |
null |
Producer |
Splunk Source arguement |
tcpRecieverPort |
0 |
Producer |
Splunk tcp reciever port when using tcp connection |
initEarliestTime |
null |
Consumer |
Initial start offset of the first search. Required |
earliestTime |
null |
Consumer |
Earliest time of the time window. |
latestTime |
null |
Consumer |
Latest time of the time window |
count |
0 |
Consumer |
A number that indicates the maximum number of entities to return. Note this is not the same as maxMessagesPerPoll which currently is unsupported |
fieldList |
null |
Consumer |
Comma separated list of fields to return |
search |
null |
Consumer |
The Splunk query to run |
from("direct:start")
.to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource");
from("splunk://realtime?delay=5s&username=user&password=123&initEarliestTime=rt-10s&search=search index=myindex sourcetype=someSourcetype")
.to("direct:search-result");