Description:
Retrieves data from Splunk Enterprise.
Tags:
get, splunk, logs
Properties:
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property is considered “sensitive”, meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.
Name | Default Value | Allowable Values | Description |
Scheme | https |
* https * http |
The scheme for connecting to Splunk. |
Hostname | localhost | The ip address or hostname of the Splunk server. | |
Port | 8089 | The port of the Splunk server. | |
Query | search * | head 100 | The query to execute. Typically beginning with a <search> command followed by a search clause, such as <search source="tcp:7689"> to search for messages received on TCP port 7689. | |
Time Field Strategy | Event Time |
* Event Time * Index Time |
Indicates whether to search by the time attached to the event, or by the time the event was indexed in Splunk. |
Time Range Strategy | Provided |
* Managed from Beginning * Managed from Current * Provided |
Indicates how to apply time ranges to each execution of the query. Selecting a managed option allows the processor to apply a time range from the last execution time to the current execution time. When using <Managed from Beginning>, an earliest time will not be applied on the first execution, and thus all records searched. When using <Managed from Current> the earliest time of the first execution will be the initial execution time. When using <Provided>, the time range will come from the Earliest Time and Latest Time properties, or no time range will be applied if these properties are left blank. |
Earliest Time | The value to use for the earliest time when querying. Only used with a Time Range Strategy of Provided. See Splunk's documentation on Search Time Modifiers for guidance in populating this field. | ||
Latest Time | The value to use for the latest time when querying. Only used with a Time Range Strategy of Provided. See Splunk's documentation on Search Time Modifiers for guidance in populating this field. | ||
Time Zone | UTC |
* Etc/GMT+12 * Etc/GMT+11 * Pacific/Midway * Pacific/Niue * Pacific/Pago_Pago * Pacific/Samoa * US/Samoa * America/Adak * America/Atka * Etc/GMT+10 * HST * Pacific/Honolulu * Pacific/Johnston * Pacific/Rarotonga * Pacific/Tahiti * SystemV/HST10 * US/Aleutian * US/Hawaii * Pacific/Marquesas * AST * America/Anchorage * America/Juneau * America/Nome * America/Sitka * America/Yakutat * Etc/GMT+9 * Pacific/Gambier * SystemV/YST9 * SystemV/YST9YDT * US/Alaska * America/Dawson * America/Ensenada * America/Los_Angeles * America/Metlakatla * America/Santa_Isabel * America/Tijuana * America/Vancouver * America/Whitehorse * Canada/Pacific * Canada/Yukon * Etc/GMT+8 * Mexico/BajaNorte * PST * PST8PDT * Pacific/Pitcairn * SystemV/PST8 * SystemV/PST8PDT * US/Pacific * US/Pacific-New * America/Boise * America/Cambridge_Bay * America/Chihuahua * America/Creston * America/Dawson_Creek * America/Denver * America/Edmonton * America/Hermosillo * America/Inuvik * America/Mazatlan * America/Ojinaga * America/Phoenix * America/Shiprock * America/Yellowknife * Canada/Mountain * Etc/GMT+7 * MST * MST7MDT * Mexico/BajaSur * Navajo * PNT * SystemV/MST7 * SystemV/MST7MDT * US/Arizona * US/Mountain * America/Bahia_Banderas * America/Belize * America/Cancun * America/Chicago * America/Costa_Rica * America/El_Salvador * America/Guatemala * America/Indiana/Knox * America/Indiana/Tell_City * America/Knox_IN * America/Managua * America/Matamoros * America/Menominee * America/Merida * America/Mexico_City * America/Monterrey * America/North_Dakota/Beulah * America/North_Dakota/Center * America/North_Dakota/New_Salem * America/Rainy_River * America/Rankin_Inlet * America/Regina * America/Resolute * America/Swift_Current * America/Tegucigalpa * America/Winnipeg * CST * CST6CDT * Canada/Central * Canada/East-Saskatchewan * Canada/Saskatchewan * Chile/EasterIsland * Etc/GMT+6 * Mexico/General * Pacific/Easter * Pacific/Galapagos * SystemV/CST6 * SystemV/CST6CDT * US/Central * US/Indiana-Starke * America/Atikokan * America/Bogota * America/Cayman * America/Coral_Harbour * America/Detroit * America/Eirunepe * America/Fort_Wayne * America/Grand_Turk * America/Guayaquil * America/Havana * America/Indiana/Indianapolis * America/Indiana/Marengo * America/Indiana/Petersburg * America/Indiana/Vevay * America/Indiana/Vincennes * America/Indiana/Winamac * America/Indianapolis * America/Iqaluit * America/Jamaica * America/Kentucky/Louisville * America/Kentucky/Monticello * America/Lima * America/Louisville * America/Montreal * America/Nassau * America/New_York * America/Nipigon * America/Panama * America/Pangnirtung * America/Port-au-Prince * America/Porto_Acre * America/Rio_Branco * America/Thunder_Bay * America/Toronto * Brazil/Acre * Canada/Eastern * Cuba * EST * EST5EDT * Etc/GMT+5 * IET * Jamaica * SystemV/EST5 * SystemV/EST5EDT * US/East-Indiana * US/Eastern * US/Michigan * America/Caracas * America/Anguilla * America/Antigua * America/Aruba * America/Asuncion * America/Barbados * America/Blanc-Sablon * America/Boa_Vista * America/Campo_Grande * America/Cuiaba * America/Curacao * America/Dominica * America/Glace_Bay * America/Goose_Bay * America/Grenada * America/Guadeloupe * America/Guyana * America/Halifax * America/Kralendijk * America/La_Paz * America/Lower_Princes * America/Manaus * America/Marigot * America/Martinique * America/Moncton * America/Montserrat * America/Port_of_Spain * America/Porto_Velho * America/Puerto_Rico * America/Santiago * America/Santo_Domingo * America/St_Barthelemy * America/St_Kitts * America/St_Lucia * America/St_Thomas * America/St_Vincent * America/Thule * America/Tortola * America/Virgin * Antarctica/Palmer * Atlantic/Bermuda * Brazil/West * Canada/Atlantic * Chile/Continental * Etc/GMT+4 * PRT * SystemV/AST4 * SystemV/AST4ADT * America/St_Johns * CNT * Canada/Newfoundland * AGT * America/Araguaina * America/Argentina/Buenos_Aires * America/Argentina/Catamarca * America/Argentina/ComodRivadavia * America/Argentina/Cordoba * America/Argentina/Jujuy * America/Argentina/La_Rioja * America/Argentina/Mendoza * America/Argentina/Rio_Gallegos * America/Argentina/Salta * America/Argentina/San_Juan * America/Argentina/San_Luis * America/Argentina/Tucuman * America/Argentina/Ushuaia * America/Bahia * America/Belem * America/Buenos_Aires * America/Catamarca * America/Cayenne * America/Cordoba * America/Fortaleza * America/Godthab * America/Jujuy * America/Maceio * America/Mendoza * America/Miquelon * America/Montevideo * America/Paramaribo * America/Recife * America/Rosario * America/Santarem * America/Sao_Paulo * Antarctica/Rothera * Atlantic/Stanley * BET * Brazil/East * Etc/GMT+3 * America/Noronha * Atlantic/South_Georgia * Brazil/DeNoronha * Etc/GMT+2 * America/Scoresbysund * Atlantic/Azores * Atlantic/Cape_Verde * Etc/GMT+1 * Africa/Abidjan * Africa/Accra * Africa/Bamako * Africa/Banjul * Africa/Bissau * Africa/Casablanca * Africa/Conakry * Africa/Dakar * Africa/El_Aaiun * Africa/Freetown * Africa/Lome * Africa/Monrovia * Africa/Nouakchott * Africa/Ouagadougou * Africa/Sao_Tome * Africa/Timbuktu * America/Danmarkshavn * Atlantic/Canary * Atlantic/Faeroe * Atlantic/Faroe * Atlantic/Madeira * Atlantic/Reykjavik * Atlantic/St_Helena * Eire * Etc/GMT * Etc/GMT+0 * Etc/GMT-0 * Etc/GMT0 * Etc/Greenwich * Etc/UCT * Etc/UTC * Etc/Universal * Etc/Zulu * Europe/Belfast * Europe/Dublin * Europe/Guernsey * Europe/Isle_of_Man * Europe/Jersey * Europe/Lisbon * Europe/London * GB * GB-Eire * GMT * GMT0 * Greenwich * Iceland * Portugal * UCT * UTC * Universal * WET * Zulu * Africa/Algiers * Africa/Bangui * Africa/Brazzaville * Africa/Ceuta * Africa/Douala * Africa/Kinshasa * Africa/Lagos * Africa/Libreville * Africa/Luanda * Africa/Malabo * Africa/Ndjamena * Africa/Niamey * Africa/Porto-Novo * Africa/Tunis * Africa/Windhoek * Arctic/Longyearbyen * Atlantic/Jan_Mayen * CET * ECT * Etc/GMT-1 * Europe/Amsterdam * Europe/Andorra * Europe/Belgrade * Europe/Berlin * Europe/Bratislava * Europe/Brussels * Europe/Budapest * Europe/Busingen * Europe/Copenhagen * Europe/Gibraltar * Europe/Ljubljana * Europe/Luxembourg * Europe/Madrid * Europe/Malta * Europe/Monaco * Europe/Oslo * Europe/Paris * Europe/Podgorica * Europe/Prague * Europe/Rome * Europe/San_Marino * Europe/Sarajevo * Europe/Skopje * Europe/Stockholm * Europe/Tirane * Europe/Vaduz * Europe/Vatican * Europe/Vienna * Europe/Warsaw * Europe/Zagreb * Europe/Zurich * MET * Poland * ART * Africa/Blantyre * Africa/Bujumbura * Africa/Cairo * Africa/Gaborone * Africa/Harare * Africa/Johannesburg * Africa/Kigali * Africa/Lubumbashi * Africa/Lusaka * Africa/Maputo * Africa/Maseru * Africa/Mbabane * Africa/Tripoli * Asia/Beirut * Asia/Damascus * Asia/Gaza * Asia/Hebron * Asia/Istanbul * Asia/Jerusalem * Asia/Nicosia * Asia/Tel_Aviv * CAT * EET * Egypt * Etc/GMT-2 * Europe/Athens * Europe/Bucharest * Europe/Chisinau * Europe/Helsinki * Europe/Istanbul * Europe/Kiev * Europe/Mariehamn * Europe/Nicosia * Europe/Riga * Europe/Simferopol * Europe/Sofia * Europe/Tallinn * Europe/Tiraspol * Europe/Uzhgorod * Europe/Vilnius * Europe/Zaporozhye * Israel * Libya * Turkey * Africa/Addis_Ababa * Africa/Asmara * Africa/Asmera * Africa/Dar_es_Salaam * Africa/Djibouti * Africa/Juba * Africa/Kampala * Africa/Khartoum * Africa/Mogadishu * Africa/Nairobi * Antarctica/Syowa * Asia/Aden * Asia/Amman * Asia/Baghdad * Asia/Bahrain * Asia/Kuwait * Asia/Qatar * Asia/Riyadh * EAT * Etc/GMT-3 * Europe/Kaliningrad * Europe/Minsk * Indian/Antananarivo * Indian/Comoro * Indian/Mayotte * Asia/Riyadh87 * Asia/Riyadh88 * Asia/Riyadh89 * Mideast/Riyadh87 * Mideast/Riyadh88 * Mideast/Riyadh89 * Asia/Tehran * Iran * Asia/Baku * Asia/Dubai * Asia/Muscat * Asia/Tbilisi * Asia/Yerevan * Etc/GMT-4 * Europe/Moscow * Europe/Samara * Europe/Volgograd * Indian/Mahe * Indian/Mauritius * Indian/Reunion * NET * W-SU * Asia/Kabul * Antarctica/Mawson * Asia/Aqtau * Asia/Aqtobe * Asia/Ashgabat * Asia/Ashkhabad * Asia/Dushanbe * Asia/Karachi * Asia/Oral * Asia/Samarkand * Asia/Tashkent * Etc/GMT-5 * Indian/Kerguelen * Indian/Maldives * PLT * Asia/Calcutta * Asia/Colombo * Asia/Kolkata * IST * Asia/Kathmandu * Asia/Katmandu * Antarctica/Vostok * Asia/Almaty * Asia/Bishkek * Asia/Dacca * Asia/Dhaka * Asia/Qyzylorda * Asia/Thimbu * Asia/Thimphu * Asia/Yekaterinburg * BST * Etc/GMT-6 * Indian/Chagos * Asia/Rangoon * Indian/Cocos * Antarctica/Davis * Asia/Bangkok * Asia/Ho_Chi_Minh * Asia/Hovd * Asia/Jakarta * Asia/Novokuznetsk * Asia/Novosibirsk * Asia/Omsk * Asia/Phnom_Penh * Asia/Pontianak * Asia/Saigon * Asia/Vientiane * Etc/GMT-7 * Indian/Christmas * VST * Antarctica/Casey * Asia/Brunei * Asia/Choibalsan * Asia/Chongqing * Asia/Chungking * Asia/Harbin * Asia/Hong_Kong * Asia/Kashgar * Asia/Krasnoyarsk * Asia/Kuala_Lumpur * Asia/Kuching * Asia/Macao * Asia/Macau * Asia/Makassar * Asia/Manila * Asia/Shanghai * Asia/Singapore * Asia/Taipei * Asia/Ujung_Pandang * Asia/Ulaanbaatar * Asia/Ulan_Bator * Asia/Urumqi * Australia/Perth * Australia/West * CTT * Etc/GMT-8 * Hongkong * PRC * Singapore * Australia/Eucla * Asia/Dili * Asia/Irkutsk * Asia/Jayapura * Asia/Pyongyang * Asia/Seoul * Asia/Tokyo * Etc/GMT-9 * JST * Japan * Pacific/Palau * ROK * ACT * Australia/Adelaide * Australia/Broken_Hill * Australia/Darwin * Australia/North * Australia/South * Australia/Yancowinna * AET * Antarctica/DumontDUrville * Asia/Khandyga * Asia/Yakutsk * Australia/ACT * Australia/Brisbane * Australia/Canberra * Australia/Currie * Australia/Hobart * Australia/Lindeman * Australia/Melbourne * Australia/NSW * Australia/Queensland * Australia/Sydney * Australia/Tasmania * Australia/Victoria * Etc/GMT-10 * Pacific/Chuuk * Pacific/Guam * Pacific/Port_Moresby * Pacific/Saipan * Pacific/Truk * Pacific/Yap * Australia/LHI * Australia/Lord_Howe * Antarctica/Macquarie * Asia/Sakhalin * Asia/Ust-Nera * Asia/Vladivostok * Etc/GMT-11 * Pacific/Efate * Pacific/Guadalcanal * Pacific/Kosrae * Pacific/Noumea * Pacific/Pohnpei * Pacific/Ponape * SST * Pacific/Norfolk * Antarctica/McMurdo * Antarctica/South_Pole * Asia/Anadyr * Asia/Kamchatka * Asia/Magadan * Etc/GMT-12 * Kwajalein * NST * NZ * Pacific/Auckland * Pacific/Fiji * Pacific/Funafuti * Pacific/Kwajalein * Pacific/Majuro * Pacific/Nauru * Pacific/Tarawa * Pacific/Wake * Pacific/Wallis * NZ-CHAT * Pacific/Chatham * Etc/GMT-13 * MIT * Pacific/Apia * Pacific/Enderbury * Pacific/Fakaofo * Pacific/Tongatapu * Etc/GMT-14 * Pacific/Kiritimati |
The Time Zone to use for formatting dates when performing a search. Only used with Managed time strategies. |
Application | The Splunk Application to query. | ||
Owner | The owner to pass to Splunk. | ||
Token | The token to pass to Splunk. | ||
Username | The username to authenticate to Splunk. | ||
Password |
The password to authenticate to Splunk. Sensitive Property: true |
||
Security Protocol | TLSv1_2 |
* TLSv1_2 * TLSv1_1 * TLSv1 * SSLv3 |
The security protocol to use for communicating with Splunk. |
Output Mode | JSON |
* ATOM * CSV * JSON * JSON_COLS * JSON_ROWS * RAW * XML |
The output mode for the results. |
Relationships:
Name | Description |
success | Results retrieved from Splunk are sent out this relationship. |
Reads Attributes:
None specified.
Writes Attributes:
Name | Description |
splunk.query | The query that performed to produce the FlowFile. |
splunk.earliest.time | The value of the earliest time that was used when performing the query. |
splunk.latest.time | The value of the latest time that was used when performing the query. |