Sends logs to Splunk Enterprise over TCP, TCP + TLS/SSL, or UDP. If a Message Delimiter is provided, then this processor will read messages from the incoming FlowFile based on the delimiter, and send each message to Splunk. If a Message Delimiter is not provided then the content of the FlowFile will be sent directly to Splunk as if it were a single message.


splunk, logs, tcp, udp


In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the Expression Language Guide.

Name Default Value Allowable Values Description
Hostname localhost The ip address or hostname of the destination.
Port The port on the destination.
Max Size of Socket Send Buffer 1 MB The maximum size of the socket send buffer that should be used. This is a suggestion to the Operating System to indicate how big the socket buffer should be. If this value is set too low, the buffer may fill up before the data can be read, and incoming data will be dropped.
Character Set UTF-8 Specifies the character set of the data being sent.
Timeout 10 seconds The timeout for connecting to and communicating with the destination. Does not apply to UDP
Idle Connection Expiration 5 seconds The amount of time a connection should be held open without being used before closing the connection.
Protocol TCP * TCP
The protocol for communication.
Message Delimiter Specifies the delimiter to use for splitting apart multiple messages within a single FlowFile. If not specified, the entire content of the FlowFile will be used as a single message. If specified, the contents of the FlowFile will be split on this delimiter and each section sent as a separate message. Note that if messages are delimited and some messages for a given FlowFile are transferred successfully while others are not, the messages will be split into individual FlowFiles, such that those messages that were successfully sent are routed to the 'success' relationship while other messages are sent to the 'failure' relationship.
Supports Expression Language: true
SSL Context Service Controller Service API:
The Controller Service to use in order to obtain an SSL Context. If this property is set, messages will be sent over a secure connection.


Name Description
failure FlowFiles that failed to send to the destination are sent out this relationship.
success FlowFiles that are sent successfully to the destination are sent out this relationship.

Reads Attributes:

None specified.

Writes Attributes:

None specified.