Sends logs to Splunk Enterprise over TCP, TCP + TLS/SSL, or UDP. If a Message Delimiter is provided, then this processor will read messages from the incoming FlowFile based on the delimiter, and send each message to Splunk. If a Message Delimiter is not provided then the content of the FlowFile will be sent directly to Splunk as if it were a single message.
splunk, logs, tcp, udp
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, and whether a property supports the Expression Language Guide.
|Name||Default Value||Allowable Values||Description|
|Hostname||localhost||The ip address or hostname of the destination.|
|Port||The port on the destination.|
|Max Size of Socket Send Buffer||1 MB||The maximum size of the socket send buffer that should be used. This is a suggestion to the Operating System to indicate how big the socket buffer should be. If this value is set too low, the buffer may fill up before the data can be read, and incoming data will be dropped.|
|Character Set||UTF-8||Specifies the character set of the data being sent.|
|Timeout||10 seconds||The timeout for connecting to and communicating with the destination. Does not apply to UDP|
|Idle Connection Expiration||5 seconds||The amount of time a connection should be held open without being used before closing the connection.|
|The protocol for communication.|
Specifies the delimiter to use for splitting apart multiple messages within a single FlowFile. If not specified, the entire content of the FlowFile will be used as a single message. If specified, the contents of the FlowFile will be split on this delimiter and each section sent as a separate message. Note that if messages are delimited and some messages for a given FlowFile are transferred successfully while others are not, the messages will be split into individual FlowFiles, such that those messages that were successfully sent are routed to the 'success' relationship while other messages are sent to the 'failure' relationship.
Supports Expression Language: true
|SSL Context Service||
Controller Service API:
|The Controller Service to use in order to obtain an SSL Context. If this property is set, messages will be sent over a secure connection.|
|failure||FlowFiles that failed to send to the destination are sent out this relationship.|
|success||FlowFiles that are sent successfully to the destination are sent out this relationship.|