Splunk Output
The Splunk Output step connects to a Splunk server and writes events to a Splunk index.
By default, the step writes events as name/value pairs separated by newline characters. You can also write custom event formats.
Prerequisites
You must have read and write access to a Splunk server. Contact your Splunk administrator for the host name and port.
For more information about Splunk, see the Splunk documentation.
General
Step name: Specify the unique name of the Splunk Output step on the canvas. You can customize the name or leave it as the default.
Connection tab
Use this tab to define the Splunk connection.
Hostname or IP address
Network name or IP address of the Splunk instance (or instances).
Port
Port for the Splunk (splunkd) server. Default is 8089 (your administrator might have changed this).
User name
User name required to access the Splunk server.
Password
Password for the user.
Test connection
Tests the connection using the configured settings.
Event tab
Use this tab to define the event metadata and payload.
Index to write to
Splunk index to write events to (often main). You can parameterize this value using an incoming field (?{<Field>}) or a transformation parameter (${Parameter}).
Host
Host name of the original event source. You can parameterize this value using an incoming field (?{<Field>}) or a transformation parameter (${Parameter}).
Source type
Event source type. For a list of known source types, see List of pretrained source types.
Source
Event source. See Splunk sourcetype.
Custom Splunk event
Select to enable Splunk event data and write a custom payload instead of the default name/value pairs.
Splunk event data
Custom event text. You can parameterize this value using an incoming field (?{<Field>}) or a transformation parameter (${Parameter}).
Metadata injection support
All fields of this step support metadata injection. You can use this step with ETL metadata injection to pass metadata to your transformation at runtime.
Last updated
Was this helpful?