# Splunk Output The Splunk Output step connects to a Splunk server and writes events to a Splunk index. By default, the step writes events as name/value pairs separated by newline characters. You can also write custom event formats. ### Prerequisites You must have read and write access to a Splunk server. Contact your Splunk administrator for the host name and port. For more information about Splunk, see the [Splunk documentation](http://docs.splunk.com/Documentation). ### General ![Splunk Output](/files/YgzWi8Ivg65mzsdf0nho) * **Step name**: Specify the unique name of the Splunk Output step on the canvas. You can customize the name or leave it as the default. ### Connection tab Use this tab to define the Splunk connection. | Option | Description | | -------------------------- | ------------------------------------------------------------------------------------------------------- | | **Hostname or IP address** | Network name or IP address of the Splunk instance (or instances). | | **Port** | Port for the Splunk (`splunkd`) server. Default is `8089` (your administrator might have changed this). | | **User name** | User name required to access the Splunk server. | | **Password** | Password for the user. | | **Test connection** | Tests the connection using the configured settings. | ### Event tab ![Event tab in Splunk Output](/files/d7s0FhDPJRTjSwjpLLWc) Use this tab to define the event metadata and payload. | Option | Description | | ----------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Index to write to** | Splunk index to write events to (often `main`). You can parameterize this value using an incoming field (`?{}`) or a transformation parameter (`${Parameter}`). | | **Host** | Host name of the original event source. You can parameterize this value using an incoming field (`?{}`) or a transformation parameter (`${Parameter}`). | | **Source type** | Event source type. For a list of known source types, see [List of pretrained source types](http://docs.splunk.com/Documentation/Splunk/5.0.2/Data/Listofpretrainedsourcetypes). | | **Source** | Event source. See [Splunk sourcetype](http://docs.splunk.com/Splexicon:Sourcetype). | | **Custom Splunk event** | Select to enable **Splunk event data** and write a custom payload instead of the default name/value pairs. | | **Splunk event data** | Custom event text. You can parameterize this value using an incoming field (`?{}`) or a transformation parameter (`${Parameter}`). | ### Metadata injection support All fields of this step support metadata injection. You can use this step with [ETL metadata injection](/pdia-data-integration/pdi-transformation-steps-reference-overview/etl-metadata-injection.md) to pass metadata to your transformation at runtime. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pentaho.com/pdia-data-integration/pdi-transformation-steps-reference-overview/splunk-output.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.