Event tab

In this tab, you can define the following event properties and options, as described in the table below.

Option

Description

Index to write to

Specifies the Splunk index where the events are stored. Usually, this is the main index. Check your Splunk server for a list of available indices. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).

Host

Indicates the hostname of the original event host. If you want to gather data from a router and write it to Splunk, use the router's host name. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).

Source type

Indicates the format type of the event data. The list of known source types appears here. To define a new format, follow these instructions.

Source

Indicates the source of the event data. See Splunk documentation for more details.

Custom Splunk event

If checked, enables the Splunk Event Data option and allows you to customize the data coming into Splunk. This is useful if you want to write a different format than the default, which is name value pairs separated by newline characters.

Splunk Event Data

Allows you to specify customized event text. This field can be a parameter with incoming fields (?{<Field>}) or transformation parameters (${Parameter}).

PreviousConnection tab NextMetadata injection support

Last updated 23 days ago

Was this helpful?