Skip to content

Bots From Extension: splunk_v2

Splunk - Read, Write and Update indices in Splunk

This extension provides 4 bots.




Bot @splunkv2:add-to-index

Bot Position In Pipeline: Sink

Add log event records to an index in Splunk

This bot expects a Restricted CFXQL.

Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot

Parameter Name Type Default Value Description
index* Text Index name in Splunk to which the new log event records are to be added
create Text False Source field in input dataset which derives source of the log event. Accepts True/False
upload_type Text HTTP Upload over HTTP or SOCKET. Not supported for Splunk HEC
message_field Text Message field in input dataset. Should be provided if sourcetype is 'raw'
source_field Text source field in input dataset
sourcetype Text json Specify a particular source type. Set 'raw' to send without formatting
host_field Text Host field in input dataset that derives ip address from which log event was generated
batch_size Text 500 Number of messages to send in a batch. Supported for Splunk HEC

Example Pipelines Using this Bot






Bot *splunkv2:list-indexes

Bot Position In Pipeline: Source

List of indexes available in Splunk

This bot expects a Full CFXQL.

Bot applies the Query on the data that is already loaded from previous bot or from a source.






Bot #splunkv2:search-index

Bot Position In Pipeline: Source

Query and filter log event records within an index in Splunk

This bot expects Full CFXQL.

Bot translates the Query to native query of the Data source supported by this extension.






Bot *splunkv2:splunkApps

Bot Position In Pipeline: Source

List of all apps installed in Splunk

This bot expects a Full CFXQL.

Bot applies the Query on the data that is already loaded from previous bot or from a source.