Bots From Extension: splunk_v2
Splunk - Read, Write and Update indices in Splunk
This extension provides 4 bots.
Bot @splunkv2:add-to-index
Bot Position In Pipeline: Sink
Add log event records to an index in Splunk
This bot expects a Restricted CFXQL.
Each parameter may be specified using '=' operator and AND logical operation
Following are the parameters expected for this Bot
| Parameter Name | Type | Default Value | Description |
|---|---|---|---|
| index* | Text | Index name in Splunk to which the new log event records are to be added | |
| create | Text | False | Source field in input dataset which derives source of the log event. Accepts True/False |
| upload_type | Text | HTTP | Upload over HTTP or SOCKET |
| message_field | Text | Message field in input dataset. Should be provided if sourcetype is 'raw' | |
| source_field | Text | source field in input dataset | |
| sourcetype | Text | _json | Specify a particular source type. Set 'raw' to send without formatting |
| host_field | Text | Host field in input dataset which derives ip address from which log event was generated |
Example Pipelines Using this Bot
- li-filebeat-events-to-prod-env
- li-http-events-to-prod-env
- li-tcp-syslog-events-to-prod-env
- li-udp-syslog-events-to-prod-env
- li-windows-events-to-prod-env
Bot *splunkv2:list-indexes
Bot Position In Pipeline: Source
List of indexes available in Splunk
This bot expects a Full CFXQL.
Bot applies the Query on the data that is already loaded from previous bot or from a source.
Bot #splunkv2:search-index
Bot Position In Pipeline: Source
Query and filter log event records within an index in Splunk
This bot expects Full CFXQL.
Bot translates the Query to native query of the Data source supported by this extension.
Bot *splunkv2:splunkApps
Bot Position In Pipeline: Source
List of all apps installed in Splunk
This bot expects a Full CFXQL.
Bot applies the Query on the data that is already loaded from previous bot or from a source.