Stack Overflow
Stack Overflow

Questions tagged [splunk-hec]

8 questions
3
votes
1 answer

No fluent-plugin-splunk-hec plugin found while using splunk/fluentd-hec Docker image

I'm looking for a Docker image of Fluentd with fluent-plugin-splunk-hec plugin to send data to Splunk. I found that some time ago Fluentd provided such an image, but it's discontinued for some/no reason. Fluentd official documentation points at the…
Serhii Rohoza
  • 4,287
  • 2
  • 16
  • 29
3
votes
2 answers

Splunk Cloud HEC endpoint address do not resolve

I have just created a Splunk Cloud trial account. I can access perfectly to console with an URL in the form https://prd-p-naaaa.splunkcloud.com where naaaa is a digit and 4 letters. I have configured an HEC token following the instructions here But…
Sourcerer
  • 1,891
  • 1
  • 19
  • 32
2
votes
2 answers

Splunk query to retrieve value from json log event and get it in a table

I have a log event getting in a json format like this { "level":"level name", "exception":"exception message", "logger":"com.log", "thread":"thread name", "message":"exception message", "properties":{ "id":"1234", …
kenz
  • 112
  • 12
1
vote
2 answers

How to batch the app events with max of 1000 events per second when using Splunk HTTP Event Collector (HEC)

I need to send the batched events to Splunk HTTP Event Collector, say 1000 events per second. Below is the example of 5 log events that are sent to Splunk HEC - % curl…
MichealMills
  • 315
  • 5
  • 15
1
vote
1 answer

Issue in sending python logs to Splunk using splunk_hec_handler

I am using Python logging library to push logs to splunk. This package use HEC method to push logs to splunk. Issue I am facing is that out of many logger statements in my application, I want selectively only few logger statements to splunk not…
Sarvendra Singh
  • 109
  • 1
  • 1
  • 9
0
votes
1 answer

Openshift and Splunk HEC integration for logging

I am able to set up Splunk in OpenShift and install splunk-connect using helm. I did create indexes and enable HEC (HTTP Event Collector) and created a HEC token. Splunk HEC values.yaml is completed with appropriate values. All pods are up and…
user557657
  • 856
  • 1
  • 12
  • 35
0
votes
1 answer

Splunk HEC sourcetype override mapping all events to a single transform

I have got a Splunk instance running as an HEC in Docker. I want to implement sourcetype override on a per-event basis. For that, I've added the props.conf and transforms.conf files under the $SPLUNK_HOME/etc/system/local directory. Definitions for…
Debargha Roy
  • 2,320
  • 1
  • 15
  • 34
0
votes
1 answer

Splunk: Execute the same query on multiple datasources

i have multiple dabatases (>100) with the identic structure. For business-monitoring, i have about 80 queries which check information in the database. Now, i want to execute each of this queries on each of this databases and load the result into…
Thomas
  • 21
  • 4