• Home
• org.apache.nifi
• nifi-splunk-processors
• 1.27.0
• source code
• additionalDetails.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

docs.org.apache.nifi.processors.splunk.PutSplunkHTTP.additionalDetails.html Maven / Gradle / Ivy

    
    
    



PutSplunkHTTP


    This processor serves as a counterpart for PutSplunk processor. While the later solves communication using TCP and
    UDP protocols, PutSplunkHTTP aims to send events into Splunk via HTTP or HTTPS. In this fashion, this processor
    shows similarities with GetSplunk processor and the properties relevant to the connection with Splunk server are
    identical. There are however some aspects unique for this processor:


Content details


    PutSplunkHTTP allows the user to specify some metadata about the event being sent to the Splunk. These include: the
    "Character Set" and the "Content Type" of the flow file content, using the matching properties. If the incoming
    flow file has "mime.type" attribute, the processor will use it, unless the "Content Type" property is set, in which
    case the property will override the flow file attribute.


Event parameters


    The "Source", "Source Type", "Host" and "Index" properties are optional and will be set by Splunk if unspecified. If set,
    the default values will be overwritten by user specified ones. For more details about the Splunk API, please visit
    this documentation.


Acknowledgements


    HTTP Event Collector (HEC) in Splunk provides the possibility of index acknowledgement, which can be used to monitor
    the indexing status of the individual events. PutSplunkHTTP supports this feature by enriching the outgoing flow file
    with the necessary information, making it possible for a later processor to poll the status based on. The necessary
    information for this is stored within flow file attributes "splunk.acknowledgement.id" and "splunk.responded.at".



    For further steps of acknowledgement handling in NiFi side, please refer to QuerySplunkIndexingStatus processor. For more
    details about the index acknowledgement, please visit this documentation.


Error information


    For more refined processing, flow files are enriched with additional information if possible. The information is stored
    in the flow file attribute "splunk.status.code" or "splunk.response.code", depending on the success of the processing.
    The attribute "splunk.status.code" is always filled when the Splunk API call is executed and contains the HTTP status code
    of the response. In case the flow file transferred into "failure" relationship, the "splunk.response.code" might be
    also filled, based on the Splunk response code.