camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Preben Asmussen (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache Camel > Splunk
Date Mon, 14 Oct 2013 13:39:00 GMT
<html>
<head>
    <base href="https://cwiki.apache.org/confluence">
            <link rel="stylesheet" href="/confluence/s/en/2176/1/1/_/styles/combined.css?spaceKey=CAMEL&amp;forWysiwyg=true"
type="text/css">
    </head>
<body style="background: white;" bgcolor="white" class="email-body">
<div id="pageContent">
<div id="notificationFormat">
<div class="wiki-content">
<div class="email">
    <h2><a href="https://cwiki.apache.org/confluence/display/CAMEL/Splunk">Splunk</a></h2>
    <h4>Page <b>edited</b> by             <a href="https://cwiki.apache.org/confluence/display/~preben">Preben
Asmussen</a>
    </h4>
        <br/>
                         <h4>Changes (4)</h4>
                                 
    
<div id="page-diffs">
                    <table class="diff" cellpadding="0" cellspacing="0">
    
            <tr><td class="diff-snipped" >...<br></td></tr>
            <tr><td class="diff-unchanged" >| tcp       | tcp mode. Requires a
open receiver port in Splunk.| <br> <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">When
publishing events the message body should contain a SplunkEvent.  <br> <br></td></tr>
            <tr><td class="diff-unchanged" >*Example* <br>{code} <br></td></tr>
            <tr><td class="diff-changed-lines" ><span class="diff-deleted-words"style="color:#999;background-color:#fdd;text-decoration:line-through;">from(&quot;direct:start&quot;).to(&quot;splunk://submit?username=user&amp;password=123&amp;index=myindex&amp;sourceType=someSourceType&amp;source=mySource&quot;)...</span>
<span class="diff-added-words"style="background-color: #dfd;">from(&quot;direct:start&quot;).convertBodyTo(SplunkEvent.class).to(&quot;splunk://submit?username=user&amp;password=123&amp;index=myindex&amp;sourceType=someSourceType&amp;source=mySource&quot;)...</span>
<br></td></tr>
            <tr><td class="diff-unchanged" >{code} <br></td></tr>
            <tr><td class="diff-added-lines" style="background-color: #dfd;">In
this example a converter is required to convert to a SplunkEvent class.  <br></td></tr>
            <tr><td class="diff-unchanged" > <br></td></tr>
            <tr><td class="diff-deleted-lines" style="color:#999;background-color:#fdd;text-decoration:line-through;">When
publishing events the message body should contain a SplunkEvent. <br> <br></td></tr>
            <tr><td class="diff-unchanged" >h3. Consumer Endpoints:  <br>
<br></td></tr>
            <tr><td class="diff-snipped" >...<br></td></tr>
    
            </table>
    </div>                            <h4>Full Content</h4>
                    <div class="notificationGreySide">
        <h2><a name="Splunk-SplunkComponent"></a>Splunk Component</h2>

<p><b>Available as of Camel 2.13</b></p>

<p>The Splunk component provides access to <a href="http://splunk.com" class="external-link"
rel="nofollow">Splunk</a> using the Splunk provided <a href="https://github.com/splunk/splunk-sdk-java"
class="external-link" rel="nofollow">client</a> api, and it enables you to publish
and search for events in Splunk.</p>

<p>Maven users will need to add the following dependency to their pom.xml for this component:</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Default; brush: java; gutter: false" style="font-size:12px; font-family:
ConfluenceInstalledFont,monospace;">
	&lt;dependency&gt;
    	&lt;groupId&gt;org.apache.camel&lt;/groupId&gt;
    	&lt;artifactId&gt;camel-splunk&lt;/artifactId&gt;
    	&lt;version&gt;${camel-version}&lt;/version&gt;
	&lt;/dependency&gt;
</pre>
</div></div>

<h3><a name="Splunk-URIformat"></a>URI format </h3>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Default; brush: java; gutter: false" style="font-size:12px; font-family:
ConfluenceInstalledFont,monospace;">
  splunk://[endpoint]?[options]
</pre>
</div></div>

<h3><a name="Splunk-ProducerEndpoints%3A"></a>Producer Endpoints: </h3>

<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Endpoint </th>
<th class='confluenceTh'> Description</th>
</tr>
<tr>
<td class='confluenceTd'> stream    </td>
<td class='confluenceTd'> streaming mode. When using stream mode be aware of that Splunk
has some internal buffer (about 1MB or so) before events gets to the index. If you need realtime
better use submit or tcp mode.  </td>
</tr>
<tr>
<td class='confluenceTd'> submit    </td>
<td class='confluenceTd'> submit mode.      </td>
</tr>
<tr>
<td class='confluenceTd'> tcp       </td>
<td class='confluenceTd'> tcp mode. Requires a open receiver port in Splunk.</td>
</tr>
</tbody></table>
</div>


<p>When publishing events the message body should contain a SplunkEvent. </p>

<p><b>Example</b></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Default; brush: java; gutter: false" style="font-size:12px; font-family:
ConfluenceInstalledFont,monospace;">
	from("direct:start").convertBodyTo(SplunkEvent.class).to("splunk://submit?username=user&amp;password=123&amp;index=myindex&amp;sourceType=someSourceType&amp;source=mySource")...
</pre>
</div></div>
<p>In this example a converter is required to convert to a SplunkEvent class. </p>

<h3><a name="Splunk-ConsumerEndpoints%3A"></a>Consumer Endpoints: </h3>

<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Endpoint </th>
<th class='confluenceTh'> Description</th>
</tr>
<tr>
<td class='confluenceTd'>normal     </td>
<td class='confluenceTd'> Performs normal search and requires a search query in the
search option.</td>
</tr>
<tr>
<td class='confluenceTd'>realtime   </td>
<td class='confluenceTd'> Performs realtime search in Splunk and requires a search query
in the search option.</td>
</tr>
<tr>
<td class='confluenceTd'>savedsearch</td>
<td class='confluenceTd'> Performs search based on a search query saved in splunk and
requires the name of the query in the savedSearch option.</td>
</tr>
</tbody></table>
</div>


<p><b>Example</b></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent panelContent">
<pre class="theme: Default; brush: java; gutter: false" style="font-size:12px; font-family:
ConfluenceInstalledFont,monospace;">
	from("splunk://normal?delay=5s&amp;username=user&amp;password=123&amp;initEarliestTime=-10s&amp;search=search
index=myindex sourcetype=someSourcetype").to("direct:search-result");
</pre>
</div></div>

<p>camel-splunk creates a route exchange per search result with a SplunkEvent in the
body. </p>

<h3><a name="Splunk-URIOptions"></a>URI Options</h3>
<div class='table-wrap'>
<table class='confluenceTable'><tbody>
<tr>
<th class='confluenceTh'> Name </th>
<th class='confluenceTh'> Default Value </th>
<th class='confluenceTh'> Context </th>
<th class='confluenceTh'> Description </th>
</tr>
<tr>
<td class='confluenceTd'>host </td>
<td class='confluenceTd'> localhost </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Splunk host.</td>
</tr>
<tr>
<td class='confluenceTd'>port </td>
<td class='confluenceTd'> 8089 </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Splunk port</td>
</tr>
<tr>
<td class='confluenceTd'> username </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Username for Splunk</td>
</tr>
<tr>
<td class='confluenceTd'> password </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Password for Splunk</td>
</tr>
<tr>
<td class='confluenceTd'> connectionTimeout </td>
<td class='confluenceTd'> 5000 </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Timeout in MS when connecting to Splunk server</td>
</tr>
<tr>
<td class='confluenceTd'> useSunHttpsHandler </td>
<td class='confluenceTd'> false </td>
<td class='confluenceTd'> Both </td>
<td class='confluenceTd'> Use sun.net.www.protocol.https.Handler Https hanlder to establish
the Splunk Connection. Can be useful when running in application servers to avoid app. server
https handling.</td>
</tr>
<tr>
<td class='confluenceTd'> index </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Producer </td>
<td class='confluenceTd'> Splunk index to write to</td>
</tr>
<tr>
<td class='confluenceTd'> sourceType </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Producer </td>
<td class='confluenceTd'> Splunk SourceType arguement</td>
</tr>
<tr>
<td class='confluenceTd'> source </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Producer </td>
<td class='confluenceTd'> Splunk Source arguement</td>
</tr>
<tr>
<td class='confluenceTd'> tcpReceiverPort </td>
<td class='confluenceTd'> 0 </td>
<td class='confluenceTd'> Producer </td>
<td class='confluenceTd'> Splunk tcp reciever port when using tcp producer endpoint.</td>
</tr>
<tr>
<td class='confluenceTd'> initEarliestTime </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> Initial start offset of the first search. Required</td>
</tr>
<tr>
<td class='confluenceTd'> earliestTime </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> Earliest time of the search time window.</td>
</tr>
<tr>
<td class='confluenceTd'> latestTime </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> Latest time of the search time window.</td>
</tr>
<tr>
<td class='confluenceTd'> count </td>
<td class='confluenceTd'> 0 </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> A number that indicates the maximum number of entities to
return. Note this is not the same as maxMessagesPerPoll which currently is unsupported</td>
</tr>
<tr>
<td class='confluenceTd'> search </td>
<td class='confluenceTd'>null </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> The Splunk query to run</td>
</tr>
<tr>
<td class='confluenceTd'> savedSearch </td>
<td class='confluenceTd'> null </td>
<td class='confluenceTd'> Consumer </td>
<td class='confluenceTd'> The name of the query saved in Splunk to run</td>
</tr>
</tbody></table>
</div>

    </div>
        <div id="commentsSection" class="wiki-content pageSection">
        <div style="float: right;" class="grey">
                        <a href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=CAMEL">Stop
watching space</a>
            <span style="padding: 0px 5px;">|</span>
                <a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action">Change
email notification preferences</a>
</div>
        <a href="https://cwiki.apache.org/confluence/display/CAMEL/Splunk">View Online</a>
        |
        <a href="https://cwiki.apache.org/confluence/pages/diffpagesbyversion.action?pageId=34836117&revisedVersion=8&originalVersion=7">View
Changes</a>
            </div>
</div>
</div>
</div>
</div>
</body>
</html>

Mime
View raw message