Splunk

To get more details about how to setup the HEC in Splunk please refer to the following documentation: Splunk / Use the HTTP Event Collector

Splunk output plugin supports TTL/SSL, for more details about the properties available and general configuration, please refer to the section.

Getting Started

The splunk plugin, can read the parameters from the command line in two ways, through the -p argument (property), e.g:

In your main configuration file append the following Input & Output sections:

If you would like to customize any of the Splunk event metadata, such as the host or target index, you can set in the plugin configuration, and add the metadata as keys/values in the record. Note: with enabled, you are responsible for creating and populating the section of the payload.

For example, to add a custom index and hostname:

For more information on the Splunk HEC payload format and all event meatadata Splunk accepts, see here: