Output events to a Splunk HTTP Event Collector endpoint (Splunk HEC).
| Field | Type | Required | Description |
|---|
batch | Batch | | Batching input events together. |
retry | Retry | | How to retry this operation. |
url | url (string) | ✅ | The URL of the Splunk HEC instance (example: https://127.0.0.1:8088/services/collector/event). |
insecure | boolean (bool) | | Ignore TLS certificate validation errors (This is not recommended). |
Collector Options
| Field | Type | Required | Description |
|---|
hec-token | splunk_hec_output:hec-token | ✅ | Specify a value to use for the HEC Token or set it using an event field. |
metrics | boolean (bool) | | Send a metrics formatted payload to the HEC endpoint. |
event-field | event-field (string) | | If specified, the field’s contents will be submitted as the event payload to the endpoint. |
time-field | event-field (string) | | Use the specified field for the timestamp of the endpoint. This should be in Unix epoch format. |
index | splunk_hec_output:index | | Specify a value to use for the Splunk index or set it using an event field. |
host | splunk_hec_output:host | | Specify a value to use for the Splunk host or set it using an event field. |
source | splunk_hec_output:source | | Specify a value to use for the Splunk source or set it using an event field. |
sourcetype | splunk_hec_output:sourcetype | | Specify a value to use for the Splunk sourcetype or set it using an event field. |
remove | boolean (bool) | | Consume (remove) fields from the event payload before submitting to the endpoint. Applicable to time-field, host-field, source-field, sourcetype-field, index-field and hec-token-field. |
| Field | Type | Required | Description |
|---|
fixed-size | integer | | maximum number of events in an output batch. |
mode | symbol | ✅ | If ‘document’ send on end of document generated by input. If ‘fixed’, use fixed_size. |
timeout | string | ✅ | interval after which the batch is sent, to keep throughput going (default 100ms). |
header | string | | put a header line before the batch. |
footer | string | | put a header line after the last line of the batch. |
use-document-marker | bool | | Enrich the job metadata with a document marker (for document handling in batch mode). |
wrap-as-json | bool | | Format the output batch as a JSON array. |
| Field | Type | Required | Description |
|---|
count | integer | | How to retry? Either forever or for a limited number of times. |
pause | string | | How long to pause before re-trying. |
