Destino Splunk HTTP Event Collector (HEC)

Este producto no es compatible con el sitio Datadog seleccionado. ().

Utiliza el destino Splunk HTTP Event Collector (HEC) de Observability Pipelines para enviar logs a Splunk HEC.

Configuración

Configura el destino Splunk HEC y sus variables de entorno cuando configures un pipeline. La siguiente información se configura en la interfaz de usuario del pipeline.

Configurar el destino

Observability Pipelines compresses logs with the gzip (level 6) algorithm.

The following fields are optional:

  1. Enter the name of the Splunk index you want your data in. This has to be an allowed index for your HEC. See template syntax if you want to route logs to different indexes based on specific fields in your logs.
  2. Select whether the timestamp should be auto-extracted. If set to true, Splunk extracts the timestamp from the message with the expected format of yyyy-mm-dd hh:mm:ss.
  3. Optionally, set the sourcetype to override Splunk’s default value, which is httpevent for HEC data. See template syntax if you want to route logs to different source types based on specific fields in your logs.
  4. Optionally, toggle the switch to enable Buffering Options.
    Note: Buffering options is in Preview. Contact your account manager to request access.
    • If left disabled, the maximum size for buffering is 500 events.
    • If enabled:
      1. Select the buffer type you want to set (Memory or Disk).
      2. Enter the buffer size and select the unit.

Configurar las variables de entorno

  • Splunk HEC token:
    • The Splunk HEC token for the Splunk indexer. Note: Depending on your shell and environment, you may not want to wrap your environment variable in quotes.
    • Stored in the environment variable DD_OP_DESTINATION_SPLUNK_HEC_TOKEN.
  • Base URL of the Splunk instance:
    • The Splunk HTTP Event Collector endpoint your Observability Pipelines Worker sends processed logs to. For example, https://hec.splunkcloud.com:8088.
      Note: /services/collector/event path is automatically appended to the endpoint.
    • Stored in the environment variable DD_OP_DESTINATION_SPLUNK_HEC_ENDPOINT_URL.

Cómo funciona el destino

Procesamiento de eventos por lotes

Un lote de eventos se descarga cuando se cumple uno de estos parámetros. Consulta procesamiento de eventos por lotes para obtener más información.

Eventos máximosBytes máximosTiempo de espera (segundos)
Ninguno1,000,0001