Available as of Camel 2.13
Maven users will need to add the following dependency to their pom.xml for this component:
Streams data to a named index or the default if not specified.
submit mode. Uses Splunk rest api to publish events to a named index or the default if not specified.
tcp mode. Streams data to a tcp port, and requires a open receiver port in Splunk.
When publishing events the message body should contain a SplunkEvent. See comment under message body.
In this example a converter is required to convert to a SplunkEvent class.
Performs normal search and requires a search query in the search option.
Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option.
camel-splunk creates a route exchange per search result with a SplunkEvent in the body.
|scheme||https||Both||Scheme to use as either http or https|
Username for Splunk
Password for Splunk
Timeout in MS when connecting to Splunk server
Use sun.net.www.protocol.https.Handler Https handler to establish the Splunk Connection.
|sslProtocol||TLSv1.2||Both||Camel 2.16: The SSL protocol to use. Can be any of TLSv1.2,TLSv1.1,TLSv1,SSLv3. This is only in use if scheme is https|
Splunk index to write to
Splunk sourcetype arguement
Splunk source arguement
Splunk tcp receiver port when using tcp producer endpoint.
Camel 2.16.0 : Should the body be inserted raw (true/false).
Initial start offset of the first search. Required
Earliest time of the search time window.
Latest time of the search time window.
A number that indicates the maximum number of entities to return.
The Splunk query to run
The name of the query saved in Splunk to run
Camel 2.14.0 : Stream exchanges as they are received from Splunk, rather than returning all of them in one batch. This has the benefit of receiving results faster, as well as requiring less memory as exchanges aren't buffered in the component.
|eventHost||null||Producer||Camel 2.17: Override the default Splunk event host field|
Splunk operates on data in key/value pairs. The SplunkEvent class is a placeholder for such data, and should be in the message body
for the producer. Likewise it will be returned in the body per search result for the consumer.
As of Camel 2.16.0 you can send raw data to Splunk by setting the raw option on the producer endpoint. This is useful for eg. json/xml and other payloads where Splunk has build in support.
Search Twitter for tweets with music and publish events to Splunk
To convert a Tweet to a SplunkEvent you could use a converter like
Search Splunk for tweets
Splunk comes with a variety of options for leveraging machine generated data with prebuilt apps for analyzing and displaying this.
For example the jmx app. could be used to publish jmx attributes, eg. route and jvm metrics to Splunk, and displaying this on a dashboard.