- Configuration and Testing
- Component Configurations
- Process Message Based on Property
- Validate Input
- Error handling configuration
- Connection Configuration
- Event Configuration
- Add Metadata
- HTTP Authorization Token
- Channel Identifier
- Batch Events
- SSL Configurations
- Threadpool Configuration
- Component Configurations
- Functional Demonstration
The Splunk Event Collector microservice sends application events to a Splunk deployment using HTTP or HTTPS (Secure HTTP) protocols. It generates tokens for Authentication enabling the HTTP client to send data to the SplunkEventCollector in a specific format, thereby eliminating an intermediate microservice to send application events.
Configuration and Testing
The following attributes can be configured in the Component Configuration panel as shown below.
Figure 1: Component Configuration properties
Process Message Based on Property
The property helps components to skip certain messages from processing.
If this attribute is enabled, the service tries to validate the input received. If disabled, service will not validate the input. For more details, refer Validate Input section under Interaction Configurations in Common Configurations page.
Error handling configuration
The remedial actions to be taken when a particular error occurs can be configured using this attribute.
Click the ellipsis button against this property to configure Error Handling properties for different types of Errors. By default, the options Log to error logs, Stop service and Send to error port are enabled.
Refer the Error Handling section in Common Configurations for detailed information.
Figure 2: Connection Configuration
The name or address of the machine on which Splunk server runs.
The port on which the above server runs.
Click the Event Configuration ellipsis button to provide Event Configuration values.
Figure 3: Event Configuration
This returns a list of source, source types, or hosts from a specified index or distributed search peer.
Enable this option to configure the following properties that appear.
This identifies the index in which the event is located.
The source of an event is the name of the file, stream, or other input from which the event originates.
The source type of an event is the format of the data input from which it originates
. The source type determines how your data is to be formatted.
An event host value is typically the hostname, IP address, or fully qualified domain name of the network host from which the event originated.
HTTP Authorization Token
The Event Collector Token.
Creating an HTTP Token
To send all events received by the component as raw events.
Send request in batched events.
Number of events in a batch.
Click the SSL Configurations ellipsis button to launch the editor to set SSL configurations.
Refer the SSL Security section for more information.
This property is used when there is a need to process messages in parallel within the component, still maintaining the sequence from the external perspective.
Click the Threadpool Configuration ellipsis button to configure the Threadpool Configuration properties.
Figure 4: Threadpool Configuration
Enable Thread Pool
Enable this option to configure the properties that appear as below.
Number of requests to be processed in parallel within the component. Default value is '1'.
Batch Eviction Interval (in ms)
Time in milliseconds after which the threads are evicted in case of inactivity. New threads are created in place of evicted threads when new requests are received. Default value is '1000'.
Sending the application event to the SplunkEventCollector microservice. Configure SplunkEventCollector as described in Configuration and testing section above and use the Feeder microservice and Display microservice to send a sample input and check the response respectively.
Figure 5: Demonstrating a scenario with sample input and output
Figure 6: Input message sent using feeder for S3Upload
Figure 7: Output demonstrating the success