splunkhecreceiver

package module
v0.108.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2024 License: Apache-2.0 Imports: 33 Imported by: 10

README

Splunk HEC Receiver

Status
Stability beta: metrics, logs
Distributions contrib
Issues Open issues Closed issues
Code Owners @atoulme

The Splunk HEC receiver accepts events in the Splunk HEC format. This allows the collector to receive logs and metrics. The collector accepts data formatted as JSON HEC events under any path or as EOL separated log raw data if sent to the raw_path path.

🚧 This receiver is in beta and configuration fields are subject to change.

Configuration

The following settings are required:

  • endpoint (default = localhost:8088): Address and port that the Splunk HEC receiver should bind to.

You can temporarily disable the component.UseLocalHostAsDefaultHost feature gate to change this to 0.0.0.0:8088. This feature gate will be removed in a future release.

The following settings are optional:

  • access_token_passthrough (default = false): Whether to preserve incoming access token (Splunk header value) as "com.splunk.hec.access_token" metric resource label. Can be used in tandem with identical configuration option for Splunk HEC exporter to preserve datapoint origin.
  • tls_settings (no default): This is an optional object used to specify if TLS should be used for incoming connections. Please consult configtls for the complete list of options available.
    • cert_file: Specifies the certificate file to use for TLS connection. Note: Both key_file and cert_file are required for TLS connection.
    • key_file: Specifies the key file to use for TLS connection. Note: Both key_file and cert_file are required for TLS connection.
  • raw_path (default = '/services/collector/raw'): The path accepting raw HEC events. Only applies when the receiver is used for logs.
  • splitting defines the splitting strategy used by the receiver when ingesting raw events. Can be set to "line" or "none". Default is "line".
  • health_path (default = '/services/collector/health'): The path reporting health checks.
  • hec_metadata_to_otel_attrs/source (default = 'com.splunk.source'): Specifies the mapping of the source field to a specific unified model attribute.
  • hec_metadata_to_otel_attrs/sourcetype (default = 'com.splunk.sourcetype'): Specifies the mapping of the sourcetype field to a specific unified model attribute.
  • hec_metadata_to_otel_attrs/index (default = 'com.splunk.index'): Specifies the mapping of the index field to a specific unified model attribute.
  • hec_metadata_to_otel_attrs/host (default = 'host.name'): Specifies the mapping of the host field to a specific unified model attribute.
  • ack (no default): defines the ackextension to use for acknowledging events
    • extension (no default): Specifies the ack extension ID the receiver should use. If left blank, ack is disabled.
    • path (default = '/services/collector/ack'): The path the ack extension will listen on for ack requests, if the extension is enabled.

Example:

receivers:
  splunk_hec:
  splunk_hec/advanced:
    access_token_passthrough: true
    tls:
      cert_file: /test.crt
      key_file: /test.key
    raw_path: "/raw"
    hec_metadata_to_otel_attrs:
      source: "mysource"
      sourcetype: "mysourcetype"
      index: "myindex"
      host: "myhost"
    ack: 
      extension: ack/in_memory

The full list of settings exposed for this receiver are documented here with detailed sample configurations here.

Documentation

Overview

Package splunkhecreceiver implements a receiver that can be used by the OpenTelemetry collector to receive data in the Splunk HEC supported formats.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewFactory

func NewFactory() receiver.Factory

NewFactory creates a factory for Splunk HEC receiver.

Types

type Ack added in v0.99.0

type Ack struct {
	// Extension defines the extension to use for acking of events. Without specifying an extension, the ACK endpoint won't be exposed
	Extension *component.ID `mapstructure:"extension"`
	// Path for Ack API, default is '/services/collector/ack'. Ignored if Extension is not provided.
	Path string `mapstructure:"path"`
}

Ack defines configuration for the ACK functionality of the HEC receiver

type Config

type Config struct {
	confighttp.ServerConfig `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct

	splunk.AccessTokenPassthroughConfig `mapstructure:",squash"`

	Ack `mapstructure:"ack"`

	// RawPath for raw data collection, default is '/services/collector/raw'
	RawPath string `mapstructure:"raw_path"`
	// Splitting defines the splitting strategy used by the receiver when ingesting raw events. Can be set to "line" or "none". Default is "line".
	Splitting SplittingStrategy `mapstructure:"splitting"`
	// HealthPath for health API, default is '/services/collector/health'
	HealthPath string `mapstructure:"health_path"`
	// HecToOtelAttrs creates a mapping from HEC metadata to attributes.
	HecToOtelAttrs splunk.HecToOtelAttrs `mapstructure:"hec_metadata_to_otel_attrs"`
}

Config defines configuration for the Splunk HEC receiver.

type SplittingStrategy added in v0.79.0

type SplittingStrategy string
const (
	SplittingStrategyLine SplittingStrategy = "line"
	SplittingStrategyNone SplittingStrategy = "none"
)

Directories

Path Synopsis
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL