README
¶
Splunk HEC Receiver
| Status | |
|---|---|
| Stability | beta |
| Supported pipeline types | logs, metrics |
| Distributions | contrib |
The Splunk HEC receiver accepts events in the Splunk HEC
format.
This allows the collector to receive logs and metrics.
The collector accepts data formatted as JSON HEC events
under any path or as EOL separated log raw data
if sent to the raw_path path.
🚧 This receiver is in beta and configuration fields are subject to change.
Configuration
The following settings are required:
endpoint(default =0.0.0.0:8088): Address and port that the Splunk HEC receiver should bind to.
The following settings are optional:
access_token_passthrough(default =false): Whether to preserve incoming access token (Splunkheader value) as"com.splunk.hec.access_token"metric resource label. Can be used in tandem with identical configuration option for Splunk HEC exporter to preserve datapoint origin.tls_settings(no default): This is an optional object used to specify if TLS should be used for incoming connections.cert_file: Specifies the certificate file to use for TLS connection. Note: Bothkey_fileandcert_fileare required for TLS connection.key_file: Specifies the key file to use for TLS connection. Note: Bothkey_fileandcert_fileare required for TLS connection.
raw_path(default = '/services/collector/raw'): The path accepting raw HEC events. Only applies when the receiver is used for logs.health_path(default = '/services/collector/health'): The path reporting health checks.hec_metadata_to_otel_attrs/source(default = 'com.splunk.source'): Specifies the mapping of the source field to a specific unified model attribute.hec_metadata_to_otel_attrs/sourcetype(default = 'com.splunk.sourcetype'): Specifies the mapping of the sourcetype field to a specific unified model attribute.hec_metadata_to_otel_attrs/index(default = 'com.splunk.index'): Specifies the mapping of the index field to a specific unified model attribute.hec_metadata_to_otel_attrs/host(default = 'host.name'): Specifies the mapping of the host field to a specific unified model attribute. Example:
receivers:
splunk_hec:
splunk_hec/advanced:
access_token_passthrough: true
tls:
cert_file: /test.crt
key_file: /test.key
raw_path: "/raw"
hec_metadata_to_otel_attrs:
source: "mysource"
sourcetype: "mysourcetype"
index: "myindex"
host: "myhost"
The full list of settings exposed for this receiver are documented here with detailed sample configurations here.
Documentation
¶
Overview ¶
Package splunkhecreceiver implements a receiver that can be used by the OpenTelemetry collector to receive data in the Splunk HEC supported formats.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewFactory ¶
NewFactory creates a factory for Splunk HEC receiver.
Types ¶
type Config ¶
type Config struct {
confighttp.HTTPServerSettings `mapstructure:",squash"` // squash ensures fields are correctly decoded in embedded struct
splunk.AccessTokenPassthroughConfig `mapstructure:",squash"`
// RawPath for raw data collection, default is '/services/collector/raw'
RawPath string `mapstructure:"raw_path"`
// HealthPath for health API, default is '/services/collector/health'
HealthPath string `mapstructure:"health_path"`
// HecToOtelAttrs creates a mapping from HEC metadata to attributes.
HecToOtelAttrs splunk.HecToOtelAttrs `mapstructure:"hec_metadata_to_otel_attrs"`
}
Config defines configuration for the Splunk HEC receiver.
Source Files