GithubHelp home page GithubHelp logo

spring-integration-splunk's Introduction

Spring Integration Splunk Adapter

The SI adapter includes Outbound Channel Adapter and Inbound Channel Adapter.

Inbound channel adapter :

The Inbound channel adapter is used to read data from Splunk and output a message containing the data to a Spring Integration channel. There are 5 ways to get data from Splunk:

  • Blocking
  • Non blocking
  • Saved search
  • Realtime
  • Export

Blocking search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example"
		splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Non blocking search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example"
		splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="NORMAL" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Saved search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		savedSearch="test" splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Realtime search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
		mode="REALTIME" earliestTime="-5s" latestTime="rt" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Export:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
		mode="EXPORT" earliestTime="-5d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Outbound channel adapter:

The Outbound channel adapter is used to write data to Splunk from a Spring Integration message channel. There are 3 types of data writers provided:

  • submit - Use's Splunk's REST API. Appropriate for small or infrequent data loads. Posts data to a named index or the default if not specified.
  • index - Streams data to a named index or the default if not specified.
  • tcp - Streams data to a tcp port associated with a defined tcp input.

The outbound channel adapter requires a child *-writer element which defines related attributes:

Submit:

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
		sourceType="spring-integration"
		source="example2">
		<int-splunk:submit-writer index="foo"/>
	</int-splunk:outbound-channel-adapter>

Index:

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
	 >
		<int-splunk:index-writer index="someIndex"/>
	</int-splunk:outbound-channel-adapter>

TCP

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
	  >
		<int-splunk:tcp-writer port="9999"/>
	</int-splunk:outbound-channel-adapter>

NOTE: The input must exist and be enabled on the server

Configuring The Splunk Server connection

	<int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" host="somehost.someplace.com" port="9000" />

Alternatively, you can configure a Splunk Server failover mechanism

  <int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" 
  					 host="somehost.someplace.com" port="9000" />

  <int-splunk:server id="splunkServerBackup" username="admin" password="password" timeout="5000" 
   					 host="somehost.someotherplace.com" port="9000" />

  <util:list id="splunkServersList">
    <ref bean="splunkServer" />
    <ref bean="splunkServerBackup" />
  </util:list>

  <bean id="splunkServiceFactory" class="org.springframework.integration.splunk.support.SplunkServiceFactory">
    <constructor-arg ref="splunkServersList"/>
  </bean>

Additional server properties include (see splunk documentation for details):

  • app
  • scheme
  • scope
  • owner

The default host is localhost and the default port is 8089. The timeout attribute indicates how long to wait for a connection in miliseconds.

Development

Build:

./gradlew build

Import the project to Eclipse:

To generate Eclipse metadata (e.g., .classpath and .project files), do the following:

./gradlew eclipse

spring-integration-splunk's People

Contributors

artembilan avatar fbalicchia avatar ghillert avatar leejianwei avatar olamy avatar spring-builds avatar spring-operator avatar wilkinsona avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

artembilan robgratz damiendallimore pkdevboxy splunkdevabhi ryomae thsiung braghome mlmeehan levincai restmad faruque-hossain radhikari54 spring-operator jegapriya global-localhost global19 global19-atlassian-net isabella232 krishnamurtyp siuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuu sk185050 ghas-results mitrie goodstudio

spring-integration-splunk's Issues

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.