Output mode: Format of the returned output. Search endpoint: Rest API used to conduct a search. In this section's Pipeline drop-down list, you can select a single existing Pipeline to process data from this input before the data is sent through the Routes. (Can evaluate to a constant.) Pre-Processing Value: JavaScript expression to compute field's value, enclosed in quotes or backticks. In this section, you can add Fields to each event, using Eval-like functionality. Defaults to the Splunk Search Ruleset.Įvent Breaker buffer timeout: How long (in milliseconds) the Event Breaker will wait for new data to be sent to a specific channel, before flushing out the data stream, as-is, to the Routes. Select a stored text secret in the resulting Token (text secret) drop-down, or click Create to configure a new secret.Įvent Breaker rulesets: A list of event breaking rulesets that will be applied to the input data stream before the data is sent through the Routes. Select a stored text secret in the resulting Credentials secret drop-down, or click Create to configure a new secret.īearer Token: Provide the token value configured and generated in Splunk.īearer Token (text secret): Provide the Bearer Token referenced by a secret. Compatible with REST servers like AWS, where you embed a secret directly in the request URL.īasic: Displays Username and Password fields for you to enter HTTP Basic authentication credentials.īasic (credentials secret): Provide username and password credentials referenced by a secret. In the Authentication tab, use the buttons to select one of these options: Use a tab or hard return between (arbitrary) tag names. Tags: Optionally, add tags that you can use for filtering and grouping in Cribl Edge. For example: or You can enter the latest time boundary for the search. The default is Earliest: You can enter the earliest time boundary for the search. Search head: Enter the search head base URL. For example: index=myAppLogs level=error channel=myApp OR | mstats avg(myStat) as myStat WHERE index=myStatsIndex. You enter the Cron schedule expression in UTC time, but the Estimated Schedule examples are displayed in local time. The Estimated Schedule below this field shows the next few collection runs, as examples of the cron interval you've scheduled. Input ID: Enter a unique name to identify this Splunk Search Source definition.Ĭron schedule: Enter a cron expression to define the schedule on which to run this job. Next, click New Source to open a New Source modal that provides the options below. From the resulting page's tiles or left nav, select Splunk Search. Or, to configure via the Routing UI, click Data > Sources (Stream) or More > Sources (Edge). The resulting drawer will provide the options below. Next, click either Add Destination or (if displayed) Select Existing. From the resulting drawer's tiles, select Splunk Search. To configure via the graphical QuickConnect UI, click Collect (Edge only). Type: Pull | TLS Support: Yes | Event Breaker Support: YES Configuring Cribl Edge to Receive Splunk Search Data įrom the top nav, click Manage, then select a Fleet to configure.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |