Versions Compared

Old Version 1

changes.mady.by.user user-1bc08

Saved on

compared with

New Version Current

changes.mady.by.user user-1bc08

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
HTML
<style>
.release-box {
	height: 30px; 
	width: 100px; 
	padding-top: 8px;
	text-align: center; 
	border-radius: 5px; 
	font-weight: bold; 
	background-color: #d4af37; 
	border-color: #FCE28A;
}

.release-box:hover {
  	cursor: hand;
    cursor: pointer;
    opacity: .9; 
}
</style>
<meta name="robots" content="noindex">

<div class="release-box">
<a href="https://docs.perspectium.com/display/gold" style="text-decoration: none; color: #FFFFFF; display: block;">
Gold
</a>
</div>

To enhance your DataSync integration for Splunk Enterprise, you can optionally configure the Splunk meshlet to the directives listed below

...

To check out the general meshlet configurations, see General Meshlet Configurations for DataSync.

DirectiveDescription
ackUrl

Represents the Splunk URL for enabling indexer acknowledgement

Code Block
languageyml
splunk:
	ackUrl: http://splunk-url/services/collector/ack
	requestChannel: a7175f62-d67b-4793-a172-c1b946c0e444


requestChannel

Represents a channel to be used with indexer acknowledgement. 

...

(info) NOTEThis configuration is to be used with the ackUrl configuration.

Code Block
languageyml
splunk:
	ackUrl: http://splunk-url/services/collector/ack
	requestChannel: a7175f62-d67b-4793-a172-c1b946c0e444


saveInEvent

By default, data is saved into Splunk where the event name is the name field of the outbound message such as incident.bulk and the fields of the shared record are saved as fields in the Splunk event. However, when saveInEvent is enabled, all the data for the record's fields will be saved in the Event name instead. See View your event collections in Splunk for more details. 


Code Block
languageyml
themeEclipse
perspectium:
       message:
           inboundQueue: psp.in.meshlet.splunk.yourinstance
           outboundQueue: psp.out.meshlet.splunk.%s
           errorQueuePattern: psp.out.meshlet.splunk.error.%s
           saveInEvent: true


sourceType

A value for the source type of each record saved into Splunk. You can specify to use the table name of an incoming record by adding the $table value in sourceType. For example, if you send incident records and specify the sourceType configuration as snow $table, each incident record will be saved with a source type value of snow incident

Code Block
languageyml
themeEclipse
perspectium:
       splunk:
           url: http://3.46.13.38:8088/services/collector/event
           authorizationHeader: " Splunk 0bfb9d66-8d5f-4fef-bae9-afa5a0642f21"
           sourceType: snow:$table


hideEmptyFields

Enable skipping empty field values of each record saved into Splunk. For example, with this configuration set as true and the meshlet receives an incident record with the field assigned_to empty, the assigned_to field will not be created when the record is saved into Splunk. If this configuration is not specified, the defaults value is false where empty fields are saved.   

Code Block
languageyml
themeEclipse
perspectium:
       message:
           hideEmptyFields: true

...

Similar topics

Content by Label
showLabelsfalse
max5
showSpacefalse
sortmodified
cqllabel = "splunk" and space = currentSpace()

Contact Perspectium Support

Image Removed

US: 1 888 620 8880

UK: 44 208 068 5953

...