Git Product home page Git Product logo

spring-integration-splunk's Introduction

Spring Integration Splunk Adapter

The SI adapter includes Outbound Channel Adapter and Inbound Channel Adapter.

Inbound channel adapter :

The Inbound channel adapter is used to read data from Splunk and output a message containing the data to a Spring Integration channel. There are 5 ways to get data from Splunk:

  • Blocking
  • Non blocking
  • Saved search
  • Realtime
  • Export

Blocking search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example"
		splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="BLOCKING" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Non blocking search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example"
		splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="NORMAL" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Saved search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		savedSearch="test" splunk-server-ref="splunkServer"
		channel="inputFromSplunk" mode="SAVEDSEARCH" earliestTime="-1d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Realtime search:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
		mode="REALTIME" earliestTime="-5s" latestTime="rt" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Export:

	<int-splunk:inbound-channel-adapter id="splunkInboundChannelAdapter"
		auto-startup="true" search="search spring:example" splunk-server-ref="splunkServer" channel="inputFromSplunk"
		mode="EXPORT" earliestTime="-5d" latestTime="now" initEarliestTime="-1d">
		<int:poller fixed-rate="5" time-unit="SECONDS"/>
	</int-splunk:inbound-channel-adapter>

Outbound channel adapter:

The Outbound channel adapter is used to write data to Splunk from a Spring Integration message channel. There are 3 types of data writers provided:

  • submit - Use's Splunk's REST API. Appropriate for small or infrequent data loads. Posts data to a named index or the default if not specified.
  • index - Streams data to a named index or the default if not specified.
  • tcp - Streams data to a tcp port associated with a defined tcp input.

The outbound channel adapter requires a child *-writer element which defines related attributes:

Submit:

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
		sourceType="spring-integration"
		source="example2">
		<int-splunk:submit-writer index="foo"/>
	</int-splunk:outbound-channel-adapter>

Index:

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
	 >
		<int-splunk:index-writer index="someIndex"/>
	</int-splunk:outbound-channel-adapter>

TCP

	<int-splunk:outbound-channel-adapter
		id="splunkOutboundChannelAdapter"
		channel="outputToSplunk"
		splunk-server-ref="splunkServer"
	  >
		<int-splunk:tcp-writer port="9999"/>
	</int-splunk:outbound-channel-adapter>

NOTE: The input must exist and be enabled on the server

Configuring The Splunk Server connection

	<int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" host="somehost.someplace.com" port="9000" />

Alternatively, you can configure a Splunk Server failover mechanism

  <int-splunk:server id="splunkServer" username="admin" password="password" timeout="5000" 
  					 host="somehost.someplace.com" port="9000" />

  <int-splunk:server id="splunkServerBackup" username="admin" password="password" timeout="5000" 
   					 host="somehost.someotherplace.com" port="9000" />

  <util:list id="splunkServersList">
    <ref bean="splunkServer" />
    <ref bean="splunkServerBackup" />
  </util:list>

  <bean id="splunkServiceFactory" class="org.springframework.integration.splunk.support.SplunkServiceFactory">
    <constructor-arg ref="splunkServersList"/>
  </bean>

Additional server properties include (see splunk documentation for details):

  • app
  • scheme
  • scope
  • owner

The default host is localhost and the default port is 8089. The timeout attribute indicates how long to wait for a connection in miliseconds.

Development

Build:

./gradlew build

Import the project to Eclipse:

To generate Eclipse metadata (e.g., .classpath and .project files), do the following:

./gradlew eclipse

spring-integration-splunk's People

Contributors

artembilan avatar fbalicchia avatar ghillert avatar leejianwei avatar olamy avatar spring-builds avatar spring-operator avatar wilkinsona avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.