Queries Splunk server in order to acquire the status of indexing acknowledgement.
splunk, logs, http, acknowledgement
In the list below, the names of required properties appear in bold. Any other properties (not in bold) are considered optional. The table also indicates any default values, whether a property supports the NiFi Expression Language, and whether a property is considered "sensitive", meaning that its value will be encrypted. Before entering a value in a sensitive property, ensure that the nifi.properties file has an entry for the property nifi.sensitive.props.key.
| Name | Default Value | Allowable Values | Description |
|---|---|---|---|
| Scheme | https |
| The scheme for connecting to Splunk. |
| Hostname | localhost | The ip address or hostname of the Splunk server. Supports Expression Language: true (will be evaluated using variable registry only) | |
| HTTP Event Collector Port | 8088 | The HTTP Event Collector HTTP Port Number. Supports Expression Language: true (will be evaluated using variable registry only) | |
| Security Protocol | TLSv1_2 |
| The security protocol to use for communicating with Splunk. |
| Owner | The owner to pass to Splunk. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| HTTP Event Collector Token | HTTP Event Collector token starting with the string Splunk. For example 'Splunk 1234578-abcd-1234-abcd-1234abcd' Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Username | The username to authenticate to Splunk. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Password | The password to authenticate to Splunk. Sensitive Property: true | ||
| Splunk Request Channel | Identifier of the used request channel. Supports Expression Language: true (will be evaluated using variable registry only) | ||
| Maximum Waiting Time | 1 hour | The maximum time the processor tries to acquire acknowledgement confirmation for an index, from the point of registration. After the given amount of time, the processor considers the index as not acknowledged and transfers the FlowFile to the "unacknowledged" relationship. | |
| Maximum Query Size | 10000 | The maximum number of acknowledgement identifiers the outgoing query contains in one batch. It is recommended not to set it too low in order to reduce network communication. |
| Name | Description |
|---|---|
| success | A FlowFile is transferred to this relationship when the acknowledgement was successful. |
| unacknowledged | A FlowFile is transferred to this relationship when the acknowledgement was not successful. This can happen when the acknowledgement did not happened within the time period set for Maximum Waiting Time. FlowFiles with acknowledgement id unknown for the Splunk server will be transferred to this relationship after the Maximum Waiting Time is reached. |
| undetermined | A FlowFile is transferred to this relationship when the acknowledgement state is not determined. FlowFiles transferred to this relationship might be penalized. This happens when Splunk returns with HTTP 200 but with false response for the acknowledgement id in the flow file attribute. |
| failure | A FlowFile is transferred to this relationship when the acknowledgement was not successful due to errors during the communication. FlowFiles are timing out or unknown by the Splunk server will transferred to "undetermined" relationship. |
| Name | Description |
|---|---|
| splunk.acknowledgement.id | The indexing acknowledgement id provided by Splunk. |
| splunk.responded.at | The time of the response of put request for Splunk. |