You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pipeline/outputs/splunk.md
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -189,7 +189,7 @@ This will create a payload that looks like:
189
189
190
190
### Sending raw events
191
191
192
-
If the option `splunk_send_raw` has been enabled, the user must add all log details in the event field, and only specify fields known to Splunk in the top level event. If there is a mismatch, Splunk returns an HTTP error `400`.
192
+
If the option `splunk_send_raw` has been enabled, the user must add all log details in the event field, and only specify fields known to Splunk in the top level event. If there is a mismatch, Splunk returns an HTTP `400 Bad Request` status code.
193
193
194
194
Consider the following examples:
195
195
@@ -211,7 +211,7 @@ For up-to-date information about the valid keys, see [Getting Data In](https://d
211
211
212
212
With Splunk version 8.0 and later, you can use the Fluent Bit Splunk output plugin to send data to metric indices. This lets you perform visualizations, metric queries, and analysis with other metrics you might be collecting. This is based off of Splunk 8.0 support of multi metric support using single JSON payload, more details can be found in [Splunk metrics documentation](https://docs.splunk.com/Documentation/Splunk/9.4.2/Metrics/GetMetricsInOther#The_multiple-metric_JSON_format)
213
213
214
-
Sending to a Splunk metric index requires the use of `Splunk_send_raw` option being enabled and formatting the message properly. This includes three specific operations
214
+
Sending to a Splunk metric index requires the use of `Splunk_send_raw` option being enabled and formatting the message properly. This includes these specific operations:
215
215
216
216
- Nest metric events under a `fields` property
217
217
- Add `metric_name:` to all metrics
@@ -303,9 +303,7 @@ pipeline:
303
303
304
304
## Send metrics events of Fluent Bit
305
305
306
-
In Fluent Bit 2.0 or later, you can also send Fluent Bit metrics the `events` type into Splunk using Splunk HEC.
307
-
This lets you perform visualizations, metric queries, and analysis with directly sent using Fluent Bit metrics.
308
-
This is based off Splunk 8.0 support of multi metric support using a single concatenated JSON payload.
306
+
In Fluent Bit 2.0 or later, you can send Fluent Bit metrics the `events` type into Splunk using Splunk HEC. This lets you perform visualizations, metric queries, and analysis with directly sent using Fluent Bit metrics. This is based off Splunk 8.0 support of multi metric support using a single concatenated JSON payload.
309
307
310
308
Sending Fluent Bit metrics into Splunk requires the use of collecting Fluent Bit metrics plugins, whether events type of logs or metrics can be distinguished automatically.
311
309
You don't need to pay attentions about the type of events.
0 commit comments