When running a real-time search you must update the Request Timeout Parameter to avoid having the collector stuck in a forever running state. Defaults to 0, which disables timeout metering. In the Request Timeout (secs) field, you can set a maximum time period (in seconds) for an HTTP request to complete before Cribl Stream treats it as timed out. Value: JavaScript expression to compute the header's value (can be a constant).Value: JavaScript expression to compute the field's value (can be a constant).Įxtra headers: Click Add Header to (optionally) add collection request headers as key-value pairs:.Click Add Parameter to add parameters as key-value pairs: Select a stored text secret in the resulting Token (text secret) drop-down, or click Create to configure a new secret.Įxtra parameters: Optional HTTP request parameters to append to the request URL. Select a stored text secret in the resulting Credentials secret drop-down, or click Create to configure a new secret.īearer Token: Provide the token value configured and generated in Splunk.īearer Token (text secret): Provide the Bearer Token referenced by a secret. Compatible with REST servers like AWS, where you embed a secret directly in the request URL.īasic: Displays Username and Password fields for you to enter HTTP Basic authentication credentials.īasic (credentials secret): Provide username and password credentials referenced by a secret. In the Authentication drop-down, use the buttons to select one of these options: For example: or You can enter the latest time boundary for the search. The default is Earliest: You can enter the earliest time boundary for the search. Search head: Enter the search head base URL. For example: index=myAppLogs level=error channel=myApp OR | mstats avg(myStat) as myStat WHERE index=myStatsIndex. In the Search dropdown, type your query parameters: To use CSV format, set the Output mode to CSV and specify the CSV event breaker in the Event Breakers tab. Defaults to JSON format.To parse the returned JSON, add the Cribl event breaker which parses newline delimited events in the Event Breakers tab.Įvents returned from Splunk search can also be returned in the more compact CSV format. Output mode: Format of the returned output. Search endpoint: Rest API used to conduct a search. The Collector Settings determine how data is collected before processing.Ĭollector ID: Unique ID for this Collector. Click Save when you've configured your Collector.Ĭollector Sources currently cannot be selected or enabled in the QuickConnect UI. Click the tab links at left to navigate among tabs. The sections described below are spread across several tabs.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |