README.md in fluent-plugin-splunk-hec-1.2.12 vs README.md in fluent-plugin-splunk-hec-1.2.13

- old
+ new

@@ -1,15 +1,15 @@ # fluent-plugin-splunk-hec [Fluentd](https://fluentd.org/) output plugin to send events and metrics to [Splunk](https://www.splunk.com) in 2 modes:<br/> -1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/> +1) Via Splunk's [HEC (HTTP Event Collector) API](http://dev.splunk.com/view/event-collector/SP-CAAAE7F)<br/> 2) Via the Splunk Cloud Services (SCS) [Ingest API](https://sdc.splunkbeta.com/reference/api/ingest/v1beta2) ## Installation ### RubyGems -``` +``` $ gem install fluent-plugin-splunk-hec ``` ### Bundler Add following line to your Gemfile: @@ -155,11 +155,11 @@ ### Parameters for `splunk_hec` #### protocol (enum) (optional) -This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is +This is the protocol to use for calling the HEC API. Available values are: http, https. This parameter is set to `https` by default. ### hec_host (string) (required) The hostname/IP for the HEC token or the HEC load balancer. @@ -170,10 +170,14 @@ ### hec_token (string) (required) Identifier for the HEC token. +### hec_endpoint (string) (optional) + +The HEC REST API endpoint to use. The default value is `services/collector`. + ### metrics_from_event (bool) (optional) When `data_type` is set to "metric", the ingest API will treat every key-value pair in the input event as a metric name-value pair. Set `metrics_from_event` to `false` to disable this behavior and use `metric_name_key` and `metric_value_key` to define metrics. The default value is `true`. ### metric_name_key (string) (optional) @@ -192,35 +196,35 @@ If `coerce_to_utf8` is set to `true`, any non-UTF-8 character is replaced by the string you specify in this parameter. The parameter is set to `' '` by default. ### Parameters for `splunk_ingest_api` -### service_client_identifier: (optional) (string) +### service_client_identifier: (optional) (string) Splunk uses the client identifier to make authorized requests to the ingest API. -### service_client_secret_key: (string) +### service_client_secret_key: (string) The client identifier uses this authorization to make requests to the ingest API. -### token_endpoint: (string) +### token_endpoint: (string) This value indicates which endpoint Splunk should look to for the authorization token necessary for requests to the ingest API. -### ingest_api_host: (string) +### ingest_api_host: (string) Indicates which url/hostname to use for requests to the ingest API. -### ingest_api_tenant: (string) +### ingest_api_tenant: (string) Indicates which tenant Splunk should use for requests to the ingest API. -### ingest_api_events_endpoint: (string) +### ingest_api_events_endpoint: (string) Indicates which endpoint to use for requests to the ingest API. -### debug_http: (bool) +### debug_http: (bool) Set to True if you want to debug requests and responses to ingest API. Default is false. ### Parameters for both `splunk_hec` and `splunk_ingest_api` ### index (string) (optional) @@ -328,11 +332,11 @@ If a parameter has just a key, it means its value is exactly the same as the key. #### When `data_type` is `metric` -For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration: +For metrics, parameters inside `<fields>` are used as dimensions. If `<fields>` is not presented, the original input event will be used as dimensions. If an empty `<fields></fields>` is presented, no dimension is sent. For example, given the following configuration: ``` <match **> @type splunk_hec data_type metric @@ -379,11 +383,11 @@ @type csv fields ["some", "fields"] </format> ``` -This example: +This example: - Formats events with tags that start with `sometag.` with the `single_value` formatter - Formats events with tags `some.othertag` with the `csv` formatter - Formats all other events with the `json` formatter (the default formatter) If you want to use a different default formatter, you can add a `<format **>` (or `<format>`) section. @@ -396,11 +400,11 @@ The following parameters can be used for tuning HTTP connections: #### idle_timeout (integer) -The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts. +The default is five seconds. If a connection has not been used for five seconds, it is automatically reset at next use, in order to avoid attempting to send to a closed connection. Specifiy `nil` to prohibit any timeouts. #### read_timeout (integer) The amount of time allowed between reading two chunks from the socket. The default value is `nil`, which means no timeout. @@ -455,6 +459,6 @@ * Splunk has a limit on how big the payload of a HEC request can be. And it's defined with `max_content_length` in [the `[http_input]` section of `limits.conf`](https://docs.splunk.com/Documentation/Splunk/latest/Admin/Limitsconf#.5Bhttp_input.5D). In Splunk of version 6.5.0+, the default value is 800MiB, while in versions before 6.5.0, it's just 1MB. Make sure your chunk size won't exceed this limit, or you should change the limit on your Splunk deployment. * Sending requests to HEC takes time, so if you flush your fluentd buffer too fast (for example, with a very small `flush_interval`), it's possible that the plugin cannot catch up with the buffer flushing. There are two ways you can handle this situation, one is to increase the `flush_interval` or use multiple flush threads by setting `flush_thread_count` to a number bigger than 1. ## License -Please see [LICENSE](LICENSE). +Please see [LICENSE](LICENSE).