[
https://issues.apache.org/jira/browse/NIFI-1420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15174533#comment-15174533
]
ASF GitHub Bot commented on NIFI-1420:
--------------------------------------
Github user JPercivall commented on the pull request:
https://github.com/apache/nifi/pull/233#issuecomment-190934511
I observed a couple of interesting interactions when testing the PutSplunk
processor. I'm not sure whether it is a problem with the processor, the Splunk
Java SDK, Splunk Enterprise or my Splunk configurations:
* I set up the PutSplunk processor to communicate via UDP and created a UDP
data input using the UI for Splunk Enterprise. The PutSplunk is transmitting
messages at ~1 per second. While it's transmitting no new events are created
yet in Splunk Enterprise (verified by viewing a real time view of the past 30
seconds). I stop the PutSplunk processor and then run a search in Splunk UI to
see if any events came in on that port. There is one event that is registered
at when I started the processor and contains effectively all (didn't count the
seconds I was sending) the data that was generated. I'm not sure why all the
UDP messages are grouped together. When I set PutSplunk to send messages every
20 seconds the UDP messages are treated as their own event.
* I set up PutSplunk to communicate via TCP using SSL. I looked for options
to create a Data Input in Splunk Enterprise using TCP and SSL but couldn't find
anything definitive (and all my searches turned up results for the Forwarder).
I enabled SSL in Splunk Web by going to the general settings and notice that
SSL properties are in the inputs.conf and server.conf files. I attempt to send
data using PutSplunk using SSL to the TCP data input. The event is received and
I see it in the Splunk UI in real time. The only problem being that it's still
encoded (see image). Typically when I get errors with SSL there is some obscure
error relating to truncation attacks or Cipher Suites but I didn't seem to get
any errors.
> Splunk Processors
> -----------------
>
> Key: NIFI-1420
> URL: https://issues.apache.org/jira/browse/NIFI-1420
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Minor
> Fix For: 0.6.0
>
>
> To continue improving NiFi's ability to collect logs, a good integration
> point would be to have a processor that could listen for data from a Splunk
> forwarder (https://docs.splunk.com/Splexicon:Universalforwarder). Being able
> to push log messages to Splunk would also be useful.
> Splunk provides an SDK that may be helpful:
> https://github.com/splunk/splunk-sdk-java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
