[GitHub] nifi pull request: NIFI-1420 Adding Splunk bundle

[bbende]

GitHub user bbende opened a pull request:

    https://github.com/apache/nifi/pull/233

    NIFI-1420 Adding Splunk bundle 

    ## Overview
    This pull request adds a Splunk bundle with the following processors:
     
    * **ListenSplunkForwarder** - Receives data from a Splunk forwarder, based 
off the AbstractListenEventProcessor created during RELP work.
    
    * **PutSplunk** - Delivers to Splunk Enterprise over TCP or UDP, based some 
of the design off PutKafka for how to handle delimited messages, also created 
an AbstractPutEventProcessor to  make future "Put" TCP/UDP processors easier, 
involved refactoring code from PutSyslog.
    
    * **GetSplunk** - Extracts data from Splunk Enterprise based on a query, 
processor provides ability to optionally specify a time range, or have the 
processor manage the time ranges using the new state management API.
    
    ## Testing
    
    ### Download and extract the forwarder and Splunk enterprise:
    http://www.splunk.com/en_us/download/universal-forwarder.html
    http://www.splunk.com/en_us/download/splunk-enterprise.html
    
    ## Splunk Forwarder:
    
    Edit/Create splunkforwarder/etc/system/local/outputs.conf and configure an 
output for NiFi to listen to:
    
        [tcpout:nifi]
        server=localhost:6588
        sendCookedData=false
    
    Start the forwarder:
    
        ./splunkforwarder/bin/splunk start
    
    At this point you can create a NiFi flow with ListenSplunkForwarder, 
listening on TCP port 6588 and should be receiving data.
    
    ## Splunk Enterprise
    
    Start Splunk Enterprise
    
        ./splunk/bin/splunk start
    
    Go to http://localhost:8000 in your browser
    
    Create an input from the Settings -> Data Inputs menu, create a TCP or UDP 
input.
    
    After that you should be able to use PutSplunk to deliver data to the input 
created in the previous step, and GetSplunk to extract data. 

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/bbende/nifi NIFI-1420

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/233.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #233
    
----

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---