[
https://issues.apache.org/jira/browse/NIFI-1420?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15150786#comment-15150786
]
ASF GitHub Bot commented on NIFI-1420:
--------------------------------------
GitHub user bbende opened a pull request:
https://github.com/apache/nifi/pull/233
NIFI-1420 Adding Splunk bundle
## Overview
This pull request adds a Splunk bundle with the following processors:
* **ListenSplunkForwarder** - Receives data from a Splunk forwarder, based
off the AbstractListenEventProcessor created during RELP work.
* **PutSplunk** - Delivers to Splunk Enterprise over TCP or UDP, based some
of the design off PutKafka for how to handle delimited messages, also created
an AbstractPutEventProcessor to make future "Put" TCP/UDP processors easier,
involved refactoring code from PutSyslog.
* **GetSplunk** - Extracts data from Splunk Enterprise based on a query,
processor provides ability to optionally specify a time range, or have the
processor manage the time ranges using the new state management API.
## Testing
### Download and extract the forwarder and Splunk enterprise:
http://www.splunk.com/en_us/download/universal-forwarder.html
http://www.splunk.com/en_us/download/splunk-enterprise.html
## Splunk Forwarder:
Edit/Create splunkforwarder/etc/system/local/outputs.conf and configure an
output for NiFi to listen to:
[tcpout:nifi]
server=localhost:6588
sendCookedData=false
Start the forwarder:
./splunkforwarder/bin/splunk start
At this point you can create a NiFi flow with ListenSplunkForwarder,
listening on TCP port 6588 and should be receiving data.
## Splunk Enterprise
Start Splunk Enterprise
./splunk/bin/splunk start
Go to http://localhost:8000 in your browser
Create an input from the Settings -> Data Inputs menu, create a TCP or UDP
input.
After that you should be able to use PutSplunk to deliver data to the input
created in the previous step, and GetSplunk to extract data.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/bbende/nifi NIFI-1420
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi/pull/233.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #233
----
----
> Splunk Processors
> -----------------
>
> Key: NIFI-1420
> URL: https://issues.apache.org/jira/browse/NIFI-1420
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Bryan Bende
> Assignee: Bryan Bende
> Priority: Minor
> Fix For: 0.6.0
>
>
> To continue improving NiFi's ability to collect logs, a good integration
> point would be to have a processor that could listen for data from a Splunk
> forwarder (https://docs.splunk.com/Splexicon:Universalforwarder). Being able
> to push log messages to Splunk would also be useful.
> Splunk provides an SDK that may be helpful:
> https://github.com/splunk/splunk-sdk-java
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
