July 31, 2023

tSplunkEventCollector – Docs for ESB Splunk 7.x

tSplunkEventCollector

Sends the event data to Splunk through Splunk HTTP Event Collector.

tSplunkEventCollector collects and
sends the event data to Splunk.

tSplunkEventCollector Standard properties

These properties are used to configure tSplunkEventCollector running in the Standard Job framework.

The Standard
tSplunkEventCollector component belongs to the Business Intelligence family.

The component in this framework is available in all Talend
products
.

Basic settings

Schema and Edit schema

A schema is a row description. It defines the number of fields
(columns) to be processed and passed on to the next component. When you create a Spark
Job, avoid the reserved word line when naming the
fields.

  • Built-In: You create and store the schema locally for this component
    only.

  • Repository: You have already created the schema and stored it in the
    Repository. You can reuse it in various projects and Job designs.

This
component offers the advantage of the dynamic schema feature. This allows you to
retrieve unknown columns from source files or to copy batches of columns from a source
without mapping each column individually. For further information about dynamic schemas,
see
Talend Studio

User Guide.

This
dynamic schema feature is designed for the purpose of retrieving unknown columns of a
table and is recommended to be used for this purpose only; it is not recommended for the
use of creating tables.

Note that the schema of this component has been set by default with
the following fields. You can click the […] button next to Edit
schema
to view and change the predefined schema.

  • time: the event time.
    Note that the input data is in Java Date format, and it will
    be transformed to the epoch time format required by Splunk
    before sending to Splunk HTTP Event Collector.

  • source: the source value
    of the event data. It is usually the file or directory path,
    network port, or script from which the event
    originated.

  • sourcetype: the source
    type of the event data. It tells what kind of data it
    is.

  • host: the host of the
    event data. It is usually the host name, IP address, or
    fully qualified domain name of the network machine from
    which the event originated.

  • index: the name of the
    index by which the event data is to be indexed. It must be
    within the list of allowed indexes if the token has the
    indexes parameter
    set.

For more information about the format of the event data
sent to Splunk HTTP Event Collector, see About the JSON event protocol in HTTP Event
Collector
.

 

Click Edit
schema
to make changes to the schema. If the current schema is of the Repository type, three options are available:

  • View schema: choose this
    option to view the schema only.

  • Change to built-in property:
    choose this option to change the schema to Built-in for local changes.

  • Update repository connection:
    choose this option to change the schema stored in the repository and decide whether
    to propagate the changes to all the Jobs upon completion. If you just want to
    propagate the changes to the current Job, you can select No upon completion and choose this schema metadata
    again in the Repository Content
    window.

Splunk Server URL

Enter the URL used to access the Splunk Web Server.

Token

Specify the Event Collector token used to authenticate the event data.
For more information, see HTTP Event Collector token management.

Advanced settings

Extended output

Select this check box to send the event data to Splunk in batch mode.
In the field displayed, enter the number of events to be processed in
each batch.

By default, this check box is selected and the number of events to be
processed in each batch is 100.

tStatCatcher Statistics

Select this check box to gather the Job processing metadata at the Job level
as well as at each component level.

Global Variables

Global Variables

NB_LINE: the number of rows processed. This is an After
variable and it returns an integer.

RESPONSE_CODE:
the response code from Splunk. This is an After variable and it returns an integer.

ERROR_MESSAGE: the error message generated by the
component when an error occurs. This is an After variable and it returns a string. This
variable functions only if the Die on error check box is
cleared, if the component has this check box.

A Flow variable functions during the execution of a component while an After variable
functions after the execution of the component.

To fill up a field or expression with a variable, press Ctrl +
Space
to access the variable list and choose the variable to use from it.

For further information about variables, see
Talend Studio

User Guide.

Usage

Usage rule

This component is usually used as an end component of a Job or
subJob and it always needs an input link.

Related scenario

No scenario is available for this component yet.


Document get from Talend https://help.talend.com
Thank you for watching.
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x