Important
You are viewing documentation for an older version of Confluent Platform. For the latest, click here.
Kafka Connect Splunk Source Connector¶
The Connect Splunk Source connector provides a way to integrate Splunk with Apache Kafka®. The connector receives data from applications that would normally send data to a Splunk HTTP Event Collector (HEC).
The connector has support for [X-Forwarded-For] which allows it to be used behind a load balancer.
Note
The connector does not support receiving data from a Splunk Universal Forwarder or Splunk Heavy Forwarder.
Important
This connector listens on a network port. Running more than one connector task or running in distributed mode can cause undesirable effects if another task already has the port open. It is recommended that you run this connector in Standalone Mode.
Install Splunk Source Connector¶
You can install this connector by using the Confluent Hub client (recommended) or you can manually download the ZIP file.
Install the connector using Confluent Hub¶
- Prerequisite
- Confluent Hub Client must be installed. This is installed by default with Confluent Enterprise.
Navigate to your Confluent Platform installation directory and run this command to install the latest (latest) connector version.
The connector must be installed on every machine where Connect will be run.
confluent-hub install confluentinc/kafka-connect-splunk-source:latest
You can install a specific version by replacing latest with a version number. For example:
confluent-hub install confluentinc/kafka-connect-splunk-source:1.0.0-preview
Install Connector Manually¶
Download and extract the ZIP file for your connector and then follow the manual connector installation instructions.
License¶
You can use this connector for a 30-day trial period without a license key.
After 30 days, this connector is available under a Confluent enterprise license. Confluent issues enterprise license keys to subscribers, along with providing enterprise-level support for Confluent Platform and your connectors. If you are a subscriber, please contact Confluent Support at support@confluent.io for more information.
See Confluent Platform license for license properties and License topic configuration for information about the license topic.
Quick Start¶
This quick start uses the Splunk Source Connector to receive application data ingest it into Kafka.
Install the connector using the Confluent Hub Client.
# run from your CP installation directory confluent-hub install confluentinc/kafka-connect-splunk-source:latest
Start the Confluent Platform.
confluent start
Create a
splunk-source.propertiesfile with the following contents:name=splunk-source kafka.topic=splunk-source tasks.max=1 connector.class=io.confluent.connect.SplunkHttpSourceConnector splunk.collector.index.default=default-index splunk.port=8889 splunk.ssl.key.store.path=/path/to/your/keystore.jks splunk.ssl.key.store.password=<keystore password> confluent.topic.bootstrap.servers=localhost:9092 confluent.topic.replication.factor=1
Load the Splunk Source Connector.
confluent load splunk-source -d splunk-source.properties
Important
Don’t use the Confluent CLI in production environments.
Confirm that the connector is in a
RUNNINGstate.confluent status splunk-source
Simulate an application sending data to the connector.
curl -k -X POST https://localhost:8889/services/collector/event -d '{"event":"from curl"}'Verify the data was ingested into the Kafka topic.
kafka-avro-console-consumer --bootstrap-server localhost:9092 --topic splunk-source --from-beginning
Shut down Confluent Platform.
confluent destroy