| layout | default |
|---|---|
| title | Splunk HEC |
| parent | Outputs |
| nav_order | 12 |
The Log Export Container uses fluentd splunk hec output plugin. In order to enable it you need to specify LOG_EXPORT_CONTAINER_OUTPUT=splunk-hec and provide the following variables:
- SPLUNK_HEC_HOST. The hostname/IP for the HEC token or the HEC load balancer, for example:
prd-p-xxxxx.splunkcloud.com - SPLUNK_HEC_PORT. The port number for the HEC token or the HEC load balancer, for example:
8088 - SPLUNK_HEC_TOKEN. Identifier for the HEC token, for example:
xxxxxxxx-yyyy-yyyy-yyyy-zzzzzzzzzzzz
IMPORTANT: SSL validation is disabled by default, you can pass different SSL Params overriding the builtin configuration as commented below
The splunk output plugin supports multiple configurations. Please refer to output-splunk-hec.conf
In case you want to specify different parameters and customize the output plugin, you could download output-splunk-hec.conf, make your modifications, and pass the file to the container. For example:
docker run -p 5140:5140 \
-v /path-to-your/output-splunk.conf:/fluentd/etc/output-splunk.conf \
-e LOG_EXPORT_CONTAINER_INPUT=$LOG_EXPORT_CONTAINER_INPUT \
-e LOG_EXPORT_CONTAINER_OUTPUT=splunk \
-e SPLUNK_HEC_HOST=$SPLUNK_HEC_HOST \
-e SPLUNK_HEC_PORT=$SPLUNK_HEC_PORT \
-e SPLUNK_HEC_TOKEN=$SPLUNK_HEC_TOKEN log-export-container