Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

DSP 1.2.1 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.4. See Upgrade the Splunk Data Stream Processor to 1.2.4 for upgrade instructions.

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.

Connecting Splunk Observability to your DSP pipeline

When creating a data pipeline in the , you can connect to Splunk Infrastructure Monitoring or Splunk APM and use it as a data destination. You can get data into a data pipeline, transform it, and then send the transformed data to a Splunk Observability endpoint. The data that you send to Splunk Observability must either be formatted according to the Splunk Infrastructure Monitoring metrics schema or be in Zipkin format.

To connect to Splunk Infrastructure Monitoring or Splunk APM as a data destination, you must complete the following tasks:

  1. Create a connection that allows DSP to send data to your Splunk Observability endpoint. See Create a DSP connection to Splunk Observability.
  2. Create a pipeline that ends with one of these sink functions:
    • The Send to Splunk Infrastructure Monitoring sink function for sending data that is compatible with the Splunk Infrastructure Monitoring metrics schema. See Formatting data into the Splunk Infrastructure Monitoring metrics schema for more information about the schema requirements.
    • The Send to Splunk APM sink function for sending data that uses the Zipkin format. See the Zipkin Data Model documentation for more information about this format.

    See the Building a pipeline chapter in the Use the Data Stream Processor manual for instructions on how to build a data pipeline.

  3. Configure the sink function to use your Splunk Observability connection and send data to your endpoint. See Send data to Splunk Infrastructure Monitoring or Send data to Splunk APM in the Function Reference manual.

When you activate the pipeline, the sink function starts sending data from the pipeline to the specified endpoint.

Last modified on 25 March, 2022
Performance expectations for sending data from DSP pipelines to Splunk Enterprise   Create a DSP connection to Splunk Observability

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters