On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
Send data to a Splunk index (Default for Environment)
Use the Send to a Splunk Index (Default for Environment) sink function to send data to a preconfigured default Splunk Enterprise index.
This function sends data to the default Splunk index using the Splunk HTTP Event Collector (HEC). For more information, see the Get data with HTTP Event Collector chapter in the Splunk Enterprise Getting Data In manual.
Before you can use this function, you must do the following:
- Ask your DSP administrator to configure a default Splunk Enterprise instance for your DSP environment. See Set a default Splunk Enterprise instance for the Send to a Splunk Index (Default for Environment) function in the Install and Administer the Data Stream Processor manual.
- Format the incoming data to be compatible with Splunk HEC. See Connecting Splunk indexes to your DSP pipeline in the Connect to Data Sources and Destinations with the manual.
Function input schema
- Syntax: ""
- Description: Set this to "".
- Example in Canvas View: ""
- Syntax: expression<string>
- Description: The Splunk index you want to send data to. Defaults to
- Example in Canvas View: "main"
When working in the SPL View, you can write the function by providing the arguments in this exact order.
...| into index("", "main");
Alternatively, you can use named arguments to declare arguments in any order. The following SPL2 example uses named arguments to specify the
dataset argument before the
...| into index(dataset: "main", module: "");
If you want to use a mix of unnamed and named arguments in your functions, you need to list all unnamed arguments in the correct order before providing the named arguments.
Send data to a Splunk index
Send data to Amazon Kinesis Data Streams
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1