Splunk® Data Stream Processor

Function Reference

DSP 1.2.1 is impacted by the CVE-2021-44228 and CVE-2021-45046 security vulnerabilities from Apache Log4j. To fix these vulnerabilities, you must upgrade to DSP 1.2.4. See Upgrade the Splunk Data Stream Processor to 1.2.4 for upgrade instructions.

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.

Send data to a Splunk index (Default for Environment)

Use the Send to a Splunk Index (Default for Environment) sink function to send data to a preconfigured default Splunk Enterprise index.

This function sends data to the default Splunk index using the Splunk HTTP Event Collector (HEC). For more information, see the Get data with HTTP Event Collector chapter in the Splunk Enterprise Getting Data In manual.

Prerequisites

Before you can use this function, you must do the following:

Function input schema

See Connecting Splunk indexes to your DSP pipeline.

Required arguments

module
Syntax: ""
Description: Set this to "".
Example in Canvas View: ""
dataset
Syntax: expression<string>
Description: The Splunk index you want to send data to. Defaults to main.
Example in Canvas View: "main"

SPL2 example

When working in the SPL View, you can write the function by providing the arguments in this exact order.

...| into index("", "main");

Alternatively, you can use named arguments to declare arguments in any order. The following SPL2 example uses named arguments to specify the dataset argument before the module argument.

...| into index(dataset: "main", module: "");

If you want to use a mix of unnamed and named arguments in your functions, you need to list all unnamed arguments in the correct order before providing the named arguments.

Last modified on 14 April, 2021
Send data to a Splunk index   Send data to Amazon Kinesis Data Streams

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters