On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details.
Send data to Amazon Kinesis Data Streams
Use the Send to Amazon Kinesis Data Streams sink function to send data to Amazon Kinesis Data Streams.
Optionally, you can specify the Kinesis partition key for each record. If you do not provide a partition key, a hash of the payload determines the partition key.
Prerequisites
Before you can use this function, you must create a connection. See Create a connection to Amazon Kinesis Data Streams in the Connect to Data Sources and Destinations with the manual. When configuring this sink function, set the connection_id
argument to the ID of that connection.
Function input schema
Accepts records with any specific schema, but the event body or payload of the incoming records must be serialized as bytes.
Required arguments
- connection_id
- Syntax: string
- Description: The ID of the Amazon Kinesis Data Streams connection you must create before using this function.
- Example in Canvas View: "conx-2b39464e-0924"
- stream_name
- Syntax: string
- Description: The name of the Kinesis stream to send data to.
- Example in Canvas View: "my-stream-123"
- body
- Syntax: expression<bytes>
- Description: The field containing the event body or payload to send to Kinesis. You can specify the name of a field that's serialized as bytes or provide an expression that converts a field into bytes.
- Example in Canvas View: to_bytes(cast(body, "string"))
Optional arguments
- partition_key
- Syntax: expression<string>
- Description: Your Kinesis partition key. See the AWS documentation about partition keys. Defaults to null.
- Example in Canvas View: "my-partition-key"
SPL2 example
When working in the SPL View, you can write the function by providing the arguments in this exact order.
...| into kinesis("879837b0-cabf-4bc2-8589-fcc4dad753e7", "my-stream-123", to_bytes(cast(body, "string")));
Alternatively, you can use named arguments to declare the arguments in any order and leave out optional arguments you don't want to declare. All unprovided arguments use their default values. The following example provides the arguments in an arbitrary order.
...| into kinesis(stream_name: "my-stream-123", connection_id: "879837b0-cabf-4bc2-8589-fcc4dad753e7", body: to_bytes(cast(body, "string")));
If you want to use a mix of unnamed and named arguments in your functions, you need to list all unnamed arguments in the correct order before providing the named arguments.
Send data to a Splunk index (Default for Environment) | Send data to Amazon S3 |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6
Feedback submitted, thanks!