Splunk® Data Stream Processor

Function Reference

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Send data to a Splunk index (Default for Environment)

Use the Send to a Splunk Index (Default for Environment) sink function to send data to a preconfigured default Splunk Enterprise index.

This function sends data to the default Splunk index using the Splunk HTTP Event Collector (HEC). For more information, see the Get data with HTTP Event Collector chapter in the Splunk Enterprise Getting Data In manual.

Prerequisites

Before you can use this function, you must do the following:

Function input schema

See Connecting Splunk indexes to your DSP pipeline.

Required arguments

module
Syntax: ""
Description: Set this to "".
Example in Canvas View: ""
dataset
Syntax: expression<string>
Description: The Splunk index you want to send data to. Defaults to main.
Example in Canvas View: "main"

SPL2 example

When working in the SPL View, you can write the function by providing the arguments in this exact order. 

...| into index("", "main");

Alternatively, you can use named arguments to declare arguments in any order. The following SPL2 example uses named arguments to specify the dataset argument before the module argument. 

...| into index(dataset: "main", module: "");

If you want to use a mix of unnamed and named arguments in your functions, you need to list all unnamed arguments in the correct order before providing the named arguments.

Last modified on 14 April, 2021
Send data to a Splunk index   Send data to Amazon Kinesis Data Streams

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.0, 1.2.1-patch02, 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5, 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters