Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Deserialize and preview data from Microsoft Azure Event Hubs in DSP

When you use the Microsoft Azure Event Hubs source function to ingest data from a Microsoft Azure Event Hubs topic, the payloads of the incoming records are stored in a bytes field named body. During data previews, the Splunk Data Stream Processor displays the contents of bytes fields as base64-encoded values. To view the data as human-readable strings during data preview, you must deserialize the data.

Deserializing the body field also makes it usable as input in a wider variety of streaming functions, since most streaming functions do not accept bytes data as input. See the Function Reference manual for information about the data type that each function accepts as input.

Prerequisites

To ingest data from Azure Event Hubs into a DSP pipeline, you must have a connection to an event hub. See Create a DSP connection to Microsoft Azure Event Hubs.

Steps

  1. In DSP, select the Pipelines page.
  2. On the Pipelines page, click Create Pipeline.
  3. Select Microsoft Azure Event Hubs.
  4. Configure the Microsoft Azure Event Hubs function to use your Azure Event Hubs connection and get data from your event hub. See Get data from Microsoft Azure Event Hubs in the Function Reference manual.
  5. On the pipeline canvas, click the Connect a processing or a sink function icon (Add function or branch button) and then select Eval from the function picker.
  6. On the View Configurations tab, enter the following SPL2 expression in the Function field:
    body = deserialize_json_object(body)
    
  7. Click the Start Preview icon (Start Preview button) and click the Eval function on the pipeline canvas to confirm that the data in the body field has been deserialized from bytes into strings.
Last modified on 25 March, 2022
Create a connection to Microsoft Azure Event Hubs  

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters