Splunk Cloud Platform

Use Edge Processors

SPL2 Pipeline Templates Reference

The Edge Processor and Ingest Processor solutions come with a selection of prebuilt SPL2 pipeline templates to help you manipulate, route, and analyze your data. You can edit these templates for your specific use case. See the following list:

Data source Pipeline Template Name Description Edge Processor Ingest Processor
Cisco ASA syslog Cisco ASA syslog data: Extract and filter cisco asa syslog data Take Cisco ASA syslog message data and filter it. This template also automatically removes the header information from messages, which reduces the message size by 10%. This template will not filter messages with a syslog message ID of 430003. Yes Yes
Generic template to get started Generic data: De-identify Personally Identifiable Information This template de-identifies Personally Identifiable Information (PII) from patient data. Yes Yes
Generic template to get started Generic data: Mask IP addresses from a specific range This template masks IP addresses based on a specified CIDR range. Yes Yes
Generic template to get started Generic data: Route 'root' user events to special index This template routes events related to the "root" user to a special index. Yes Yes
JSON JSON data: Generate metrics from log data Take pre-configured JSON data to show how the logs_to_metrics function can be used to convert logs to metrics. No Yes
Palo Alto Palo Alto Network logs: Reduce log size Reduce the size of Palo Alto Network logs by removing unnecessary fields. Then, extract recommended event fields. Yes Yes
Palo Alto Palo Alto Networks PAN-OS syslog data: Extract fields and classification of Palo Alto logs Take Palo Alto Networks syslog message data and set the sourcetypes and indexes based on the message text. This pipeline also automatically removes the header information from messages, which reduces the message size by 10%. Yes Yes
Palo Alto Palo Alto Network traffic logs: Generate metrics from logs Generate metrics with dimensions from Palo Alto Network traffic logs, and then route the metrics and the original logs to two different destinations. No Yes
Kubernetes Prometheus-formatted Kubernetes logs: Extract fields and generate metrics Generate metrics with dimensions from Prometheus-formatted Kubernetes logs, and then route the metrics and the original logs to two different destinations. No Yes
Syslog Syslog data: Extract fields and filter for systemd logs Take syslog data and filter it for systemd events. Yes Yes
Syslog Syslog data: Mask IP addresses from hostname field Take syslog data and mask IP addresses from the hostname field. Yes Yes
Nix UNIX and Linux bandwidth logs: Reduce log size and convert to TSV format Reduce the size of 'bandwidth' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux cpu logs: Reduce log size and convert to TSV format Reduce the size of 'cpu' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux df logs: Reduce log size and convert to TSV format Reduce the size of 'df' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. The original tab-separated values (TSV) format of the logs and compatibility with the Splunk Common Information Model (CIM) are both preserved. Yes Yes
Nix UNIX and Linux hardware logs: Reduce log size and convert to tab-separated key-value pair format Reduce the size of 'hardware' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated key-value pair format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux interfaces logs: Reduce log size and convert to TSV format Reduce the size of 'interfaces' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux iostat logs: Reduce log size and convert to TSV format Reduce the size of 'iostat' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux lastlog logs: Reduce log size and convert to TSV format Reduce the size of 'lastlog' logs emitted by the Splunk Add-on for Unix and Linux by converting the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux lsof logs: Reduce log size and convert to TSV format Reduce the size of 'lsof' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux netstat logs: Reduce log size and convert to TSV format Reduce the size of 'netstat' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux package logs: Reduce log size and convert to TSV format Reduce the size of 'package' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux ps logs: Reduce log size and convert to TSV format Reduce the size of 'ps' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux top logs: Reduce log size and convert to TSV format Reduce the size of 'top' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated values (TSV) format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux vmstat logs: Reduce log size and convert to tab-separated key-value pair format Reduce the size of 'vmstat' logs emitted by the Splunk Add-on for Unix and Linux by removing unnecessary data. Then, convert the logs into tab-separated key-value pair format while preserving compatibility with the Splunk Common Information Model (CIM). Yes Yes
Nix UNIX and Linux process status logs: Generate metrics from logs Generate metrics with dimensions from UNIX and Linux process logs, and then route the metrics and original logs to two different destinations No Yes
Windows Windows event logs: Convert logs from XML to JSON Convert Windows event logs from XML to JSON, reduce the size of the logs by removing unnecessary data, and extract event fields to ensure compatibility with the Splunk Add-on for Microsoft Windows and the Splunk Common Information Model (CIM). Yes Yes
Last modified on 14 April, 2025
Use templates to create pipelines for Edge Processors   Getting sample data for previewing data transformations

This documentation applies to the following versions of Splunk Cloud Platform: 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406, 9.3.2408 (latest FedRAMP release), 9.3.2411

Acrobat logo Download manual
Acrobat logo Download this page

Please expect delayed responses to documentation feedback while the team migrates content to a new system. We value your input and thank you for your patience as we work to provide you with an improved content experience!

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters