Getting started with the templates
Templates are predefined pipelines that allow you to get started quickly with the . The comes with several Splunk-built templates, called Default Templates, that you can leverage right away. We strongly recommend you to use a template to create a pipeline when possible, as templates significantly reduce the development time for building pipelines, thereby allowing you to be productive with the Stream Processor Service immediately.
The following table describes the two types of Default Templates that are available.
|Example template||Use the Example templates as a reference to learn how the can manipulate and transform your data. Example templates include sample data, so you can start a preview session and click through each function in the template to see how the data is being transformed every step of the way.
|Quick Start template||Use the Quick Start templates to use the to perform a specific use case in production with minimal configuration required.|
The following table describes the "Example" templates that are available in the .
|Example: Aggregating Windows Event Logs by Host and EventCode||Use this template as an example on how to summarize security logs by the host and EventCode fields. This template counts, for each value of |
|Example: Convert Logs to Metrics||Use this template as an example on how to turn log data into metric data points. This template converts metric-based JSON into the metric schema format compatible with the Splunk HTTP Event Collector.|
|Example: Format Windows Security Logs into JSON Format||Use this template as an example on how to format Windows security logs into JSON format.|
|Example: Mask Sensitive Data||Use this template as an example on how to mask sensitive information from your data before sending it to a destination.|
|Example: Processing AWS CloudTrail and VPC Flow Logs||Use this template as an example of how to process Amazon Web Services CloudTrail and Virtual Private Cloud logs.|
|Example: Route Data to Multiple Destinations||Use this template as an example on how to route data to multiple different destinations.|
Quick Start templates
The following table describes the "Quick Start" templates that are available in the Stream Processor Service.
|Quick Start: Filter and Summarize CISCO ASA Inbound and Outbound Traffic||This template collects processed Cisco ASA data, sets a source type, and properly timestamps the Cisco ASA data before sending it to a Splunk index. In addition, this template also filters and summarizes Cisco ASA inbound and outbound traffic. Summarized traffic statistics are sent as metrics to a Splunk metrics index.|
|Quick Start: Filter and Summarize NGINX Access Logs||This template collects NGINX access logs, removes all 200 event codes to reduce noise, and forwards all other NGINX events to a Splunk index. In addition, this template summarizes average bytes sent by NGINX grouped by |
|Quick Start: Format Linux Performance Monitoring Data for Splunk Infrastructure Monitoring||This template converts Linux Performance Monitoring (perfmon) events into Splunk Infrastructure Monitoring metrics and then sends that data to a Splunk index.|
|Quick Start: Format Windows Performance Monitor Data for Splunk Infrastructure Monitoring||This template formats Windows Performance Monitor Data into a format compatible with Splunk Infrastructure Monitoring. In addition, this template includes an optional function which normalizes field names into the names that Splunk Infrastructure Monitoring expects for its' built-in dashboards.|
|Quick Start: Mask Credit Card Numbers||This template detects and masks credit card numbers in your data. Credit card numbers from Visa, Mastercard, American Express, Diners Club, Discover, and JCB are supported. This template anonymizes the information by redacting all but the last four digits of each credit card number before sending the data to a Splunk index. Any data that doesn't contain credit card numbers is sent unchanged to the same Splunk index.|
|Quick Start: Mask Social Security Numbers||This template detects and masks social security numbers (SSNs) in your data. This template anonymizes the information by redacting the first five digits of each SSN before sending the data to a Splunk index.|
|Quick Start: Reduce Licensing Usage for Windows Security Logs||This template collects Windows Event Logs from a forwarder, removes the verbosity that is often included in Windows Security Logs, and then routes that data to a specified Splunk index. By removing the verbose text that is often found in Windows Security Logs, you can reduce Splunk licensing costs and make your searches more performant.|
Navigating the Canvas View
This documentation applies to the following versions of Stream Processor Service: standard