tSplunkEventCollector - 6.3

Talend Components Reference Guide

EnrichVersion
6.3
EnrichProdName
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for Big Data
Talend Open Studio for Data Integration
Talend Open Studio for Data Quality
Talend Open Studio for ESB
Talend Open Studio for MDM
Talend Real-Time Big Data Platform
task
Data Governance
Data Quality and Preparation
Design and Development
EnrichPlatform
Talend Studio

Function

tSplunkEventCollector collects and sends the event data to Splunk.

Purpose

tSplunkEventCollector allows you to send the event data to Splunk through Splunk HTTP Event Collector.

tSplunkEventCollector properties

Component family

Business Intelligence/Splunk

Basic settings

Schema and Edit schema

A schema is a row description. It defines the number of fields (columns) to be processed and passed on to the next component. The schema is either Built-In or stored remotely in the Repository.

  • Built-In: You create and store the schema locally for this component only. Related topic: see Talend Studio User Guide.

  • Repository: You have already created the schema and stored it in the Repository. You can reuse it in various projects and Job designs. Related topic: see Talend Studio User Guide.

Since version 5.6, both the Built-In mode and the Repository mode are available in any of the Talend solutions.

This component offers the advantage of the dynamic schema feature. This allows you to retrieve unknown columns from source files or to copy batches of columns from a source without mapping each column individually. For further information about dynamic schemas, see Talend Studio User Guide.

This dynamic schema feature is designed for the purpose of retrieving unknown columns of a table and is recommended to be used for this purpose only; it is not recommended for the use of creating tables.

Note that the schema of this component has been set by default with the following fields. You can click the [...] button next to Edit schema to view and change the predefined schema.

  • time: the event time. Note that the input data is in Java Date format, and it will be transformed to the epoch time format required by Splunk before sending to Splunk HTTP Event Collector.

  • source: the source value of the event data. It is usually the file or directory path, network port, or script from which the event originated.

  • sourcetype: the source type of the event data. It tells what kind of data it is.

  • host: the host of the event data. It is usually the host name, IP address, or fully qualified domain name of the network machine from which the event originated.

  • index: the name of the index by which the event data is to be indexed. It must be within the list of allowed indexes if the token has the indexes parameter set.

For more information about the format of the event data sent to Splunk HTTP Event Collector, see About the JSON event protocol in HTTP Event Collector.

 

 

Click Edit schema to make changes to the schema. If the current schema is of the Repository type, three options are available:

  • View schema: choose this option to view the schema only.

  • Change to built-in property: choose this option to change the schema to Built-in for local changes.

  • Update repository connection: choose this option to change the schema stored in the repository and decide whether to propagate the changes to all the Jobs upon completion. If you just want to propagate the changes to the current Job, you can select No upon completion and choose this schema metadata again in the [Repository Content] window.

 

Splunk Server URL

Enter the URL used to access the Splunk Web Server.

 

Token

Specify the Event Collector token used to authenticate the event data. For more information, see HTTP Event Collector token management.

Advanced settings

Extended output

Select this check box to send the event data to Splunk in batch mode. In the field displayed, enter the number of events to be processed in each batch.

By default, this check box is selected and the number of events to be processed in each batch is 100.

 

tStatCatcher Statistics

Select this check box to gather the Job processing metadata at the Job level as well as at each component level.

Global Variables

NB_LINE: the number of rows processed. This is an After variable and it returns an integer.

RESPONSE_CODE: the response code from Splunk. This is an After variable and it returns an integer.

ERROR_MESSAGE: the error message generated by the component when an error occurs. This is an After variable and it returns a string. This variable functions only if the Die on error check box is cleared, if the component has this check box.

A Flow variable functions during the execution of a component while an After variable functions after the execution of the component.

To fill up a field or expression with a variable, press Ctrl + Space to access the variable list and choose the variable to use from it.

For further information about variables, see Talend Studio User Guide.

Usage

This component is usually used as an end component of a Job or Subjob and it always needs an input link.

Limitation

n/a

Related scenario

No scenario is available for this component yet.