Skip to content

Testing the `splunk` source

Jump to bottom
Stephen Wakely edited this page Nov 30, 2022 · 2 revisions

A good way to send data to the Splunk source is to use the Docker Splunk logging driver.

Vector

Configure the source:

sources:
  splunk:
    type: splunk_hec
    address: 127.0.0.1:8088
    token: "nork"
    valid_tokens: [ "nork" ]

Docker

Then run flog in Docker with this:

> docker run --log-driver=splunk --log-opt splunk-token=nork --log-opt splunk-url=http://localhost:8088 --log-opt splunk-format=json  mingrammer/flog -n 2

Change the splunk-format option to either json, inline or raw to test the different formats.

Clone this wiki locally