Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build Splunk sink #19

Closed
lukesteensen opened this issue Sep 21, 2018 · 2 comments
Closed

Build Splunk sink #19

lukesteensen opened this issue Sep 21, 2018 · 2 comments
Assignees
@michaelfairley @lukesteensen

Comments

@lukesteensen
Copy link
Member

The first sink we need to build is for Splunk. At this stage, we only provide value to them by being in front of Splunk itself.

From our perspective, by far the most desirable Splunk integration would be with the HTTP Event Collector (HEC). There are multiple open source examples of integrations with this collector that we could work from, and it's relatively simple HTTP requests.

Based on our meeting, it sounds like they're in the process of testing the HEC and it is not yet supported in production. It seems unlikely that supporting something else would be a better decision than simply making their rollout of the HEC a dependency of their rollout of the router, but we should verify that point with them before committing to it completely.
@lukesteensen lukesteensen mentioned this issue Sep 21, 2018
Closed
@lukesteensen
Copy link
Member Author

Decided to build a raw TCP sink first, since that's simpler for the time being and their initial sampling use case won't need to add any structured data.

@lukesteensen
Copy link
Member Author

Reopening this now that we have structured data support and it's clear that their ideal sampling implementation will rely on it. Building a HEC sink will also provide a much better overall experience than relying on raw TCP (e.g. support for parsed fields, original host forwarding, etc).

@lukesteensen lukesteensen reopened this Dec 6, 2018
@michaelfairley michaelfairley self-assigned this Dec 11, 2018
moogstuart referenced this issue in Moogsoft/vector Apr 6, 2021
@moogstuart
refactor(exec source) Address review comments (#19)
5f65b4c 
Signed-off-by: Stuart Broad <stuart@moogsoft.com>
moogeric referenced this issue in Moogsoft/vector Jun 16, 2021
@moogstuart
refactor(exec source) Address review comments (#19)
07d5232 
Signed-off-by: Stuart Broad <stuart@moogsoft.com>
dbcfd pushed a commit to dbcfd/vector that referenced this issue Jan 17, 2022
Merged in SENS-812-map-flatten (pull request vectordotdev#19)
0876ef6 
SENS-812 Adding optional flatten arg to map function

Approved-by: Danny Browning
neuronull added a commit that referenced this issue May 5, 2023
@neuronull
touch amqp (#19)
85aa21c 
<!--
**Your PR title must conform to the conventional commit spec!**

  <type>(<scope>)!: <description>

  * `type` = chore, enhancement, feat, fix, docs
  * `!` = OPTIONAL: signals a breaking change
* `scope` = Optional when `type` is "chore" or "docs", available scopes
https://github.com/vectordotdev/vector/blob/master/.github/semantic.yml#L20
  * `description` = short description of the change

Examples:

  * enhancement(file source): Add `sort` option to sort discovered files
  * feat(new source): Initial `statsd` source
  * fix(file source): Fix a bug discovering new files
  * chore(external docs): Clarify `batch_size` option
-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaelfairley michaelfairley

@lukesteensen lukesteensen

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@michaelfairley @lukesteensen @binarylogic