splunk_search data source

blackstork/splunk, v0.4.2

Installation #

BlackStork SaaS: Plugin dependencies are resolved automatically by the platform. You do not need to install plugins or define the blackstork configuration block manually.

To use the splunk_search data source locally via blackstork-cli, you must declare the blackstork/splunk plugin as a dependency in your global configuration block.

blackstork {
  plugin_versions = {
    "blackstork/splunk" = ">= v0.4.2"
  }
}

After declaring the dependency, execute blackstork-cli install to fetch the plugin. See Configuration for details.

Configuration #

This data source accepts the following configuration arguments within a config data splunk_search block:

config data splunk_search {
  # Required string.
  #
  # For example:
  auth_token = "some string"

  # Optional string.
  # Default value:
  host = null

  # Optional string.
  # Default value:
  deployment_name = null
}

Usage #

This data source accepts the following arguments within a data splunk_search block:

data splunk_search {
  # Required string.
  #
  # For example:
  search_query = "some string"

  # Optional number.
  # Default value:
  max_count = null

  # Optional number.
  # Default value:
  status_buckets = null

  # Optional list of string.
  # Default value:
  rf = null

  # Optional string.
  # Default value:
  earliest_time = null

  # Optional string.
  # Default value:
  latest_time = null
}