splunk_search data source

blackstork/splunk, v0.4.1

Installation #

To use splunk_search data source, you must install the plugin blackstork/splunk.

To install the plugin, add the full plugin name to the plugin_versions map in the Fabric global configuration block (see Global configuration for more details), as shown below:

fabric {
  plugin_versions = {
    "blackstork/splunk" = ">= v0.4.1"
  }
}

Note the version constraint set for the plugin.

Configuration #

The data source supports the following configuration parameters:

config data splunk_search {
    auth_token = <string>  # required
    deployment_name = <string>  # optional
    host = <string>  # optional
}

Usage #

The data source supports the following parameters in the data blocks:

data splunk_search {
    earliest_time = <string>  # optional
    latest_time = <string>  # optional
    max_count = <number>  # optional
    rf = <list of string>  # optional
    search_query = <string>  # required
    status_buckets = <number>  # optional
}