Telegraf: Feature Request: Splunk Output plugin

Created on 26 Aug 2017  路  13Comments  路  Source: influxdata/telegraf

Proposal:

Splunk(Http event collector) Output plugin

Use case

Push telegraf metrics to Splunk.

feature request
Source
picture adityacs

Most helpful comment

https://github.com/influxdata/telegraf/pull/4339 should resolve this, for both File and HEC (http) outputs.

picture arohter on 26 Jun 2018
1 🎉1 👍1

All 13 comments

I am aware that "file" output plugin can be used to write telegraf metrics to file and then use splunk agent to push metrcis from file. However, as in Elasticsearch output plugin we can directly push metrics to Splunk instead of telegraf to file and then to Splunk.

@danielnelson @sparrc Let me know your views.

adityacs picture adityacs on 26 Aug 2017

Sounds like it would be a nice thing to have, though the fact that it is not open source makes it more difficult to test and fix bugs.

If this is something you are planning to work on just keep in mind that it may take some time to be merged into this repo depending on what the perceived demand is.

danielnelson picture danielnelson on 29 Aug 2017

@danielnelson Got your point. This is one use case I have at my workplace. If I work on this, will create a PR.

adityacs picture adityacs on 29 Aug 2017
👍1

I am using socket writer at the moment to push data from telegraf into splunk. Splunk is configured to listen on a UDP socket and socket writer pushes data to splunk in json format. Problem is there is no authentication, it will be good to have a plugin which supports output to https with ability to send authorization header.

ayounas picture ayounas on 26 Sep 2017

The Splunk documentation spells out how the data would have to be formatted. But at its simplest, the data could look as follows:

{
  "time": 1486683865.000,
  "event": "metric",
  "host":"host_12345",
  "fields": {
    "_value": 1099511627776,
    "metric_name": "my.metric.name",
    "dim1": "foo",
    "dim2": "bar"
  }
}`
poezn picture poezn on 31 Oct 2017

@ronnocol are you intending to push your splunkHEC output work to the origin? I'd be keen to start using this too.

smallsam picture smallsam on 15 Jan 2018

I do, however, since I did it as a work project... the CLA is in legal review. Hopefully we'll get it resolved really soon and I'll be able to put in a pull request.

ronnocol picture ronnocol on 16 Jan 2018

@ronnocol have there been any updates?

kplimack picture kplimack on 8 Mar 2018
👍1

I also need this.

vidkun picture vidkun on 13 Apr 2018

how does this relate to https://github.com/influxdata/telegraf/pull/4185 and https://github.com/influxdata/telegraf/pull/4300 ?

russorat picture russorat on 22 Jun 2018

I've been unable to get final sign-off for the CLA. After reviewing #4185 and #4300, I would recommend #4300. There's very little manipulation of the data, it allows you to use HECs with SSL and private certs (w/o making those certs trusted.) So, if I had a vote, I'd vote for #4300.

ronnocol picture ronnocol on 22 Jun 2018

https://github.com/influxdata/telegraf/pull/4339 should resolve this, for both File and HEC (http) outputs.

arohter picture arohter on 26 Jun 2018
1 🎉1 👍1

We have merged #4339, which is the splunk metrics serializer, (thanks @ronnocol). What "serializer" means in this case is that you will need to use it along with any output that has the data_format option. There are some good examples in the documentation.

I'm going to close this issue, but if anyone is interested on working on it we would also accept a Splunk output that uses the new serializer and whose main purpose is just to wrap everything up into a more turn-key solution.

danielnelson picture danielnelson on 11 Sep 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Isonami picture Isonami  路  3Comments
corentingi picture corentingi  路  3Comments
mabushey picture mabushey  路  3Comments
fahimeh2010 picture fahimeh2010  路  3Comments
hluaces picture hluaces  路  3Comments