Splunk Writer

Overview

You can use this Snap to write data to a specific Splunk index.

Splunk Writer Snap

Write-type Snap
Works in Ultra Tasks

Prerequisites

None.

Limitations and known issues

None.

Snap views


View	Description	Examples of upstream and downstream Snaps
Input	It must contain one or more binary data objects.	Multi File Reader
Output	A document with `{"status": "success"}` if the upload is successful.	Mapper Join
Error	Error handling is a generic way to handle errors without losing data or failing the Snap execution. You can handle the errors that the Snap might encounter when running the pipeline by choosing one of the following options from the When errors occur list under the Views tab. The available options are: Stop Pipeline Execution Stops the current pipeline execution when the Snap encounters an error. Discard Error Data and Continue Ignores the error, discards that record, and continues with the remaining records. Route Error Data to Error View Routes the error data to an error view without stopping the Snap execution. Learn more about Error handling in Pipelines.

Snap settings

Note:

Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
Add icon (): Indicates that you can add fields in the field set.
Remove icon (): Indicates that you can remove fields from the field set.


Field / Field set	Type	Description
Label	String	Required. Specify a unique name for the Snap. Modify this to be more appropriate, especially if more than one of the same Snaps is in the pipeline. Default value: Splunk Writer Example: Employees list
Splunk index	String/Expression	Required. A repository for data in Splunk Enterprise. When Splunk Enterprise indexes raw event data, it transforms the data into searchable events. You may select one from the suggested list. If the "=" button is pressed, it can be an expression evaluated with pipeline parameters. Default value: N/A Example: main test_index _myindex (with the "=" button pressed)
Host	String/Expression	Specify the host argument of the event. For more information refer to Splexicon: Host, and host. Default value: N/A Example: myapp-server-01
Host regex	String/Expression	Specify the host_regex argument of the event. For more information refer to host_regex. Default value: N/A Example: "your_regular_expression"
Source	String/Expression	Specify the source field for the incoming data, indicating the origin or location of the log events being sent to Splunk. For more information refer to Splexicon: Source. Default value: N/A Example: my_application_logs
Source type	String/Expression	Specify the sourcetype field for the incoming data, indicating the format or category of the log events being sent to Splunk. For more information refer to Source type and Splexicon: Source type. Default value: N/A Example: apache:access
Snap execution	Dropdown list	Select one of the three modes in which the Snap executes. Available options are: Validate & Execute. Performs limited execution of the Snap and generates a data preview during pipeline validation. Subsequently, performs full execution of the Snap (unlimited records) during pipeline runtime. Execute only. Performs full execution of the Snap during pipeline execution without generating preview data. Disabled. Disables the Snap and all Snaps that are downstream from it.

Examples

Write and query data in Splunk repository