Author: buildbot
Date: Tue Oct 15 12:20:39 2013
New Revision: 882720
Log:
Production update by buildbot for camel
Modified:
websites/production/camel/content/cache/main.pageCache
websites/production/camel/content/splunk.html
Modified: websites/production/camel/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/camel/content/splunk.html
==============================================================================
--- websites/production/camel/content/splunk.html (original)
+++ websites/production/camel/content/splunk.html Tue Oct 15 12:20:39 2013
@@ -111,7 +111,8 @@
<h3><a shape="rect" name="Splunk-ProducerEndpoints%3A"></a>Producer Endpoints:
</h3>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Endpoint </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description</th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> stream </td><td colspan="1" rowspan="1"
class="confluenceTd"> streaming mode. When using stream mode be aware of that
Splunk has some internal buffer (about 1MB or so) before events gets to the
index. If you need realtime better use submit or tcp mode. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> submit </td><td colspan="1"
rowspan="1" class="confluenceTd"> submit mode. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> tcp </td><td colspan="1"
rowspan="1" class="confluenceTd"> tcp mode. Requires a open receiver port in
Splunk.</td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Endpoint </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description</th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> stream </td><td colspan="1" rowspan="1"
class="confluenceTd"> streaming mode. When using stream mode be aware of that
Splunk has some internal buffer (about 1MB or so) before events gets to the
index. <br clear="none">
+If you need realtime, better use submit or tcp mode. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> submit </td><td colspan="1"
rowspan="1" class="confluenceTd"> submit mode. </td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> tcp </td><td colspan="1"
rowspan="1" class="confluenceTd"> tcp mode. Requires a open receiver port in
Splunk.</td></tr></tbody></table>
</div>
@@ -120,7 +121,8 @@
<p><b>Example</b></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-
from("direct:start").convertBodyTo(SplunkEvent.class).to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...
+ from("direct:start").convertBodyTo(SplunkEvent.class)
+
.to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")...
]]></script>
</div></div>
<p>In this example a converter is required to convert to a SplunkEvent class.
</p>
@@ -135,7 +137,8 @@
<p><b>Example</b></p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
-
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search
index=myindex sourcetype=someSourcetype").to("direct:search-result");
+
from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search
index=myindex sourcetype=someSourcetype")
+ .to("direct:search-result");
]]></script>
</div></div>
@@ -143,19 +146,26 @@
<h3><a shape="rect" name="Splunk-URIOptions"></a>URI Options</h3>
<div class="table-wrap">
-<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default Value </th><th colspan="1" rowspan="1"
class="confluenceTh"> Context </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">host </td><td colspan="1" rowspan="1"
class="confluenceTd"> localhost </td><td colspan="1" rowspan="1"
class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk host.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">port </td><td colspan="1" rowspan="1"
class="confluenceTd"> 8089 </td><td colspan="1" rowspan="1"
class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk port</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> username </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd">
Both </td><td colspan="1" rowspan="1" class="confluenceTd"> Username for
Splunk</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> password
</td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Both </td><td colspan="1"
rowspan="1" class="confluenceTd"> Password for Splunk</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> connectionTimeout </td><td
colspan="1" rowspan="1" class="confluenceTd"> 5000 </td><td colspan="1"
rowspan="1" class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Timeout in MS when connecting to Splunk
server</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
useSunHttpsHandler </td><td colspan="1" rowspan="1" class="confluenceTd"> false
</td><td colspan="1" rowspan="1" class="confluenceTd"> Both </td><td
colspan="1" rowspan="1" class="confluenceTd"> Use
sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk
Connection.
Can be useful when running in application servers to avoid app. server https
handling.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> index
</td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Producer </td><td colspan="1"
rowspan="1" class="confluenceTd"> Splunk index to write to</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> sourceType </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk sourcetype arguement</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> source </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk source arguement</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> tcpReceiverPort </t
d><td colspan="1" rowspan="1" class="confluenceTd"> 0 </td><td colspan="1"
rowspan="1" class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk tcp receiver port when using tcp producer
endpoint.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
initEarliestTime </td><td colspan="1" rowspan="1" class="confluenceTd"> null
</td><td colspan="1" rowspan="1" class="confluenceTd"> Consumer </td><td
colspan="1" rowspan="1" class="confluenceTd"> Initial start offset of the first
search. Required</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
earliestTime </td><td colspan="1" rowspan="1" class="confluenceTd"> null
</td><td colspan="1" rowspan="1" class="confluenceTd"> Consumer </td><td
colspan="1" rowspan="1" class="confluenceTd"> Earliest time of the search time
window.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
latestTime </td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rows
pan="1" class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Latest time of the search time window.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> count </td><td colspan="1"
rowspan="1" class="confluenceTd"> 0 </td><td colspan="1" rowspan="1"
class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
class="confluenceTd"> A number that indicates the maximum number of entities to
return. Note this is not the same as maxMessagesPerPoll which currently is
unsupported</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
search </td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Consumer </td><td colspan="1"
rowspan="1" class="confluenceTd"> The Splunk query to run</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> savedSearch </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Consumer </
td><td colspan="1" rowspan="1" class="confluenceTd"> The name of the query
saved in Splunk to run</td></tr></tbody></table>
+<table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"> Name </th><th colspan="1" rowspan="1"
class="confluenceTh"> Default Value </th><th colspan="1" rowspan="1"
class="confluenceTh"> Context </th><th colspan="1" rowspan="1"
class="confluenceTh"> Description </th></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">host </td><td colspan="1" rowspan="1"
class="confluenceTd"> localhost </td><td colspan="1" rowspan="1"
class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk host.</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd">port </td><td colspan="1" rowspan="1"
class="confluenceTd"> 8089 </td><td colspan="1" rowspan="1"
class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk port</td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"> username </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd">
Both </td><td colspan="1" rowspan="1" class="confluenceTd"> Username for
Splunk</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> password
</td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Both </td><td colspan="1"
rowspan="1" class="confluenceTd"> Password for Splunk</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> connectionTimeout </td><td
colspan="1" rowspan="1" class="confluenceTd"> 5000 </td><td colspan="1"
rowspan="1" class="confluenceTd"> Both </td><td colspan="1" rowspan="1"
class="confluenceTd"> Timeout in MS when connecting to Splunk
server</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
useSunHttpsHandler </td><td colspan="1" rowspan="1" class="confluenceTd"> false
</td><td colspan="1" rowspan="1" class="confluenceTd"> Both </td><td
colspan="1" rowspan="1" class="confluenceTd"> Use
sun.net.www.protocol.https.Handler Https hanlder to establish the Splunk
Connection.
<br clear="none">
+Can be useful when running in application servers to avoid app. server https
handling.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"> index
</td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Producer </td><td colspan="1"
rowspan="1" class="confluenceTd"> Splunk index to write to</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> sourceType </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk sourcetype arguement</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> source </td><td colspan="1" rowspan="1"
class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Splunk source arguement</td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"> tcpReceiverPort </td
><td colspan="1" rowspan="1" class="confluenceTd"> 0 </td><td colspan="1"
>rowspan="1" class="confluenceTd"> Producer </td><td colspan="1" rowspan="1"
>class="confluenceTd"> Splunk tcp receiver port when using tcp producer
>endpoint.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
>initEarliestTime </td><td colspan="1" rowspan="1" class="confluenceTd"> null
></td><td colspan="1" rowspan="1" class="confluenceTd"> Consumer </td><td
>colspan="1" rowspan="1" class="confluenceTd"> Initial start offset of the
>first search. Required</td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"> earliestTime </td><td colspan="1" rowspan="1"
>class="confluenceTd"> null </td><td colspan="1" rowspan="1"
>class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
>class="confluenceTd"> Earliest time of the search time
>window.</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
>latestTime </td><td colspan="1" rowspan="1" class="confluenceTd"> null
></td><td colspan="1" rowsp
an="1" class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
class="confluenceTd"> Latest time of the search time window.</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> count </td><td colspan="1"
rowspan="1" class="confluenceTd"> 0 </td><td colspan="1" rowspan="1"
class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
class="confluenceTd"> A number that indicates the maximum number of entities to
return. <br clear="none">
+Note this is not the same as maxMessagesPerPoll which currently is
unsupported</td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd">
search </td><td colspan="1" rowspan="1" class="confluenceTd"> null </td><td
colspan="1" rowspan="1" class="confluenceTd"> Consumer </td><td colspan="1"
rowspan="1" class="confluenceTd"> The Splunk query to run</td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"> savedSearch </td><td colspan="1"
rowspan="1" class="confluenceTd"> null </td><td colspan="1" rowspan="1"
class="confluenceTd"> Consumer </td><td colspan="1" rowspan="1"
class="confluenceTd"> The name of the query saved in Splunk to
run</td></tr></tbody></table>
</div>
+<h3><a shape="rect" name="Splunk-Messagebody"></a>Message body</h3>
+<p>Splunk operates on data in key/value pairs. The SplunkEvent class is a
placeholder for such data, and should be in the message body <br clear="none">
+for the producer. Likewise it will be returned in the body per search result
for the consumer. </p>
+
<h3><a shape="rect" name="Splunk-UseCases"></a>Use Cases</h3>
<p>Search Twitter for tweets with music and publish events to Splunk</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
from("twitter://search?type=polling&keywords=music&delay=10&consumerKey=abc&consumerSecret=def&accessToken=hij&accessTokenSecret=xxx")
- .convertBodyTo(SplunkEvent.class)
-
.to("splunk://submit?username=foo&password=bar&index=camel-tweets&sourceType=twitter&source=music-tweets");
+ .convertBodyTo(SplunkEvent.class)
+
.to("splunk://submit?username=foo&password=bar&index=camel-tweets&sourceType=twitter&source=music-tweets");
]]></script>
</div></div>
+
<p>To convert a Tweet to a SplunkEvent you could use a converter like</p>
<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
@@ -186,6 +196,15 @@ public class Tweet2SplunkEvent {
]]></script>
</div></div>
+<p>Search Splunk for tweets</p>
+<div class="code panel" style="border-width: 1px;"><div class="codeContent
panelContent">
+<script class="theme: Default; brush: java; gutter: false"
type="syntaxhighlighter"><![CDATA[
+
from("splunk://normal?username=foo&password=bar&initEarliestTime=-2m&search=search
index=camel-tweets sourcetype=twitter")
+ .log("${body}");
+]]></script>
+</div></div>
+
+<h3><a shape="rect" name="Splunk-Othercomments"></a>Other comments</h3>
<p>Splunk comes with a variety of options for leveraging machine generated
data with prebuilt apps for analyzing and displaying this. <br clear="none">
For example the jmx app. could be used to publish jmx attributes, eg. route
and jvm metrics to Splunk, and displaying this on a dashboard.</p>
</div>
