[CONF] Apache Camel > Splunk

[willem jiang (Confluence)]

willem jiang edited the page: Splunk ... Maven users will need to add the following dependency to their pom.xml for this component: Code Block xml <dependency> <groupId>org.apache.camel</groupId> <artifactId>camel-splunk</artifactId> <version>${camel-version}</version> </dependency> URI format Code Block splunk://[endpoint]?[options] ... When publishing events the message body should contain a SplunkEvent. Example Code Block language java from("direct:start").convertBodyTo(SplunkEvent.class) .to("splunk://submit?username=user&password=123&index=myindex&sourceType=someSourceType&source=mySource")... ... Wiki Markup {div:class=confluenceTableSmall} || Endpoint || Description |normal | Performs normal search and requires a search query in the search option. |savedsearch| Performs search based on a search query saved in splunk and requires the name of the query in the savedSearch option. {div} Example Code Block language java from("splunk://normal?delay=5s&username=user&password=123&initEarliestTime=-10s&search=search index=myindex sourcetype=someSourcetype") .to("direct:search-result"); ... Search Twitter for tweets with music and publish events to Splunk Code Block language java from("twitter://search?type=polling&keywords=music&delay=10&consumerKey=abc&consumerSecret=def&accessToken=hij&accessTokenSecret=xxx") .convertBodyTo(SplunkEvent.class) .to("splunk://submit?username=foo&password=bar&index=camel-tweets&sourceType=twitter&source=music-tweets"); To convert a Tweet to a SplunkEvent you could use a converter like Code Block language java @Converter public class Tweet2SplunkEvent { @Converter public static SplunkEvent convertTweet(Status status) { SplunkEvent data = "" SplunkEvent("twitter-message", null); //data.addPair("source", status.getSource()); data.addPair("from_user", status.getUser().getScreenName()); data.addPair("in_reply_to", status.getInReplyToScreenName()); data.addPair(SplunkEvent.COMMON_START_TIME, status.getCreatedAt()); data.addPair(SplunkEvent.COMMON_EVENT_ID, status.getId()); data.addPair("text", status.getText()); data.addPair("retweet_count", status.getRetweetCount()); if (status.getPlace() != null) { data.addPair("place_country", status.getPlace().getCountry()); data.addPair("place_name", status.getPlace().getName()); data.addPair("place_street", status.getPlace().getStreetAddress()); } if (status.getGeoLocation() != null) { data.addPair("geo_latitude", status.getGeoLocation().getLatitude()); data.addPair("geo_longitude", status.getGeoLocation().getLongitude()); } return data; } } Search Splunk for tweets Code Block language java from("splunk://normal?username=foo&password=bar&initEarliestTime=-2m&search=search index=camel-tweets sourcetype=twitter") .log("${body}"); ... Splunk comes with a variety of options for leveraging machine generated data with prebuilt apps for analyzing and displaying this. For example the jmx app. could be used to publish jmx attributes, eg. route and jvm metrics to Splunk, and displaying this on a dashboard. Include Page Endpoint See Also View Online · Like · View Changes Stop watching space · Manage Notifications This message was sent by Atlassian Confluence 5.0.3, Team Collaboration Software