You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@nifi.apache.org by JPercivall <gi...@git.apache.org> on 2016/03/01 23:26:18 UTC

[GitHub] nifi pull request: NIFI-1420 Adding Splunk bundle 

Github user JPercivall commented on the pull request:

    https://github.com/apache/nifi/pull/233#issuecomment-190934511
  
    I observed a couple of interesting interactions when testing the PutSplunk processor. I'm not sure whether it is a problem with the processor, the Splunk Java SDK, Splunk Enterprise or my Splunk configurations:
    * I set up the PutSplunk processor to communicate via UDP and created a UDP data input using the UI for Splunk Enterprise. The PutSplunk is transmitting messages at ~1 per second. While it's transmitting no new events are created yet in Splunk Enterprise (verified by viewing a real time view of the past 30 seconds). I stop the PutSplunk processor and then run a search in Splunk UI to see if any events came in on that port. There is one event that is registered at when I started the processor and contains effectively all (didn't count the seconds I was sending) the data that was generated. I'm not sure why all the UDP messages are grouped together. When I set PutSplunk to send messages every 20 seconds the UDP messages are treated as their own event.
    * I set up PutSplunk to communicate via TCP using SSL. I looked for options to create a Data Input in Splunk Enterprise using TCP and SSL but couldn't find anything definitive (and all my searches turned up results for the Forwarder). I enabled SSL in Splunk Web by going to the general settings and notice that SSL properties are in the inputs.conf and server.conf files. I attempt to send data using PutSplunk using SSL to the TCP data input. The event is received and I see it in the Splunk UI in real time. The only problem being that it's still encoded (see image). Typically when I get errors with SSL there is some obscure error relating to truncation attacks or Cipher Suites but I didn't seem to get any errors.
    ![screen shot 2016-03-01 at 5 21 54 pm](https://cloud.githubusercontent.com/assets/11302527/13444066/2357d1e2-dfd2-11e5-8150-9684b7299a6d.png)
    



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---