docs/nifi-docs/components/org.apache.nifi/nifi-splunk-nar/1.19.1/org.apache.nifi.processors.splunk.PutSplunkHTTP/additionalDetails.html - nifi-site - Git at Google

 <!DOCTYPE html>
 <html lang="en">
 <!--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the "License"); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at
       http://www.apache.org/licenses/LICENSE-2.0
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an "AS IS" BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 -->
 <head>
     <meta charset="utf-8" />
     <title>PutSplunkHTTP</title>
     <link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" />
 </head>

 <body>
 <h2>PutSplunkHTTP</h2>

 <p>
     This processor serves as a counterpart for PutSplunk processor. While the later solves communication using TCP and
     UDP protocols, PutSplunkHTTP aims to send events into Splunk via HTTP or HTTPS. In this fashion, this processor
     shows similarities with GetSplunk processor and the properties relevant to the connection with Splunk server are
     identical. There are however some aspects unique for this processor:
 </p>

 <h3>Content details</h3>

 <p>
     PutSplunkHTTP allows the user to specify some metadata about the event being sent to the Splunk. These include: the
     "Character Set" and the "Content Type" of the flow file content, using the matching properties. If the incoming
     flow file has "mime.type" attribute, the processor will use it, unless the "Content Type" property is set, in which
     case the property will override the flow file attribute.
 </p>

 <h3>Event parameters</h3>

 <p>
     The "Source", "Source Type", "Host" and "Index" properties are optional and will be set by Splunk if unspecified. If set,
     the default values will be overwritten by user specified ones. For more details about the Splunk API, please visit
     <a href="https://docs.splunk.com/Documentation/Splunk/LATEST/RESTREF/RESTinput#services.2Fcollector.2Fraw">this documentation</a>.
 </p>

 <h3>Acknowledgements</h3>

 <p>
     HTTP Event Collector (HEC) in Splunk provides the possibility of index acknowledgement, which can be used to monitor
     the indexing status of the individual events. PutSplunkHTTP supports this feature by enriching the outgoing flow file
     with the necessary information, making it possible for a later processor to poll the status based on. The necessary
     information for this is stored within flow file attributes "splunk.acknowledgement.id" and "splunk.responded.at".
 </p>

 <p>
     For further steps of acknowledgement handling in NiFi side, please refer to QuerySplunkIndexingStatus processor. For more
     details about the index acknowledgement, please visit <a href="https://docs.splunk.com/Documentation/Splunk/LATEST/Data/AboutHECIDXAck">this documentation</a>.
 </p>

 <h3>Error information</h3>

 <p>
     For more refined processing, flow files are enriched with additional information if possible. The information is stored
     in the flow file attribute "splunk.status.code" or "splunk.response.code", depending on the success of the processing.
     The attribute "splunk.status.code" is always filled when the Splunk API call is executed and contains the HTTP status code
     of the response. In case the flow file transferred into "failure" relationship, the "splunk.response.code" might be
     also filled, based on the Splunk response code.
 </p>

 </body>
 </html>
	<!DOCTYPE html>
	<html lang="en">
	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at
	http://www.apache.org/licenses/LICENSE-2.0
	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->
	<head>
	<meta charset="utf-8" />
	<title>PutSplunkHTTP</title>
	<link rel="stylesheet" href="../../../../../css/component-usage.css" type="text/css" />
	</head>

	<body>
	<h2>PutSplunkHTTP</h2>

	<p>
	This processor serves as a counterpart for PutSplunk processor. While the later solves communication using TCP and
	UDP protocols, PutSplunkHTTP aims to send events into Splunk via HTTP or HTTPS. In this fashion, this processor
	shows similarities with GetSplunk processor and the properties relevant to the connection with Splunk server are
	identical. There are however some aspects unique for this processor:
	</p>

	<h3>Content details</h3>

	<p>
	PutSplunkHTTP allows the user to specify some metadata about the event being sent to the Splunk. These include: the
	"Character Set" and the "Content Type" of the flow file content, using the matching properties. If the incoming
	flow file has "mime.type" attribute, the processor will use it, unless the "Content Type" property is set, in which
	case the property will override the flow file attribute.
	</p>

	<h3>Event parameters</h3>

	<p>
	The "Source", "Source Type", "Host" and "Index" properties are optional and will be set by Splunk if unspecified. If set,
	the default values will be overwritten by user specified ones. For more details about the Splunk API, please visit
	<a href="https://docs.splunk.com/Documentation/Splunk/LATEST/RESTREF/RESTinput#services.2Fcollector.2Fraw">this documentation</a>.
	</p>

	<h3>Acknowledgements</h3>

	<p>
	HTTP Event Collector (HEC) in Splunk provides the possibility of index acknowledgement, which can be used to monitor
	the indexing status of the individual events. PutSplunkHTTP supports this feature by enriching the outgoing flow file
	with the necessary information, making it possible for a later processor to poll the status based on. The necessary
	information for this is stored within flow file attributes "splunk.acknowledgement.id" and "splunk.responded.at".
	</p>

	<p>
	For further steps of acknowledgement handling in NiFi side, please refer to QuerySplunkIndexingStatus processor. For more
	details about the index acknowledgement, please visit <a href="https://docs.splunk.com/Documentation/Splunk/LATEST/Data/AboutHECIDXAck">this documentation</a>.
	</p>

	<h3>Error information</h3>

	<p>
	For more refined processing, flow files are enriched with additional information if possible. The information is stored
	in the flow file attribute "splunk.status.code" or "splunk.response.code", depending on the success of the processing.
	The attribute "splunk.status.code" is always filled when the Splunk API call is executed and contains the HTTP status code
	of the response. In case the flow file transferred into "failure" relationship, the "splunk.response.code" might be
	also filled, based on the Splunk response code.
	</p>

	</body>
	</html>