splunk_upload

Plugin

ArgDescriptionType
querySource for rows to upload.StoredQuery (required)
threadsHow many threads to use.int64
urlThe Splunk Event Collector URL.string (required)
tokenSplunk HEC Token.string
indexThe name of the index to upload to. If not specified, ensure a column is named _splunk_index.string (required)
sourceThe source field for splunk. If not specified ensure a column is named _splunk_source or this will be ‘velociraptor’.string
sourcetypeThe sourcetype field for splunk. If not specified ensure a column is named _splunk_source_type or this will ‘vql’string
chunk_sizeThe number of rows to send at the time.int64
skip_verifySkip SSL verification(default: False).bool
root_caAs a better alternative to skip_verify, allows root ca certs to be added here.string
wait_timeBatch splunk upload this long (2 sec).int64
hostnameHostname for Splunk Events. Defaults to server hostname.string
timestamp_fieldField to use as event timestamp.string
hostname_fieldField to use as event hostname. Overrides hostname parameter.string
secretAlternatively use a secret from the secrets service. Secret must be of type ‘AWS S3 Creds’string

Required permissions:COLLECT_SERVER

Description

Upload rows to splunk.