querySource for rows to upload.StoredQuery (required)
threadsHow many threads to use.int64
urlThe Splunk Event Collector URL.string
tokenSplunk HEC Token.string
indexThe name of the index to upload to.string (required)
sourceThe source field for splunk. If not specified this will be ‘velociraptor’.string
sourcetypeThe sourcetype field for splunk. If not specified this will ‘vql’string
chunk_sizeThe number of rows to send at the time.int64
skip_verifySkip SSL verification(default: False).bool
root_caAs a better alternative to skip_verify, allows root ca certs to be added here.string
wait_timeBatch splunk upload this long (2 sec).int64
hostnameHostname for Splunk Events. Defaults to server hostname.string
timestamp_fieldField to use as event timestamp.string
hostname_fieldField to use as event hostname. Overrides hostname parameter.string


Upload rows to splunk.