Supported Data Types:
📘 Logs | 📈 Metrics | 🚦 TracesConfiguration
Splunk HEC Destination Configuration
| Field | Type | Default | Required | Description |
|---|---|---|---|---|
| Name | String | none | true | Unique identifier within Sawmills. |
| Endpoint | String | none | true | The Splunk HTTP Event Collector (HEC) endpoint where telemetry data is sent. Format: https://splunk:8088/services/collector. Consider separating to address, port, and path. |
| Account Token | String | none | true | The authentication token required for sending data to Splunk. |
| Index | String | none | false | Optional name of the Splunk index targeted. |
| Enabled Data Types | Checkbox | Metrics, Logs, Traces | The telemetry data types you want to export. |
Advanced Options
| Field | Type | Default | Required | Description |
|---|---|---|---|---|
| Source | String | none | false | Default Splunk source assigned to all events sent through this destination. |
| Source Type | String | none | false | Default Splunk source type assigned to all events sent through this destination. |
| Skip TLS Verification | Boolean | false | false | Enabling this setting skips verifying the server’s certificate chain when sending data over HTTPS. |
Setting Source and Source Type
By default, sources like Fluent Forward do not set Splunksource and sourcetype. You can set fallback values for all events through the Source and Source Type destination options above.
To set them dynamically per-event, use a Modify Attribute Processor to set Resource.com\.splunk\.source and Resource.com\.splunk\.sourcetype — either to a static value or from an existing log attribute. When present, these resource attributes override the static destination values.