Package io.quarkiverse.logging.splunk

Interface SplunkHandlerConfig

public interface SplunkHandlerConfig
The configuration of the Splunk root or any Splunk named handler.

  • Method Details

    • enabled

      @WithDefault("true") boolean enabled()
      Determine whether to enable the handler

    • level

      @WithDefault("ALL") Level level()
      The splunk handler log level. By default, it is no more strict than the root handler level.

    • url

      @WithDefault("https://localhost:8088/") String url()
      Splunk HEC endpoint base url.

      With raw events, the endpoint targeted is /services/collector/raw. With flat or nested JSON events, the endpoint targeted is /services/collector/event/1.0.

    • disableCertificateValidation

      @WithDefault("false") boolean disableCertificateValidation()
      Disable TLS certificate validation with HEC endpoint

    • token

      Optional<String> token()
      The application token to authenticate with HEC, the token is mandatory if the extension is enabled https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector#HEC_token

    • sendMode

      @WithDefault("sequential") SplunkHandlerConfig.SendMode sendMode()
      The strategy to send events to HEC.

      In sequential mode, there is only one HTTP connection to HEC and the order of events is preserved, but performance is lower. In parallel mode, event batches are sent asynchronously over multiple HTTP connections, and events with the same timestamp (that has 1 millisecond resolution) may be indexed out of order by Splunk.

    • channel

      Optional<String> channel()
      A GUID to identify an HEC client and guarantee isolation at HEC level in case of slow clients.
      See Also:

    • batchInterval

      @WithDefault("10s") Duration batchInterval()
      Batching delay before sending a group of events.

      If 0, the events are sent immediately.

    • batchSizeCount

      @WithDefault("10") long batchSizeCount()
      Maximum number of events in a batch. By default 10, if 0 no batching.

    • batchSizeBytes

      @WithDefault("10240") long batchSizeBytes()
      Maximum total size in bytes of events in a batch. By default 10KB, if 0 no batching.

    • maxRetries

      @WithDefault("0") long maxRetries()
      Maximum number of retries in case of I/O exceptions with HEC connection.

    • middleware

      Optional<String> middleware()
      A middleware to customize the behavior of sending events to Splunk.
      See Also:
      • HttpEventCollectorMiddleware

    • format

      @WithDefault("%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c{3.}] (%t) %s%e%n") String format()
      The log format, defining which metadata are inlined inside the log main payload.

      Specific metadata (hostname, category, thread name, ...), as well as MDC key/value map, can also be sent in a structured way.

    • includeException

      @WithDefault("false") boolean includeException()
      Whether to send the thrown exception message as a structured metadata of the log event (as opposed to %e in a formatted message, it does not include the exception name or stacktrace). Only applicable to 'nested' serialization.

    • includeLoggerName

      @WithDefault("false") boolean includeLoggerName()
      Whether to send the logger name as a structured metadata of the log event (equivalent of %c in a formatted message). Only applicable to 'nested' serialization.

    • includeThreadName

      @WithDefault("false") boolean includeThreadName()
      Whether to send the thread name as a structured metadata of the log event (equivalent of %t in a formatted message). Only applicable to 'nested' serialization.

    • metadataHost

      Optional<String> metadataHost()
      Overrides the host name metadata value.

      Default value: the equivalent of %h in a formatted message.

    • metadataSource

      Optional<String> metadataSource()
      The source value to assign to the event data. For example, if you're sending data from an app you're developing, you could set this key to the name of the app.
      See Also:

    • metadataSourceType

      Optional<String> metadataSourceType()
      The optional format of the events, to enable some parsing on Splunk side.

      A given source type may have indexed fields extraction enabled, which is the case of the built-in _json used for nested serialization.

      Default value: _json for nested serialization, not set otherwise

      See Also:

    • metadataIndex

      Optional<String> metadataIndex()
      The optional name of the index by which the event data is to be stored. If set, it must be within the list of allowed indexes of the token (if it has the indexes parameter set).
      See Also:

    • metadataFields

      Map<String,String> metadataFields()
      Optional static key/value pairs to populate the "fields" key of event metadata. This isn't applicable to raw serialization.
      See Also:

    • metadataSeverityFieldName

      @WithDefault("severity") String metadataSeverityFieldName()
      The name of the key used to convey the severity / log level in the metadata fields. Only applicable to 'flat' serialization. With 'nested' serialization, there is already a 'severity' field.

    • raw

      @Deprecated(forRemoval=true) @WithDefault("false") boolean raw()
      Deprecated, for removal: This API element is subject to removal in a future version.
      Use serialization()
      Determines whether the events are sent in raw mode. In case the raw event (i.e. the actual log message) is not a JSON object you need to explicitly set a source type or Splunk will reject the event (the default source type, _json, assumes that the incoming event can be parsed as JSON)

    • serialization

      @WithDefault("nested") SplunkHandlerConfig.SerializationFormat serialization()
      The format of the payload.
      • With raw serialization, the log message is sent 'as is' in the HTTP body. Metadata can only be common to a whole batch and are sent via HTTP parameters.
      • With nested serialization, the log message is sent into a 'message' field of a JSON structure which also contains dynamic metadata.
      • With flat serialization, the log message is sent into the root 'event' field. Dynamic metadata is sent via the 'fields' root object.

    • filter

      Optional<String> filter()
      The name of the named filter to link to the splunk handler.

    • async

      AsyncConfig async()
      AsyncHandler config

      This is independent of the SendMode, i.e. whether the HTTP client is async or not.

    • connectTimeout

      @WithDefault("3000") long connectTimeout()
      Sets the default connect timeout for new connections in milliseconds.

    • callTimeout

      @WithDefault("0") long callTimeout()
      Sets the default timeout for complete calls in milliseconds.

    • readTimeout

      @WithDefault("10000") long readTimeout()
      Sets the default read timeout for new connections in milliseconds.

    • writeTimeout

      @WithDefault("10000") long writeTimeout()
      Sets the default write timeout for new connections in milliseconds.

    • terminationTimeout

      @WithDefault("0") long terminationTimeout()
      Sets the default termination timeout during a flush in milliseconds.