Feature REQ: Support for HEC raw endpoint

jcustenborder / kafka-connect-splunk

Kafka Connect connector for receiving data and writing data to Splunk.

Apache License 2.0

25 stars 10 forks source link

Feature REQ: Support for HEC raw endpoint #9

Open lilgreenwein opened 7 years ago

lilgreenwein commented 7 years ago

Starting in version 6.4, Splunk has added a raw endpoint for HEC.

Reference:

http://dev.splunk.com/view/event-collector/SP-CAAAE8Y

Having this available in the kafka-connect-splunk connector would enable users to easier consume and sink unstructured data

jcustenborder commented 7 years ago

@lilgreenwein What were you thinking here. A source connector for receiving data and writing it to Kafka or a sink connector to write to Splunk? This functionality seems to make the most sense for receiving data.

lilgreenwein commented 7 years ago

Likely mostly as a source connector. There are some HEC logging drivers starting to appear that address this raw endpoint /services/collector/event/raw directly, rather than the standard /services/collector/event