search

vectordotdev / vector

A high-performance observability data pipeline.
https://vector.dev
Mozilla Public License 2.0
17.58k stars 1.54k forks source link

Enabling "Template Syntax" for Splunk HEC sink's endpoint config #9570

Open tomer-epstein opened 2 years ago

tomer-epstein commented 2 years ago

Current Vector Version

0.14.0

Use-cases

We want to extract fields from log event and use it with splunk sink endpoint , in order to direct log streams to different endpoints.

Attempted Solutions

The "Template Syntax" feature allows dynamically partitioning log events. However splunk sink's endpoint does not supported.

Proposal

[sinks.splunk_hec]
type = "splunk_hec"
endpoint = "{ event.field } "

References

beorereleverion commented 2 years ago

please provide this functionaluty also for elasticsearch sink endpoints...