nifi-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From JPercivall <...@git.apache.org>
Subject [GitHub] nifi pull request: NIFI-1420 Adding Splunk bundle
Date Tue, 01 Mar 2016 22:26:18 GMT
Github user JPercivall commented on the pull request:

    https://github.com/apache/nifi/pull/233#issuecomment-190934511
  
    I observed a couple of interesting interactions when testing the PutSplunk processor.
I'm not sure whether it is a problem with the processor, the Splunk Java SDK, Splunk Enterprise
or my Splunk configurations:
    * I set up the PutSplunk processor to communicate via UDP and created a UDP data input
using the UI for Splunk Enterprise. The PutSplunk is transmitting messages at ~1 per second.
While it's transmitting no new events are created yet in Splunk Enterprise (verified by viewing
a real time view of the past 30 seconds). I stop the PutSplunk processor and then run a search
in Splunk UI to see if any events came in on that port. There is one event that is registered
at when I started the processor and contains effectively all (didn't count the seconds I was
sending) the data that was generated. I'm not sure why all the UDP messages are grouped together.
When I set PutSplunk to send messages every 20 seconds the UDP messages are treated as their
own event.
    * I set up PutSplunk to communicate via TCP using SSL. I looked for options to create
a Data Input in Splunk Enterprise using TCP and SSL but couldn't find anything definitive
(and all my searches turned up results for the Forwarder). I enabled SSL in Splunk Web by
going to the general settings and notice that SSL properties are in the inputs.conf and server.conf
files. I attempt to send data using PutSplunk using SSL to the TCP data input. The event is
received and I see it in the Splunk UI in real time. The only problem being that it's still
encoded (see image). Typically when I get errors with SSL there is some obscure error relating
to truncation attacks or Cipher Suites but I didn't seem to get any errors.
    ![screen shot 2016-03-01 at 5 21 54 pm](https://cloud.githubusercontent.com/assets/11302527/13444066/2357d1e2-dfd2-11e5-8150-9684b7299a6d.png)
    



---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message