HTTP and Splunk Integration
Powerful performance with an easy integration, powered by Telegraf, the open source data connector built by InfluxData.
This is not the recommended configuration for real-time query at scale. For query and compression optimization, high-speed ingest, and high availability, you may want to consider HTTP and InfluxDB.
5B+
Telegraf downloads
#1
Time series database
Source: DB Engines
1B+
Downloads of InfluxDB
2,800+
Contributors
Table of Contents
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Input and output integration overview
The HTTP plugin allows for the collection of metrics from specified HTTP endpoints, handling various data formats and authentication methods.
This output plugin facilitates direct streaming of Telegraf collected metrics into Splunk via the HTTP Event Collector, enabling easy integration with Splunk’s powerful analytics platform.
Integration details
HTTP
The HTTP plugin collects metrics from one or more HTTP(S) endpoints, which should have metrics formatted in one of the supported input data formats. It also supports secrets from secret-stores for various authentication options and includes globally supported configuration settings.
Splunk
Use Telegraf to easily collect and aggregate metrics from many different sources and send them to Splunk. Utilizing the HTTP output plugin combined with the specialized Splunk metrics serializer, this configuration ensures efficient data ingestion into Splunk’s metrics indexes. The HEC is an advanced mechanism provided by Splunk designed to reliably collect data at scale via HTTP or HTTPS, providing critical capabilities for security, monitoring, and analytics workloads. Telegraf’s integration with Splunk HEC streamlines operations by leveraging standard HTTP protocols, built-in authentication, and structured data serialization, optimizing metrics ingestion and enabling immediate actionable insights.
Configuration
HTTP
[[inputs.http]]
## One or more URLs from which to read formatted metrics.
urls = [
"http://localhost/metrics",
"http+unix:///run/user/420/podman/podman.sock:/d/v4.0.0/libpod/pods/json"
]
## HTTP method
# method = "GET"
## Optional HTTP headers
# headers = {"X-Special-Header" = "Special-Value"}
## HTTP entity-body to send with POST/PUT requests.
# body = ""
## HTTP Content-Encoding for write request body, can be set to "gzip" to
## compress body or "identity" to apply no encoding.
# content_encoding = "identity"
## Optional Bearer token settings to use for the API calls.
## Use either the token itself or the token file if you need a token.
# token = "eyJhbGc...Qssw5c"
# token_file = "/path/to/file"
## Optional HTTP Basic Auth Credentials
# username = "username"
# password = "pa$$word"
## OAuth2 Client Credentials. The options 'client_id', 'client_secret', and 'token_url' are required to use OAuth2.
# client_id = "clientid"
# client_secret = "secret"
# token_url = "https://indentityprovider/oauth2/v1/token"
# scopes = ["urn:opc:idm:__myscopes__"]
## HTTP Proxy support
# use_system_proxy = false
# http_proxy_url = ""
## Optional TLS Config
## Set to true/false to enforce TLS being enabled/disabled. If not set,
## enable TLS only if any of the other options are specified.
# tls_enable =
## Trusted root certificates for server
# tls_ca = "/path/to/cafile"
## Used for TLS client certificate authentication
# tls_cert = "/path/to/certfile"
## Used for TLS client certificate authentication
# tls_key = "/path/to/keyfile"
## Password for the key file if it is encrypted
# tls_key_pwd = ""
## Send the specified TLS server name via SNI
# tls_server_name = "kubernetes.example.com"
## Minimal TLS version to accept by the client
# tls_min_version = "TLS12"
## List of ciphers to accept, by default all secure ciphers will be accepted
## See https://pkg.go.dev/crypto/tls#pkg-constants for supported values.
## Use "all", "secure" and "insecure" to add all support ciphers, secure
## suites or insecure suites respectively.
# tls_cipher_suites = ["secure"]
## Renegotiation method, "never", "once" or "freely"
# tls_renegotiation_method = "never"
## Use TLS but skip chain & host verification
# insecure_skip_verify = false
## Optional Cookie authentication
# cookie_auth_url = "https://localhost/authMe"
# cookie_auth_method = "POST"
# cookie_auth_username = "username"
# cookie_auth_password = "pa$$word"
# cookie_auth_headers = { Content-Type = "application/json", X-MY-HEADER = "hello" }
# cookie_auth_body = '{"username": "user", "password": "pa$$word", "authenticate": "me"}'
## cookie_auth_renewal not set or set to "0" will auth once and never renew the cookie
# cookie_auth_renewal = "5m"
## Amount of time allowed to complete the HTTP request
# timeout = "5s"
## List of success status codes
# success_status_codes = [200]
## Data format to consume.
## Each data format has its own unique set of configuration options, read
## more about them here:
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
# data_format = "influx"
Splunk
[[outputs.http]]
## Splunk HTTP Event Collector endpoint
url = "https://splunk.example.com:8088/services/collector"
## HTTP method to use
method = "POST"
## Splunk authentication token
headers = {"Authorization" = "Splunk YOUR_SPLUNK_HEC_TOKEN"}
## Serializer for formatting metrics specifically for Splunk
data_format = "splunkmetric"
## Optional parameters
# timeout = "5s"
# insecure_skip_verify = false
# tls_ca = "/path/to/ca.pem"
# tls_cert = "/path/to/cert.pem"
# tls_key = "/path/to/key.pem"Input and output integration examples
HTTP
- Collecting Metrics from Localhost: The plugin can fetch metrics from an HTTP endpoint like
http://localhost/metrics, allowing for easy local monitoring. - Using Unix Domain Sockets: You can specify metrics collection from services over Unix domain sockets by using the http+unix scheme, for example,
http+unix:///path/to/service.sock:/api/endpoint.
Splunk
-
Real-Time Security Analytics: Utilize this plugin to stream security-related metrics from various applications into Splunk in real-time. Organizations can detect threats instantly by correlating data streams across systems, significantly reducing detection and response times.
-
Multi-Cloud Infrastructure Monitoring: Integrate Telegraf to consolidate metrics from multi-cloud environments directly into Splunk, enabling comprehensive visibility and operational intelligence. This unified monitoring allows teams to detect performance issues quickly and streamline cloud resource management.
-
Dynamic Capacity Planning: Deploy the plugin to continuously push resource metrics from container orchestration platforms (like Kubernetes) into Splunk. Leveraging Splunk’s analytics capabilities, teams can automate predictive scaling and resource allocation, avoiding resource bottlenecks and minimizing costs.
-
Automated Incident Response Workflows: Combine this plugin with Splunk’s alerting system to create automated incident response workflows. Metrics collected by Telegraf trigger real-time alerts and automated remediation scripts, ensuring rapid resolution and maintaining high system availability.
Feedback
Thank you for being part of our community! If you have any general feedback or found any bugs on these pages, we welcome and encourage your input. Please submit your feedback in the InfluxDB community Slack.
Powerful Performance, Limitless Scale
Collect, organize, and act on massive volumes of high-velocity data. Any data is more valuable when you think of it as time series data. with InfluxDB, the #1 time series platform built to scale with Telegraf.
See Ways to Get Started
Related Integrations
Related Integrations
HTTP and InfluxDB Integration
The HTTP plugin collects metrics from one or more HTTP(S) endpoints. It supports various authentication methods and configuration options for data formats.
View IntegrationKafka and InfluxDB Integration
This plugin reads messages from Kafka and allows the creation of metrics based on those messages. It supports various configurations including different Kafka settings and message processing options.
View IntegrationKinesis and InfluxDB Integration
The Kinesis plugin allows for reading metrics from AWS Kinesis streams. It supports multiple input data formats and offers checkpointing features with DynamoDB for reliable message processing.
View Integration
