Splunk Source Node

Quick Reference

Use Credentials Credentials used to authenticate with your Splunk instance.

Splunk URL The URL of your Splunk Management endpoint. ex: https://splunk.example.com:8089

Search Query Query to define data to retrieve, in SPL (Search Processing Language). ex: search index=main sourcetype=access_log

Validate SSL Certificates Enable SSL certificate validation for HTTPS connections. Default: false.

💡 Tip: The SPL query usually begins with the search command. The connector submits this query exactly as written to the Splunk API.

Overview

The Splunk Source connector allows you to ingest data directly from Splunk Enterprise or Splunk Cloud Platform into your workflow. It functions by submitting a search job to the Splunk API and retrieving the results in batches.

This source is designed for batch ingestion. When the workflow runs, the connector connects to the Splunk management port, executes a specific Search Processing Language (SPL) query, waits for the job to complete, and ingests the resulting events.

Prerequisites

Before configuring the source, ensure you have:

Network Access: Your workflow execution environment must be able to reach the Splunk Management port (typically port 8089).
Credentials: A valid Splunk username and password with permissions to execute search jobs.

Configuration

Field	Description	Required	Default
Use Credentials	Select or create a Username/Password credential for Splunk authentication.	Yes	N/A
Splunk URL	The URL of the Splunk Management endpoint. Format: `scheme://host[:port]`.	Yes	N/A
Search Query	SPL (Search Processing Language) query defining the data to retrieve.	Yes	N/A
Validate SSL Certificates	Toggle to enable SSL certificate validation for HTTPS connections.	No	`false`

Use Credentials

Select an existing Username/Password credential from the dropdown menu or create a new one.

Type: The connector requires standard Username and Password authentication.
Permissions: Ensure the user associated with these credentials has the search capability in Splunk.

Splunk URL

Enter the URL of your Splunk Management endpoint.

Format: scheme://host[:port]
Example: https://splunk.example.com:8089
Important: You must include the protocol (http or https). The port is recommended but optional — if omitted, it defaults to 443 for https or 80 for http. The management port is usually 8089, not the web interface port (8000).

Search Query

Enter the SPL (Search Processing Language) query to define the data you want to retrieve.

Example: search index=main sourcetype=access_log | head 100

Validate SSL Certificates

Toggle to enable or disable SSL certificate validation for HTTPS connections.

Default: false (SSL certificate validation is disabled)
Usage: Enable this when connecting to a Splunk instance with a valid, trusted SSL certificate. Keep it disabled for self-signed certificates or development environments.

Kafka Source: Consume streaming data from Kafka
S3 Sink: Write data to S3

Quick Reference​

Overview​

Prerequisites​

Configuration​

Use Credentials​

Splunk URL​

Search Query​

Validate SSL Certificates​

Related Nodes​