Integrating Splunk with OMEGAMON Data Provider
To integrate Splunk with OMEGAMON® Data Provider , you can
configure the OMEGAMON Data Connect component of OMEGAMON Data Provider to send data as JSON Lines to a Splunk TCP
input.
Basic Splunk configuration for OMEGAMON Data Provider
To ingest JSON Lines from OMEGAMON Data Connect into Splunk, you need to define a Splunk source type that breaks each input line into a separate event, identifies the data format as JSON, and recognizes timestamps. To ingest the data over TCP, you need to define a Splunk TCP input that refers to that source type.
Setting source type per-event based on product code and table name
Rather than assigning the same source type to all events from OMEGAMON Data Connect , you might prefer more granularity; more source types. The method presented here sets the source type per-event based on the values of the JSON keys product_code
and table_name
.