github.com/crowdsecurity/crowdsec@v1.6.1/cmd/notification-splunk/splunk.yaml

github.com/crowdsecurity/crowdsec@v1.6.1/cmd/notification-splunk/splunk.yaml (about)

     1  type: splunk          # Don't change
     2  name: splunk_default  # Must match the registered plugin in the profile
     3  
     4  # One of "trace", "debug", "info", "warn", "error", "off"
     5  log_level: info
     6  
     7  # group_wait:         # Time to wait collecting alerts before relaying a message to this plugin, eg "30s"
     8  # group_threshold:    # Amount of alerts that triggers a message before <group_wait> has expired, eg "10"
     9  # max_retry:          # Number of attempts to relay messages to plugins in case of error
    10  # timeout:            # Time to wait for response from the plugin before considering the attempt a failure, eg "10s"
    11  
    12  #-------------------------
    13  # plugin-specific options
    14  
    15  # The following template receives a list of models.Alert objects
    16  # The output goes in the splunk notification
    17  format: |
    18    {{.|toJson}}
    19  
    20  url: <SPLUNK_HTTP_URL>
    21  token: <SPLUNK_TOKEN>
    22  
    23  ---
    24  
    25  # type: splunk
    26  # name: splunk_second_notification
    27  # ...
    28