Splunk Search Listener
The Splunk Search Listener is used to execute a saved or custom search against a running Splunk instance and start a transaction with the search results.
Configuring the Splunk Search Listener is done primarily in two tabs, Basic and Connection. The options available in the Advanced, Transaction Logging, and Scheduling tabs are the same as any other listener.
Basic Tab – The Basic tab contains the following configuration options:
- Search Query: This is where the search query is supplied. When running a saved search, enter the name of the search. When running a custom search, enter the query string itself.
- Search Type: This designates the type of search to run, either Saved or Custom.
- Polling Interval: How often to run the search and return results.
- Results to Return: Select the number of results to return from the search. To return all results, use the default value 0.
- Output Format: The desired format for the returned search data. Available options are XML, JSON, and CSV.
Connection Tab – The Connection tab contains the following configuration options:
- Username: The username of the Splunk user to connect as.
- Password: The Splunk user’s password.
- Hostname: The hostname of the Splunk instance to connect to.
- Connection Port: The Splunk instance connection port. The default value is 8089.