crowdsec/plugins/notifications/splunk/splunk.yaml

# Don't change this
type: splunk

name: splunk_default # this must match with the registered plugin in the profile
log_level: info # Options include: trace, debug, info, warn, error, off

format: |  # This template receives list of models.Alert objects
  {{.|toJson}}

url: <SPLUNK_HTTP_URL>
token: <SPLUNK_TOKEN>


# group_wait: # duration to wait collecting alerts before sending to this plugin, eg "30s"

# group_threshold: # if alerts exceed this, then the plugin will be sent the message. eg "10"

# max_retry: # number of tries to attempt to send message to plugins in case of error.

# timeout: # duration to wait for response from plugin before considering this attempt a failure. eg "10s"
Output plugins (#878) * Add plugin system for notifications (#857) 2021-08-25 09:43:29 +00:00			`# Don't change this`
			`type: splunk`

			`name: splunk_default # this must match with the registered plugin in the profile`
			`log_level: info # Options include: trace, debug, info, warn, error, off`

			`format: \| # This template receives list of models.Alert objects`
			`{{.\|toJson}}`

			`url: <SPLUNK_HTTP_URL>`
			`token: <SPLUNK_TOKEN>`


			`# group_wait: # duration to wait collecting alerts before sending to this plugin, eg "30s"`

			`# group_threshold: # if alerts exceed this, then the plugin will be sent the message. eg "10"`

			`# max_retry: # number of tries to attempt to send message to plugins in case of error.`

			`# timeout: # duration to wait for response from plugin before considering this attempt a failure. eg "10s"`