Splunk plugin

2 minute readExtensibilityDeveloper productivity

Splunk is a platform for operational intelligence that collects, searches, monitors, and analyzes machine data in real-time. It generates reports and graphs on this data giving the insights to drive operational performance and business results.

The EC-Splunk plugin allows you to bring insight and business intelligence to your deploy and release processes. With the plugin, CloudBees CD/RO can contribute release and deployment data to Splunk for enterprise level analysis.

Plugin version Revised on October 16, 2020

Plugin configurations

Plugin configurations are sets of parameters that apply across some or all of the plugin procedures. They reduce repetition of common values, create predefined parameter sets for end users, and securely store credentials where needed. Each configuration is given a unique name that is entered in designated parameters on procedures that use them.

Creating plugin configurations

To create plugin configurations in CloudBees CD, do these steps:

  • Go to Administration  Plugins to open the Plugin Manager.

  • Find the EC-Splunk- row.

  • Click Configure to open the Configurations page.

  • Click Create Configuration as per the description of parameters below.

Configuration procedure parameters

Parameter Description


Unique name for the plugin configuration.


Description for the plugin configuration.

Splunk Endpoint Type

Splunk endpoint type. HTTP Event Collector or TCP.

Splunk Endpoint Address

Address of Splunk Endpoint, for example: https://splunk-host:8088 for HEC, or splunk-host:9995 for TCP.

Splunk HEC token

Splunk HEC Token. If Splunk Endpoint Type is set to HTTP Event Collector, it should be present.

Plugin procedures


Sends Logs to Splunk using HEC or TCP endpoint.

SendLogs Parameters

Parameter Description

Configuration Name

Name of configuration that contains information about Splunk endpoint.


The source value to assign to the event data. For example, if you’re sending data from an app you’re developing, you could set this key to the name of the app. This field is being used only if streaming is disabled and Endpoint Type is set to HTTP Event Collector

Source Type

The sourcetype value to assign to the event data. This field is being used only if streaming is disabled and Endpoint Type is set to HTTP Event Collector.


The name of the index by which the event data is to be indexed. The index you specify here must within the list of allowed indexes if the token has the indexes parameter set. This field is being used only if streaming is disabled and Endpoint Type is set to HTTP Event Collector.

Enable Streaming?

If enabled, logfile will be sent using streaming. It is usable for large log files. Otherwise log file will be sent in single request.

Files pattern

Pattern that describes files that would be sent to Splunk. For example, to send all .log files one should use *.log pattern.

Release notes

EC-Splunk 1.3.3

  • The documentation has been migrated to the main documentation site.

EC-Splunk 1.3.2

  • Added metadata that is required for 9.0 release.

EC-Splunk 1.3.1

  • Configured the plugin to allow the ElectricFlow UI to render the plugin procedure parameters entirely using the configured form XMLs.

  • Enabled the plugin for managing the plugin configurations in-line when defining an application process step or a pipeline stage task.

EC-Splunk 1.3.0

  • Added streaming support for TCP endpoints for large files uploading.

EC-Splunk 1.2.0

  • Added possibility to use Splunk TCP endpoints.

EC-Splunk 1.1.0

  • Added possibility to use HEC streaming for large files uploading.

EC-Splunk 1.0.0

  • Introduced the EC-Splunk plugin.