This is a Splunk Modular Input Add-On for indexing messages from a MQTT Broker.
This Modular Input utilizes the PAHO Java client library version 0.4.0 , http://www.eclipse.org/paho/
Settings -- Data Inputs -- MQTTto add a new Input stanza via the UI
inputs.conffile should be placed in a
localdirectory under an App or User context.
You require an activation key to use this App. Visit http://www.baboonbones.com/#activation to obtain a non-expiring key
Any log entries/errors will get written to $SPLUNK_HOME/var/log/splunk/splunkd.log
These are also searchable in Splunk :
index=_internal error mqtt.py
The default heap maximum is 64MB.
If you require a larger heap, then you can alter this in $SPLUNK_HOME/etc/apps/mqtt_ta/bin/mqtt.py on line 95
You can declare custom JVM System Properties when setting up new input stanzas.
Note : these JVM System Properties will apply to the entire JVM context and all stanzas you have setup
The way in which the Modular Input processes the received MQTT messages is enitrely pluggable with custom implementations should you wish.
To do this you code an implementation of the com.splunk.modinput.mqtt.AbstractMessageHandler class and jar it up.
Ensure that the necessary jars are in the $SPLUNK_HOME/etc/apps/mqtt_ta/bin/lib directory.
If you don't need a custom handler then the default handler com.splunk.modinput.mqtt.DefaultMessageHandler will be used.
This project was initiated by Damien Dallimore , email@example.com
added trial key functionality
minor manager xml ui tweak for 7.1
Added an activation key requirement , visit http://www.baboonbones.com/#activation to obtain a free,non-expiring key
Splunk 7.1 compatible
Fixed subscription loop
Minor HEC data handling tweaks
Added support to optional output to Splunk via a HEC (HTTP Event Collector) endpoint
Enabled TLS1.2 support by default.
Made the core Modular Input Framework compatible with latest Splunk Java SDK
Please use a Java Runtime version 7+
If you need to use SSLv3 , you can turn this on in bin/mqtt.py
SECURE_TRANSPORT = "tls"
#SECURE_TRANSPORT = "ssl"
Initial Beta Release
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.