Has anyone had success sinking data from flume to splunk?
I've tried the Thrift and Avro flume sinks, but they have issues. Not really great formats for splunk, and flume keeps trying events over and over again after they've been sunk.
I'm looking into the flume HTTP sink to splunk's HEC, but I can't see how to set the HEC token in the header. Has anyone configured the HEC token in header for flume http sink?
Considering just doing a file sink that is forwarded to Splunk, but would like to avoid this temporary file if possible.
Advice?
