Fastly will POST messages to your Splunk account in the format specified in the Splunk object.

Data model

nameStringThe name of the Splunk logging rule.
service_idStringThe alphanumeric string identifying a service.
versionIntegerThe current version of a service.
urlStringThe URL to POST to.
formatStringApache style log formatting.
format_versionIntegerThe version of the custom logging format used for the configured endpoint. Can be either 2 (the default, version 2 log format) or 1 (the version 1 log format). The logging call gets placed by default in vcl_log if format_version is set to 2 and in vcl_deliver if format_version is set to 1.
created_atStringTime-stamp (GMT) when the endpoint was created.
updated_atStringTime-stamp (GMT) when the endpoint was deleted.
deleted_atStringTime-stamp (GMT) when the endpoint was deleted.
response_conditionStringThe name of an existing condition in the configured endpoint, or leave blank to always execute.
placementStringWhere in the generated VCL the logging call should be placed, overriding any format_version default. Can be none or waf_debug. This field is not required and has no default value.
tokenStringA Splunk token for use in posting logs over HTTP to your collector.
tls_hostnameStringThe hostname used to verify the server's certificate. It can either be the Common Name or a Subject Alternative Name (SAN).
tls_ca_certStringA secure certificate to authenticate the server with. Must be in PEM format.


List Splunk log endpoints


Get a Splunk log endpoint


Create a Splunk log endpoint


Update a Splunk log endpoint


Delete a Splunk log endpoint


User contributed notes

We welcome comments that add use cases, ideas, tips, and caveats. All comments will be moderated before publication. To post support questions, visit our support center and we'll find you the help you need.