# Splunk (TCP) ### Supported Platforms | Platform | Metrics | Logs | Traces | | ------------------ | ------- | ---- | ------ | | Linux | | ✓ | | | Windows | | ✓ | | | macOS | | ✓ | | | Kubernetes Gateway | | ✓ | | | OpenShift Gateway | | ✓ | | ### Configuration Table

Parameter	Type	Default	Description
listen_ip	`string`	"0.0.0.0"	IP Address to listen on.
listen_port*	`int`		Port to listen on.
log_type	`string`	splunk_tcp	Arbitrary for attribute 'log_type'. Useful for filtering between many log sources.
parse_format	`enum`	none	Method to use when parsing. Valid values are `none`, `json`, and `regex`. When regex is selected, 'Regex Pattern' must be set.
regex_pattern	`string`		The regex pattern used when parsing log entries.
multiline_line_start_pattern	`string`		Regex pattern that matches the beginning of a log entry, for handling multiline logs.
multiline_line_end_pattern	`string`		Regex pattern that matches the end of a log entry, useful for terminating parsing of multiline logs.
parse_timestamp	`bool`	false	Whether to parse the timestamp from the log entry.
timestamp_field	`string`	timestamp	The field containing the timestamp in the log entry.
parse_timestamp_format	`enum`	ISO8601	The format of the timestamp in the log entry. Choose a common format, or specify a custom format. Options include "ISO8601", "RFC3339", "Epoch", and "Manual".
epoch_timestamp_format	`enum`	s	The layout of the epoch-based timestamp. Required when parse_timestamp_format is set to "Epoch".. Options include "s", "ms", "us", "ns", "s.ms", "s.us", "s.ns".
manual_timestamp_format	`string`	'%Y-%m-%dT%H:%M:%S.%f%z'	The strptime layout of the timestamp. Used when parse_timestamp_format is set to "Manual".
timezone	`timezone`	UTC	The timezone to use if the Timestamp Format doesn't include a timezone. Otherwise, the timezone in the Timestamp Format will be respected. NOTE: This is also required to parse timezone abbreviations, due to their ambiguity.
parse_severity	`bool`	false	Whether to parse severity from the log entry.
severity_field	`string`	severity	The field containing the severity in the log entry.
parse_to	`string`	body	The field that the log will be parsed to. Some exporters handle logs favorably when parsed to `attributes` over `body` and vice versa.
enable_tls	`bool`	false	Whether or not to use TLS.
tls_certificate_path	`string`		Path to the TLS cert to use for TLS-required connections.
tls_private_key_path	`string`		Path to the TLS key to use for TLS-required connections.
tls_min_version	`enum`	"1.2"	The minimum TLS version to support. 1.0 and 1.1 should not be considered secure. Valid values include: `1.3`, `1.2`, `1.1`, `1.0`.

\**required field* ### Kubernetes The Splunk TCP source type supports Kubernetes Gateway collectors. Splunk forwarders can send logs to the collectors using the clusterIP services. #### Prerequisites * Bindplane v1.46.0 or newer #### Configuration Add the Splunk TCP source to your Gateway collector configuration. Set "Listen Address" to `0.0.0.0` and Listen Port to `9997`. The Splunk forwarders should be configured to forward telemetry to `bindplane-gateway-collector.bindplane-collector.svc.cluster.local`on port `9997`. If the Splunk forwarders live outside of the cluster, you must make the `bindplane-gateway-collector`service in the `bindplane-collector` namespace available using TCP ingress or by defining your own service that can receive traffic from outside of the cluster. See the Kubernetes [service documentation](https://kubernetes.io/docs/tutorials/kubernetes-basics/expose/expose-intro/) for more information. Below is an example Splunk forwarder outputs configuration. ```ini [tcpout] defaultGroup = bindplane-gateway-collector [tcpout:bindplane-gateway-collector] server = bindplane-gateway-collector.bindplane-collector.svc.cluster.local:9997 compressed = false useACK = false sendCookedData = false ```