You must provide the following parameters to create an Event Hubs input:
Instead of the official Apache Avro™ python libraries, this Add-On uses -FASTAVRO- library which is an alternative implementation that has much better performance. You can find the fastavro documentation here: https://fastavro.readthedocs.io/en/latest/
For optimal results, configure the following PROPS.CONF Stanza:
[aeh]
INDEXED_EXTRACTIONS = json
KV_MODE = none
AUTO_KV_JSON = false
NO_BINARY_CHECK = true
SHOULD_LINEMERGE = false
TIMESTAMP_FIELDS = time
crcSalt = <SOURCE>
description = Azure Event Hubs JSON logs
disabled = false
pulldown_type = true
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.