Run technical addons with this simple utility program.
The TA runner can interpret inputs.conf, transforms.conf and props.conf files and runs technical addons according to these settings.
This project is under active development. You can consult the roadmap to learn more.
This program exports all data over the OpenTelemetry Protocol (OTLP). It can be used with Splunk Connect for OTLP to send data to a Splunk instance.
-
Download the binary from the latest release
-
Run the binary with the following arguments:
> tarunner <basedir> <otlp-endpoint>basedir: the location of the technical addon, uncompressed.otlp-endpoint: the OTLP gRPC endpoint to target with the runner. Example:http://localhost:4317
Build the Docker image:
> docker build -t tarunner .
Run the image:
> docker run --rm -v $(pwd)/ta:/ta /ta http://endpoint:4317
See also under the integration folder a docker-compose.yml example.
Run the example with: docker compose up
In this mode, the TA runner will run the scripts, modinputs, monitors, capturing their output. It will tag them with host, source and sourcetype fields.
UF mode is the default mode.
In this mode, the TA runner performs the steps of the UF mode and additional performs index time actions:
- Indexed extractions
- Ingest eval
- Rulesets
- Transforms
HF mode is experimental and incomplete. This issue tracks the work.
The mode can be enabled by running the runner with --feature-flags +cook.
The TA Runner is licensed under Apache Software License 2.0. See LICENSE.