Hi everyone,

The user guide section for the om_http module explains:

Each event is transferred in a single POST request.

When https is used, is the TLS handshake also performed for each event? This seems like it would be quite inefficient.

Are there any plans to support bulk / batch exporting of many events in a single http post, specifically for exporting data to the Splunk HEC?

rsyslog and syslog-ng support batch exporting events to Splunk using the external python script omsplunkhec.py, as explained here:

NXLog supports batch exporting events to Elasticsearch using their bulk API:

AskedApril 11, 2018 - 4:42pm

Answer (1)

`om_http` maintains a persistent TCP/TLS connection.

Adding bulk export capabilities to `om_http` is on the roadmap to implement similar functionality to what `om_elasticsearch` does.

The [recent NXLog EE v4.0 release](/nxlog-enterprise-edition-v40-released) adds support for python and ruby so the python based solution could also work. Note that with `om_exec` it is already possible to invoke such scripts with the CE and older EE versions as this is the same as the `program()` destination in _syslog-ng_.

Comments (1)