All Apps and Add-ons

HL7 Messages From a Queue

flee
Path Finder

Hello. We're planning to use HL7 Add-On. The HL7 messages will be posted to a messaging queue. We're currently using JMS Modular Input on a Heavy Forwarder which connects to some queues and ingesting XML messages and forwarding them to indexers. We'd like to do the same for ingesting HL7 messages. We have Splunk Enterprise v6.4.4; JMS Mod Input v1.5. Questions:

  1. Will HL7 add-on work with the jms queue inputs.conf on the JMS Forwarder with the sourcetype = hl7_v2? Here's a example stanza would look like in inputs.conf; sourcetype in the 2nd line from the bottom:

    [jms://queue/HL7Events:HL7_EVENT_QUEUE]
    browse_mode = stats
    browse_queue_only = 0
    durable = 0
    host = hl7hostname.org
    index = hl7events
    index_message_header = 0
    index_message_properties = 0
    init_mode = jndi
    jms_connection_factory_name = SplunkConnectionFactory
    jndi_initialcontext_factory = com.sun.jndi.fscontext.RefFSContextFactory
    jndi_provider_url = file:/opt/splunk/provider
    sourcetype = hl7_v2
    strip_newlines = 1

  2. Where do we install the HL7 Add-on, on the Indexer, Search Head, Heavy Forwarder (co-exist with JMS Mod Input)?

Thanks for your help!

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

You can add this as a new input on your existing system where you have the JMS modular input.

You are correct, all you need to do is change the sourcetype name and the provider information to point to the HL7 queue.

Most the parsing is done on the HF you are running the modular input on. However, if you are doing any index time operations, you should also have the operations there for the new sourcetype. Any extractions at search time would need to be on your Search Head.

0 Karma
Get Updates on the Splunk Community!

Platform Highlights | November 2022 Newsletter

 November 2022 Skill Up on Splunk with our New Builder Tech Talk SeriesCan you build it? Yes you can! *play ...

Splunk Education - Fast Start Program!

Welcome to Splunk Education! Splunk training programs are designed to enable you to get started quickly and ...

Five Subtly Different Ways of Adding Manual Instrumentation in Java

You can find the code of this example on GitHub here. Please feel free to star the repository to keep in ...