From fd924c81606853e61515735e43d6ef9d44ff03c2 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Mon, 3 Jun 2024 16:04:55 +0900
Subject: [PATCH 1/4] in_splunk: Add descriptions for recently enhancement of
 in_splunk

Added descriptions for the recent enhancement:

* A capability of comma separated multiple HEC tokens
* A choice for whether storing ingested HEC token into metadata or
  records
  * This storing records key is also configurable

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 pipeline/inputs/splunk.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pipeline/inputs/splunk.md b/pipeline/inputs/splunk.md
index ae23faebb..53252dd18 100644
--- a/pipeline/inputs/splunk.md
+++ b/pipeline/inputs/splunk.md
@@ -12,7 +12,9 @@ The **splunk** input plugin handles [Splunk HTTP HEC](https://docs.splunk.com/Do
 | buffer_max_size          | Specify the maximum buffer size in KB to receive a JSON message.                                                                              | 4M      |
 | buffer_chunk_size        | This sets the chunk size for incoming incoming JSON messages. These chunks are then stored/managed in the space available by buffer_max_size. | 512K    |
 | successful_response_code | It allows to set successful response code. `200`, `201` and `204` are supported.                                                              | 201     |
-| splunk\_token           | Add an Splunk token for HTTP HEC.`                                  |         |
+| splunk\_token           | Add an Splunk token for HTTP HEC. If specified multiple tokens with commas, it will be divided into each of tokens and they will be used for authentication of HTTP HEC. |         |
+| store\_token\_to\_metadata | Store Splunk HEC tokens to matadata. If set as false, they will be stored into records.                                                     | true    |
+| splunk\_token\_key       | Add a key for storing Splunk token for HTTP HEC. This is effective when `store_token_to_metadata` as false.                                   | @splunk_token |
 
 ## Getting Started
 

From d504282464d5b7d03620f1e13fdec2482b4a2db4 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Wed, 5 Jun 2024 15:36:39 +0900
Subject: [PATCH 2/4] in_splunk: Address comments

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
Co-authored-by: Pat <pat@calyptia.com>
---
 pipeline/inputs/splunk.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pipeline/inputs/splunk.md b/pipeline/inputs/splunk.md
index 53252dd18..bc85adbad 100644
--- a/pipeline/inputs/splunk.md
+++ b/pipeline/inputs/splunk.md
@@ -12,9 +12,9 @@ The **splunk** input plugin handles [Splunk HTTP HEC](https://docs.splunk.com/Do
 | buffer_max_size          | Specify the maximum buffer size in KB to receive a JSON message.                                                                              | 4M      |
 | buffer_chunk_size        | This sets the chunk size for incoming incoming JSON messages. These chunks are then stored/managed in the space available by buffer_max_size. | 512K    |
 | successful_response_code | It allows to set successful response code. `200`, `201` and `204` are supported.                                                              | 201     |
-| splunk\_token           | Add an Splunk token for HTTP HEC. If specified multiple tokens with commas, it will be divided into each of tokens and they will be used for authentication of HTTP HEC. |         |
-| store\_token\_to\_metadata | Store Splunk HEC tokens to matadata. If set as false, they will be stored into records.                                                     | true    |
-| splunk\_token\_key       | Add a key for storing Splunk token for HTTP HEC. This is effective when `store_token_to_metadata` as false.                                   | @splunk_token |
+| splunk\_token           | Specify a Splunk token for HTTP HEC authentication. If multiple tokens are specified (with commas and no spaces), usage will be divided across each of the tokens. |         |
+| store\_token\_in\_metadata | Store Splunk HEC tokens as a part of metadata. If set as false, they will be stored as a part of records.                                   | true    |
+| splunk\_token\_key       | Use the specified key for storing the Splunk token for HTTP HEC. This is effective when `store_token_in_metadata` as false.                   | @splunk_token |
 
 ## Getting Started
 

From 0bde9eca0f72b2b461e13ae5074c07333170aa00 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Thu, 6 Jun 2024 11:49:53 +0900
Subject: [PATCH 3/4] Update pipeline/inputs/splunk.md

Co-authored-by: Pat <pat@chronosphere.io>
Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 pipeline/inputs/splunk.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipeline/inputs/splunk.md b/pipeline/inputs/splunk.md
index bc85adbad..804acb7b5 100644
--- a/pipeline/inputs/splunk.md
+++ b/pipeline/inputs/splunk.md
@@ -13,7 +13,7 @@ The **splunk** input plugin handles [Splunk HTTP HEC](https://docs.splunk.com/Do
 | buffer_chunk_size        | This sets the chunk size for incoming incoming JSON messages. These chunks are then stored/managed in the space available by buffer_max_size. | 512K    |
 | successful_response_code | It allows to set successful response code. `200`, `201` and `204` are supported.                                                              | 201     |
 | splunk\_token           | Specify a Splunk token for HTTP HEC authentication. If multiple tokens are specified (with commas and no spaces), usage will be divided across each of the tokens. |         |
-| store\_token\_in\_metadata | Store Splunk HEC tokens as a part of metadata. If set as false, they will be stored as a part of records.                                   | true    |
+| store\_token\_in\_metadata | Store Splunk HEC tokens in the Fluent Bit metadata. If set false, they will be stored as normal key-value pairs in the record data.                                   | true    |
 | splunk\_token\_key       | Use the specified key for storing the Splunk token for HTTP HEC. This is effective when `store_token_in_metadata` as false.                   | @splunk_token |
 
 ## Getting Started

From 8aa4267819a4e3c51bb4c2d1777605d231a3ba87 Mon Sep 17 00:00:00 2001
From: Hiroshi Hatake <hiroshi@chronosphere.io>
Date: Thu, 6 Jun 2024 11:51:29 +0900
Subject: [PATCH 4/4] in_splunk: Address a comment

Signed-off-by: Hiroshi Hatake <hiroshi@chronosphere.io>
---
 pipeline/inputs/splunk.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pipeline/inputs/splunk.md b/pipeline/inputs/splunk.md
index 804acb7b5..6ba7df514 100644
--- a/pipeline/inputs/splunk.md
+++ b/pipeline/inputs/splunk.md
@@ -14,7 +14,7 @@ The **splunk** input plugin handles [Splunk HTTP HEC](https://docs.splunk.com/Do
 | successful_response_code | It allows to set successful response code. `200`, `201` and `204` are supported.                                                              | 201     |
 | splunk\_token           | Specify a Splunk token for HTTP HEC authentication. If multiple tokens are specified (with commas and no spaces), usage will be divided across each of the tokens. |         |
 | store\_token\_in\_metadata | Store Splunk HEC tokens in the Fluent Bit metadata. If set false, they will be stored as normal key-value pairs in the record data.                                   | true    |
-| splunk\_token\_key       | Use the specified key for storing the Splunk token for HTTP HEC. This is effective when `store_token_in_metadata` as false.                   | @splunk_token |
+| splunk\_token\_key       | Use the specified key for storing the Splunk token for HTTP HEC. This is only effective when `store_token_in_metadata` is false.                   | @splunk_token |
 
 ## Getting Started