All Apps and Add-ons

HL7 Messages From a Queue

flee
Path Finder

Hello. We're planning to use HL7 Add-On. The HL7 messages will be posted to a messaging queue. We're currently using JMS Modular Input on a Heavy Forwarder which connects to some queues and ingesting XML messages and forwarding them to indexers. We'd like to do the same for ingesting HL7 messages. We have Splunk Enterprise v6.4.4; JMS Mod Input v1.5. Questions:

  1. Will HL7 add-on work with the jms queue inputs.conf on the JMS Forwarder with the sourcetype = hl7_v2? Here's a example stanza would look like in inputs.conf; sourcetype in the 2nd line from the bottom:

    [jms://queue/HL7Events:HL7_EVENT_QUEUE]
    browse_mode = stats
    browse_queue_only = 0
    durable = 0
    host = hl7hostname.org
    index = hl7events
    index_message_header = 0
    index_message_properties = 0
    init_mode = jndi
    jms_connection_factory_name = SplunkConnectionFactory
    jndi_initialcontext_factory = com.sun.jndi.fscontext.RefFSContextFactory
    jndi_provider_url = file:/opt/splunk/provider
    sourcetype = hl7_v2
    strip_newlines = 1

  2. Where do we install the HL7 Add-on, on the Indexer, Search Head, Heavy Forwarder (co-exist with JMS Mod Input)?

Thanks for your help!

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

You can add this as a new input on your existing system where you have the JMS modular input.

You are correct, all you need to do is change the sourcetype name and the provider information to point to the HL7 queue.

Most the parsing is done on the HF you are running the modular input on. However, if you are doing any index time operations, you should also have the operations there for the new sourcetype. Any extractions at search time would need to be on your Search Head.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...