docs: inputs: splunk: add add_remote_addr and remote_addr_key parameters

[eschabell]

• Add add_remote_addr and remote_addr_key config parameters to the table
• Add "Add a remote address field" usage section with YAML and classic .conf configuration examples

Fixes #2494

Summary by CodeRabbit

Release Notes

• New Features

  • Added remote address enrichment capability for Splunk input records, extracting from X-Forwarded-For header or connection address.
  • New add_remote_addr and remote_addr_key configuration parameters to customize remote address field inclusion and naming.

• Documentation

  • Updated Splunk input documentation with configuration parameters and usage examples in YAML and CONF formats.

[coderabbitai]

📝 Walkthrough

Walkthrough

Documentation for the Splunk input plugin is enhanced with two new configuration parameters: add_remote_addr and remote_addr_key. A new section details how remote address enrichment works, deriving values from HTTP headers or connection metadata. Configuration examples in YAML and conf formats are included.

Changes

Cohort / File(s)	Summary
Splunk Input Documentation pipeline/inputs/splunk.md	Added two new configuration parameters (add_remote_addr, remote_addr_key) to enable remote address field injection from X-Forwarded-For headers or connection addresses. Includes new usage section with YAML and conf configuration examples.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related issues

• Issue #2493: Documents the same remote address enrichment feature (add_remote_addr and remote_addr_key parameters) for a different input plugin, sharing the same feature scope and implementation pattern.

Suggested reviewers

• patrick-stephens
• cosmo0920
• lecaros

Poem

🐰 The Splunk docs now gleam so bright,
With remote_addr shining in the light!
Headers forwarded, connections traced,
Configuration examples perfectly placed! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: adding two new parameters (add_remote_addr and remote_addr_key) to the Splunk input documentation.
Linked Issues check	✅ Passed	All objectives from issue #2494 are met: both config parameters are documented in the table and a usage section with YAML and .conf examples has been added.
Out of Scope Changes check	✅ Passed	All changes are in-scope documentation updates directly addressing the requirements in issue #2494; no unrelated modifications are present.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

pipeline/inputs/splunk.md (1)

124-125: Consider adding a trust-boundary note for X-Forwarded-For.

Recommend clarifying that X-Forwarded-For should be relied on only when traffic comes through trusted proxies/load balancers, to avoid spoofed client IP assumptions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pipeline/inputs/splunk.md` around lines 124 - 125, Add a trust-boundary note
to the documentation for add_remote_addr explaining that X-Forwarded-For can be
spoofed and must only be trusted when traffic is routed through known/trusted
proxies or load balancers; update the paragraph mentioning add_remote_addr,
remote_addr_key and X-Forwarded-For to explicitly state that the header should
be used only in controlled proxy environments and recommend validating or
configuring trusted proxy IPs (or falling back to connection address) to avoid
assuming client IPs from untrusted sources.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@pipeline/inputs/splunk.md`:
- Around line 124-125: Add a trust-boundary note to the documentation for
add_remote_addr explaining that X-Forwarded-For can be spoofed and must only be
trusted when traffic is routed through known/trusted proxies or load balancers;
update the paragraph mentioning add_remote_addr, remote_addr_key and
X-Forwarded-For to explicitly state that the header should be used only in
controlled proxy environments and recommend validating or configuring trusted
proxy IPs (or falling back to connection address) to avoid assuming client IPs
from untrusted sources.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0b18cee1-4d9c-4649-aa97-49abb7495311

📥 Commits

Reviewing files that changed from the base of the PR and between 55086ff and 3785eb7.

📒 Files selected for processing (1)

• pipeline/inputs/splunk.md

[eschabell]

@patrick-stephens ready for review!