Event Target for Splunk
Prerequisite: HTTP Event Collector Input
In order to be able to use the TriggerMesh event target for Splunk, and administrator must:
- Enable the HTTP Event Collector data input in the Splunk installation.
- Create a token for receiving data over HTTP.
To do so, open the Splunk web console, then navigate to Settings > Data > Data inputs.
In the list of local inputs, click HTTP Event Collector.
Click New token in order to generate a new token with custom settings, then take note of the value of that token. The
default HEC token (
splunk_hec_token) is also suitable for use with the TriggerMesh event target for Splunk.
This procedure is described in more details in the Splunk documentation: Set up and use HTTP Event Collector in Splunk Web .
Deploying an Instance of the Target
Open the Bridge creation screen and add a target of type
In the Target creation form, give a name to the event Target and add the following information:
- HEC Endpoint: URL of the HTTP Event Collector (HEC). This URL varies depending on the type of Splunk installation (Enterprise, self-service Cloud, managed Cloud). Only the scheme, hostname, and port (optionally) are evaluated, the URL path is trimmed if present.
- HEC Token: Reference to a TriggerMesh secret containing a token for authenticating requests against the HEC, as described in the previous section.
- Index: Name of the index to send events to. When undefined, events are sent to the default index defined in the HEC token's configuration.
After clicking the
Save button, you will be taken back to the Bridge editor. Proceed to adding the remaining
components to the Bridge, then submit it.
A ready status on the main Bridges page indicates that the Splunk target is ready to accept events.
New events should now be visible in the Search & Reporting app inside Splunk.
For more information about using Splunk, please refer to the Splunk documentation.
The Splunk event target can consume events of any type.