Event Target for Splunk
- Enable HTTP Event Collector Input
- HEC token
Consult the Secrets guide for more information about how to add the HEC token as a secret.
HTTP Event Collector Input
In order to be able to use the TriggerMesh event Target for Splunk, an administrator must:
- Enable the HTTP Event Collector data input in the Splunk installation.
- Create a token for receiving data over HTTP.
To do so, open the Splunk web console, then navigate to Settings > Data > Data inputs.
In the list of local inputs, click HTTP Event Collector.
Click New token in order to generate a new token with custom settings, then take note of the value of that token. The
default HEC token (
splunk_hec_token) is also suitable for use with the TriggerMesh event Target for Splunk.
This procedure is described in more detail in the Splunk documentation: Set up and use HTTP Event Collector in Splunk Web.
Deploying an Instance of the Target
Open the Bridge creation screen and add a Target of type
In the Target creation form, give a name to the event Target and add the following information:
- HEC Endpoint: URL of the HTTP Event Collector (HEC). This URL varies depending on the type of Splunk installation (Enterprise, self-service Cloud, managed Cloud). Only the scheme, hostname, and port (optionally) are evaluated, the URL path is trimmed if present.
- HEC Token: Reference to a TriggerMesh secret containing a token for authenticating requests against the HEC, as discussed in the prerequisites.
- Index: Name of the index to send events to. When undefined, events are sent to the default index defined in the HEC token's configuration.
After clicking the
Save button, you will be taken back to the Bridge editor. Proceed to adding the remaining
components to the Bridge, then submit it.
After submitting the Bridge, and allowing for some configuration time, a green check mark on the main Bridges page indicates that the Bridge with the Splunk Target was successfully created.
New events should now be visible in the Search & Reporting app inside Splunk.
For more information about using Splunk, please refer to the Splunk documentation.
The Splunk event Target can consume events of any type.