Event Target for Splunk

This event target receives arbitrary CloudEvents over HTTP and sends them to a Splunk HTTP Event Collector in a JSON format.

Prerequisite: HTTP Event Collector Input

In order to be able to use the TriggerMesh event target for Splunk, and administrator must:

  1. Enable the HTTP Event Collector data input in the Splunk installation.
  2. Create a token for receiving data over HTTP.

To do so, open the Splunk web console, then navigate to Settings > Data > Data inputs.

Splunk settings

In the list of local inputs, click HTTP Event Collector.

Data inputs

Click New token in order to generate a new token with custom settings, then take note of the value of that token. The default HEC token (splunk_hec_token) is also suitable for use with the TriggerMesh event target for Splunk.

This procedure is described in more details in the Splunk documentation: Set up and use HTTP Event Collector in Splunk Web .

Deploying an Instance of the Target

Open the Bridge creation screen and add a target of type Splunk.

Adding a Splunk target

In the Target creation form, give a name to the event Target and add the following information:

  • HEC Endpoint: URL of the HTTP Event Collector (HEC). This URL varies depending on the type of Splunk installation (Enterprise, self-service Cloud, managed Cloud). Only the scheme, hostname, and port (optionally) are evaluated, the URL path is trimmed if present.
  • HEC Token: Reference to a TriggerMesh secret containing a token for authenticating requests against the HEC, as described in the previous section.
  • Index: Name of the index to send events to. When undefined, events are sent to the default index defined in the HEC token's configuration.

Splunk target form

After clicking the Save button, you will be taken back to the Bridge editor. Proceed to adding the remaining components to the Bridge, then submit it.

Bridge overview

A ready status on the main Bridges page indicates that the Splunk target is ready to accept events.

Bridge status

New events should now be visible in the Search & Reporting app inside Splunk.

Data summary Data search

For more information about using Splunk, please refer to the Splunk documentation.

Event Types

The Splunk event target can consume events of any type.