How to use Splunk to receive data from Data Stream
While configuring streams, you need to set up a specific endpoint to stream your Azion data.
Continue reading for a step by step on how to connect an Splunk endpoint to receive data from Data Stream.
Splunk requirements
To use Splunk as a destination for your logs, you’ll need to:
- Create a Splunk account.
- Create and configure a HTTP Event Collector (HEC) instance corresponding to the type of Splunk instance you’re using.
- Save your event collector URL.
- Create a HEC token.
- Enable the created HEC token.
- Save the HEC token you’ve enabled and your event’s connector URL.
The URL structure for your event collector varies depending on the Splunk instance you’re using:
Instance Type | URL |
---|---|
Self-hosted | https://<host>:<port>/services/collector/event |
Self-service Splunk Cloud plans | https://input-<host>:<port>/services/collector/event |
Other Splunk Cloud plans | <protocol>://http-inputs-<host>:<port>/services/collector/event |
Find more details about configurations in the Splunk documentation page.
Configuring the endpoint in Data Stream
Next, follow these steps to configure the new endpoint you created in Splunk in your Azion Data Stream.
You can find detailed steps for the entire configuration on the How to use Data Stream guide.
In the Destination configurations:
- On the Connector dropdown menu, select Splunk.
- On URL, add the URL from your Splunk event’s connector. If you have an alternative index to point, you can add it at the end of the URL. Example:
https://inputs.splunkcloud.com:8080/services/collector?index=myindex
- On API Key, add the HTTP Event Collector Token provided in your Splunk installation. Example:
cret248d6-22p8-95gw-g5ke-6k45w2sal634
- Make sure the Active switch is on.
- Click the Save button.
In the Destination configurations:
- On the Endpoint Type dropdown menu, select Splunk.
- On Splunk URL, add the URL from your Splunk event’s connector. If you have an alternative index to point, you can add it at the end of the URL. Example:
https://inputs.splunkcloud.com:8080/services/collector?index=myindex
- On API Key, add the HTTP Event Collector Token provided in your Splunk installation. Example:
cret248d6-22p8-95gw-g5ke-6k45w2sal634
- Make sure the Active switch is on.
- Click the Save button.
After saving the configurations, your data will be streamed to the newly configured endpoint.
You can keep track of the calls made by Data Stream to Splunk on Real-Time Events. To do so, select Data Source > Data Stream and choose the filters options as you wish.
Learn how to use Splunk to receive data from Data Stream. Watch the video below:
Trademarks
Splunk is a registered trademark of Splunk Inc in the United States and other countries.