Splunk
This page describes how to configure a Splunk integration with a Spherical CloudFormation stack.
Last updated
This page describes how to configure a Splunk integration with a Spherical CloudFormation stack.
Last updated
Before you install a Spherical stack, you must first set up a HTTP Event Collector in your installation of Splunk.
For Splunk Enterprise or self-service Splunk Cloud, first go to 'Settings'.
Click 'Data inputs' and navigate to 'HTTP Event Collector'.
Click 'Global Settings'.
Click the Enable button, and then click Save. (For more information, see "Enable HTTP Event Collector" in the Getting Data in the Splunk manual).
Note: For managed Splunk Cloud, submit a support ticket to have the feature enabled.
Create at least one input token. You'll need this token later.
For Splunk Enterprise or self-service Splunk Cloud, click the 'Add New' button.
Proceed through the 'Add Data' workflow until you've successfully created a token. (For more information, see 'Create an Event Collector' token in the 'Getting Data In' Splunk manual).
For managed Splunk Cloud, submit a support ticket to create or manage a token.
In addition to an authorisation token, you also need a Splunk URL. This varies depending on your type of Splunk deployment.
Enterprise: <protocol>://<host>:<port>/<endpoint>
Managed Cloud: <protocol>://http-inputs-<host>:<port>/<endpoint>
Self-Service Cloud: <protocol>://input-<host>:<port>/<endpoint>
Once you have got both a Splunk URL and a Token, you can go ahead and create a Spherical stack using CloudFormation.
Field
Description
Protocol
Either HTTP or HTTPs
Host
The Splunk instance that runs HEC
Port
The HEC port number, which is 8088 by default, but you can change in the HEC Global Settings
Endpoint
The HEC endpoint you want to use. Usually this is the /services/collector endpoint
