Splunk

This page describes how to configure a Splunk integration with a Spherical CloudFormation stack.

Pre-installation configuration

Before you install a Spherical stack, you must first set up a HTTP Event Collector in your installation of Splunk.

  1. For Splunk Enterprise or self-service Splunk Cloud, first go to 'Settings'.

  2. Click 'Data inputs' and navigate to 'HTTP Event Collector'.

  3. Click 'Global Settings'.

  4. Click the Enable button, and then click Save. (For more information, see "Enable HTTP Event Collector" in the Getting Data in the Splunk manual).

    Note: For managed Splunk Cloud, submit a support ticket to have the feature enabled.

  5. Create at least one input token. You'll need this token later.

Settings for Splunk Enterprise and self-service Splunk Cloud.
Data input settings.

Token

  1. For Splunk Enterprise or self-service Splunk Cloud, click the 'Add New' button.

  2. Proceed through the 'Add Data' workflow until you've successfully created a token. (For more information, see 'Create an Event Collector' token in the 'Getting Data In' Splunk manual).

  3. For managed Splunk Cloud, submit a support ticket to create or manage a token.

Configuring a new token for recieving HT

Splunk URL

In addition to an authorisation token, you also need a Splunk URL. This varies depending on your type of Splunk deployment.

Enterprise: <protocol>://<host>:<port>/<endpoint> Managed Cloud: <protocol>://http-inputs-<host>:<port>/<endpoint> Self-Service Cloud: <protocol>://input-<host>:<port>/<endpoint>

Field

Description

Protocol

Either HTTP or HTTPs

Host

The Splunk instance that runs HEC

Port

The HEC port number, which is 8088 by default, but you can change in the HEC Global Settings

Endpoint

The HEC endpoint you want to use. Usually this is the /services/collector endpoint

Once you have got both a Splunk URL and a Token, you can go ahead and create a Spherical stack using CloudFormation.