Splunk
This page describes how to configure a Splunk integration with a Spherical CloudFormation stack.
Before you install a Spherical stack, you must first set up a HTTP Event Collector in your installation of Splunk.
- 1.For Splunk Enterprise or self-service Splunk Cloud, first go to 'Settings'.
- 2.Click 'Data inputs' and navigate to 'HTTP Event Collector'.
- 3.Click 'Global Settings'.
- 4.Click the Enable button, and then click Save. (For more information, see "Enable HTTP Event Collector" in the Getting Data in the Splunk manual).Note: For managed Splunk Cloud, submit a support ticket to have the feature enabled.
- 5.Create at least one input token. You'll need this token later.

Settings for Splunk Enterprise and self-service Splunk Cloud.

Data input settings.
- 1.For Splunk Enterprise or self-service Splunk Cloud, click the 'Add New' button.
- 2.Proceed through the 'Add Data' workflow until you've successfully created a token. (For more information, see 'Create an Event Collector' token in the 'Getting Data In' Splunk manual).
- 3.For managed Splunk Cloud, submit a support ticket to create or manage a token.

Configuring a new token for recieving HT
In addition to an authorisation token, you also need a Splunk URL. This varies depending on your type of Splunk deployment.
Enterprise:
<protocol>://<host>:<port>/<endpoint>
Managed Cloud: <protocol>://http-inputs-<host>:<port>/<endpoint>
Self-Service Cloud: <protocol>://input-<host>:<port>/<endpoint>
Field | Description |
Protocol | Either HTTP or HTTPs |
Host | The Splunk instance that runs HEC |
Port | The HEC port number, which is 8088 by default, but you can change in the HEC Global Settings |
Endpoint | The HEC endpoint you want to use. Usually this is the /services/collector endpoint |
Once you have got both a Splunk URL and a Token, you can go ahead and create a Spherical stack using CloudFormation.
Last modified 3yr ago