Splunk is a powerful tool that enables you to easily collect, monitor, and analyze all kinds of logs and machine data from multiple sources. NetBeez is able to integrate with and automatically send data to Splunk.
Note: These instructions assume that you have an active installation of Splunk.
- On your Splunk dashboard, enable HTTP Event Collector by following this step by step procedure (Detailed instructions are here: HTTP Event Collector walkthrough):
- Go to Settings (top right bar)
- Click on "Data inputs" under the Data section
- Click on the "HTTP Event Collector"
- Click on the "Global Settings" green button on the top right section of the page
- Click on "Enable" and then the "Save" button
- Click on the "New Token" green button that is next to the "Global Settings" one at step 4
- You are now in the "Add Data", "Select Source" step: here add "NetBeez" in the "Name" field and click next
- In the "Input Settings" of the step, leave "Automatic" as an option
- Review your input settings, and then click Submit.
- In the "Done" step you will find your "Token Value" that you can copy
- On the NetBeez dashboard, go to Settings and open the Integrations panel.
- Input your EC token into the EC token field.
- Input your Splunk hostname into the Server URL field and specify port 8088. Important note for Splunk Cloud: depending on the type of Splunk installation, you may need to modify the URL.
- For self-service Splunk Cloud plans, add “input-” to the start of the URL (e.g. https://input-<your_instance>.cloud.splunk.com:8088)
- For other Splunk Cloud plans, add “http-inputs-” to the start of the URL (e.g. https://http-inputs-<your_instance>.cloud.splunk.com:8088)
- Click the Test button. If successful, you will see a green checkmark.
- Select the items for which you would like to receive Splunk notifications. The options are incidents and alerts. If you change these settings, be sure to Save.
- If you wish, return to your Splunk dashboard, click Search to run a search for your new data. For example, you could try
source="http:<token_name>"if you’d like to see all events coming via your new token.