Create a connection to the Splunk platform in DSP

You can use the Write to Splunk Enterprise function to send data from the Data Stream Processor (DSP) to an external Splunk Enterprise or Splunk Cloud environment. The Write to Splunk Enterprise function is a connector. Before you can use any connector, you must create a connection.

If you are editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes.

Prerequisites

• A Splunk Enterprise or Splunk Cloud 7.1.0+ environment, with HTTP Event Collector enabled and a valid HEC token.
• To send data using a token with SSL-enabled, see Configure the Data Stream Processor to send data to an SSL-enabled Splunk instance. By default, Splunk HEC endpoints have SSL enabled. You can also disable SSL for HEC by going to Data Inputs > HTTP Event Collector and clicking Global Settings. Because all HEC endpoints in Splunk Cloud are SSL-enabled, you must follow the steps in Configure the Data Stream Processor to send data to an SSL-enabled Splunk instance.

Steps

1. Click the Manage Connections tab.
2. Click Create New Connection.
3. Choose the Splunk Enterprise connector.
4. Click Next.
5. Complete the following fields:

   Field	Description
   Name	The connection name.
   Description	A description of your connection.
   Splunk URL	Your HEC endpoint URLs, separated by commas. Your URLs must be formatted as https://hostname:port, https://hostname:port. Load balancing is performed if more than one endpoint is provided.
   HEC token	HEC token for the Splunk Enterprise or Splunk Cloud instance.

   
   

   Any credentials that you upload is transmitted securely by HTTPs, encrypted, and securely stored in a secrets manager.

6. Click Save.

You can now use your Splunk Enterprise connection to send data to an index in Splunk Enterprise or Splunk Cloud using the HTTP Event Collector. For detailed instructions on how to send data to Splunk Enterprise or Splunk Cloud, see About sending data to Splunk Enterprise.