Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Configure SC4S to send syslog data to DSP

To get syslog data from Splunk Connect for Syslog (SC4S) into a data pipeline in the , you must configure your SC4S instance to send the data to DSP. You can then use the Splunk DSP Firehose source function to get this syslog data into a DSP pipeline.

Prerequisites

Before you can use SC4S as a data source, you must have a DSP HTTP Event Collector (HEC) token for allowing SC4S to send data to DSP. See Create and manage DSP HEC tokens through the Splunk Cloud Services CLI for more information. You'll need the <token> value that gets returned when the token is created.

Make sure that the SC4S disk buffer configuration is correctly set up to minimize the number of lost events if the connection to DSP is temporarily unavailable. See Data Resilience - Local Disk Buffer Configuration and SC4S Disk Buffer Configuration for more information on SC4S disk buffering.

Steps

  1. To configure your SC4S instance to use your DSP HEC token, set the following environment variables:
  2. Restart your SC4S workflow.

SC4S starts sending syslog data to DSP. You can now use SC4S as a data source by creating a pipeline that starts with the Splunk DSP Firehose source function. For instructions on how to build a data pipeline, see the Building a pipeline chapter in the Use the Data Stream Processor manual. For information about the source function, see Get data from Splunk DSP Firehose in the Function Reference manual.

Last modified on 13 January, 2023
Connecting syslog data sources to your DSP pipeline   Connecting multiple data sources to your DSP pipeline

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters