Splunk® IT Essentials Work

Entity Integrations Manual

This documentation does not apply to the most recent version of Splunk® IT Essentials Work. For documentation on the most recent version, go to the latest release.

Send data to Splunk Cloud Platform with ITE Work data collection agents

You have to specify a particular hostname and HTTP Event Collect (HEC) port when you configure data collection agents to send data to Splunk Cloud Platform.

When you deploy a universal forwarder to send data to Splunk Cloud Platform, confirm that you already configured credentials for the universal forwarder. For more information, see Configure a universal forwarder to send data to ITE Work in Splunk Cloud Platform.

Use Splunk Web to configure data collection

If you're using the Data Integrations page in ITE Work, use these field value pairs, when required, so the data collection agents ITE Work configures can send data to Splunk Cloud Platform:

Field Value
Monitoring Machine http-inputs-<cloud_hostname>.splunkcloud.com
HEC port 443

Configure the universal forwarder for Splunk Cloud Platform

You need to install the Forwarder app on Splunk Cloud Platform to install the universal forwarder. A universal forwarder require a hostname and receiver port. For more information, see Use forwarders to get data in to Splunk Cloud in the Splunk Cloud Getting Data in Manual.

Manually configure collectd to collect data

You have to specify server and port for Splunk Cloud Platform in the write_splunk collectd plug-in in collectd.conf. Collectd requires a hostname and HEC port. The plug-in looks like this for Splunk Cloud Platform:

<Plugin write_splunk>
server "http-inputs-<cloud_hostname>.splunkcloud.com"
port "443"
token "<HEC TOKEN>"
ssl true
verifyssl false
Dimension "entity_type:nix_host" 
Dimension "key2:value2"
</Plugin>
Last modified on 28 February, 2024
Configure a universal forwarder to send data to ITE Work in Splunk Cloud Platform   CreateContentPacks

This documentation applies to the following versions of Splunk® IT Essentials Work: 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.10.0 Cloud only, 4.10.1 Cloud only, 4.10.2 Cloud only, 4.10.3 Cloud only, 4.10.4 Cloud only, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.6, 4.12.0 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters