About Terraform templates
Splunk provides Terraform templates to set up the data ingestion dataflow job in the project that you want. This allows Splunk to read data from Access Transparency Logs and Data Access Logs. The template creates an IAM role for each project with the correct permission set and attaches them to this service account. You apply the templates in the directory where you initialized the terraform template.
Deploy Terraform templates
Data Manager sets up resources, such as IAM roles for each project that you select for data onboarding. Deploying templates takes approximately 10 minutes.
- Splunk provides a nested stack set template, which takes a couple of minutes to prepare.
- Download the template when the download button is enabled.
- Apply the template to start setting up resources across all the lists of GCP projects for data ingestion into Splunk through the HTTP Event Collector (HEC).
- Data starts flowing within approximately 5 minutes.
The template preparation period varies depending on the number of data sources you selected during onboarding. After you specify the data sources that need to be onboarded, the template resources synchronously creates one HEC token for every dataset as part of the final download ingest templates operation.
You see this as a disabled download button in the UI until all the tokens are created. If you hover over the download button, you see the message regarding template preparation. There is also an information banner with status and tips. The template download button is enabled when all tokens are created for data ingestion.
Select Finish to navigate to the Data Management home page and see your data input.
GCP prerequisites for Data Manager
Verify the data input for Google Cloud Platform in Data Manager
This documentation applies to the following versions of Data Manager: 1.7.0