Splunk® Data Stream Processor

Use the Data Stream Processor

On April 3, 2023, Splunk Data Stream Processor will reach its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

Create a connection to the Splunk platform in DSP

You can use the Write to Splunk Enterprise function to send data from the Data Stream Processor (DSP) to an external Splunk Enterprise or Splunk Cloud environment. The Write to Splunk Enterprise function is a connector. Before you can use any connector, you must create a connection.

If you are editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes.

Prerequisites

Steps

  1. Click the Manage Connections tab.
  2. Click Create New Connection.
  3. Choose the Splunk Enterprise connector.
  4. Click Next.
  5. Complete the following fields:
    Field Description
    Name The connection name.
    Description A description of your connection.
    Splunk URL Your HEC endpoint URLs, separated by commas. Your URLs must be formatted as https://hostname:port, https://hostname:port. Load balancing is performed if more than one endpoint is provided.
    HEC token HEC token for the Splunk Enterprise or Splunk Cloud instance.


    Any credentials that you upload is transmitted securely by HTTPs, encrypted, and securely stored in a secrets manager.

  6. Click Save.

You can now use your Splunk Enterprise connection to send data to an index in Splunk Enterprise or Splunk Cloud using the HTTP Event Collector. For detailed instructions on how to send data to Splunk Enterprise or Splunk Cloud, see About sending data to Splunk Enterprise.

Last modified on 16 March, 2020
Overview of sending data from DSP to the Splunk platform   Formatting event data

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.0.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters