Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On October 30, 2022, all 1.2.x versions of the Splunk Data Stream Processor will reach its end of support date. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see the Upgrade the Splunk Data Stream Processor topic.
This documentation does not apply to the most recent version of Splunk® Data Stream Processor. For documentation on the most recent version, go to the latest release.

Create a DSP connection to Splunk Observability

To send data from a data pipeline in the to a Splunk Observability endpoint, you must first create a connection using the Connector for Splunk Observability. You can then use the connection in the Send to Splunk Infrastructure Monitoring or Send to Splunk APM sink functions to send data from your pipeline to your Splunk Observability endpoint.

Prerequisites

Before you can create the Splunk Observability connection, you must have the following:

  • One of the following types of values for indicating your Splunk Observability endpoint:
    • A public realm name, which is typically used with cloud-based Splunk Observability installations that are accessible via publicly available realm names. For example, us1.
    • A URL, which is typically used with non-public Splunk Observability endpoints. For example, myobservability.myhostname.com.
    • A comma-separated list of URLs, which is typically used with the Splunk Observability API and Ingest endpoints. For example, api.myhostname.com,ingest.myhostname.com.

    IP addresses are not supported.

  • An organization-level access token for authenticating to your Splunk Observability endpoint. Search for "Access tokens" in the Splunk Infrastructure Monitoring documentation for more information.

If you don't have these credentials, ask your Splunk Observability administrator for assistance.

Steps

  1. In the , select the Connections tab and then click Create Connection.
  2. Select Connector for Splunk Observability and then click Next.
  3. Complete the following fields:
    Field Description
    Connection Name A unique name for your Splunk Observability connection.
    Description (Optional) A description of your Splunk Observability connection.
    Endpoint Type The Splunk Observability endpoint type.
    • Set to public_realm to use a Splunk Observability public realm as an endpoint.
    • Set to URL to use a hostname as an endpoint.
    • Set to multi_URL to use the Splunk Observability API and Ingest hostnames as an endpoint.

    This setting is case sensitive. All other values will fail validation.

    Endpoint The Splunk Observability endpoint.
    • If Endpoint Type is set to public_realm, enter the Splunk Observability public realm. For example, us1.
    • If Endpoint Type is set to URL, enter the hostname. For example, myobservability.myhostname.com. IP addresses are not supported.
    • If Endpoint Type is set to multi_URL, enter the Splunk Observability API and Ingest hostnames as a comma separated list. For example, api.myhostname.com,ingest.myhostname.com. IP addresses are not supported.
    Org Token Your organization-level Splunk Observability access token used to authenticate to the Splunk Observability endpoint.

    Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.

  4. Click Save.
  5. If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes. When you reactivate a pipeline, you must select where you want to resume data ingestion. See Using activation checkpoints to activate your pipeline in the Use the Data Stream Processor manual for more information.

You can now use your connection in one of the Splunk Observability sink functions at the end of your data pipeline to send data to Splunk Infrastructure Monitoring or Splunk APM.

Last modified on 26 February, 2022
Connecting Splunk Observability to your DSP pipeline   Formatting data into the Splunk Infrastructure Monitoring metrics schema

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.2.1, 1.2.2-patch02, 1.2.4, 1.2.5


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters