All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.
Create a DSP connection to Splunk Observability
To send data from a data pipeline in the to a Splunk Observability endpoint, you must first create a connection using the Connector for Splunk Observability. You can then use the connection in the Send to Splunk Infrastructure Monitoring or Send to Splunk APM sink functions to send data from your pipeline to your Splunk Observability endpoint.
Prerequisites
Before you can create the Splunk Observability connection, you must have the following:
- One of the following types of values for indicating your Splunk Observability endpoint:
- A public realm name, which is typically used with cloud-based Splunk Observability installations that are accessible via publicly available realm names. For example,
us1
. - A URL, which is typically used with non-public Splunk Observability endpoints. For example,
myobservability.myhostname.com
. - A comma-separated list of URLs, which is typically used with the Splunk Observability API and Ingest endpoints. For example,
api.myhostname.com,ingest.myhostname.com
.
IP addresses are not supported.
- A public realm name, which is typically used with cloud-based Splunk Observability installations that are accessible via publicly available realm names. For example,
- An organization-level access token for authenticating to your Splunk Observability endpoint. Search for "Access tokens" in the Splunk Infrastructure Monitoring documentation for more information.
If you don't have these credentials, ask your Splunk Observability administrator for assistance.
Steps
- In DSP, select the Connections page.
- On the Connections page, click Create Connection.
- On the Sink tab, select Connector for Splunk Observability and then click Next.
- Complete the following fields:
Field Description Connection Name A unique name for your Splunk Observability connection. Description (Optional) A description of your Splunk Observability connection. Endpoint Type The Splunk Observability endpoint type. - Set to
public_realm
to use a Splunk Observability public realm as an endpoint. - Set to
URL
to use a hostname as an endpoint. - Set to
multi_URL
to use the Splunk Observability API and Ingest hostnames as an endpoint.
This setting is case sensitive. All other values will fail validation.
Endpoint The Splunk Observability endpoint. - If Endpoint Type is set to
public_realm
, enter the Splunk Observability public realm. For example,us1
. - If Endpoint Type is set to
URL
, enter the hostname. For example,myobservability.myhostname.com
. IP addresses are not supported. - If Endpoint Type is set to
multi_URL
, enter the Splunk Observability API and Ingest hostnames as a comma separated list. For example,api.myhostname.com,ingest.myhostname.com
. IP addresses are not supported.
Org Token Your organization-level Splunk Observability access token used to authenticate to the Splunk Observability endpoint. Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.
- Set to
- Click Save.
If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes. When you reactivate a pipeline, you must select where you want to resume data ingestion. See Using activation checkpoints to activate your pipeline in the Use the Data Stream Processor manual for more information.
You can now use your connection in one of the Splunk Observability sink functions at the end of your data pipeline to send data to Splunk Infrastructure Monitoring or Splunk APM.
- For instructions on how to build a data pipeline, see the Building a pipeline chapter in the Use the Data Stream Processor manual. If you're planning to send metrics data to Splunk Infrastructure Monitoring, make sure that your data uses a compatible schema. See Formatting data into the Splunk Infrastructure Monitoring metrics schema.
- For information about the sink function for sending metrics data, see Send data to Splunk Infrastructure Monitoring in the Function Reference manual.
- For information about the sink function for sending trace data, see Send data to Splunk APM in the Function Reference manual.
Connecting Splunk Observability to your DSP pipeline | Formatting data into the Splunk Infrastructure Monitoring metrics schema |
This documentation applies to the following versions of Splunk® Data Stream Processor: 1.3.0, 1.3.1, 1.4.0, 1.4.1
Feedback submitted, thanks!