Create a DSP connection to Splunk Observability

To send data from a data pipeline in the to a Splunk Observability endpoint, you must first create a connection using the Connector for Splunk Observability. You can then use the connection in the Send to Splunk Infrastructure Monitoring or Send to Splunk APM sink functions to send data from your pipeline to your Splunk Observability endpoint.

Prerequisites

Before you can create the Splunk Observability connection, you must have the following:

• One of the following types of values for indicating your Splunk Observability endpoint:
  • A public realm name, which is typically used with cloud-based Splunk Observability installations that are accessible via publicly available realm names. For example, us1.
  • A URL, which is typically used with non-public Splunk Observability endpoints. For example, myobservability.myhostname.com.
  • A comma-separated list of URLs, which is typically used with the Splunk Observability API and Ingest endpoints. For example, api.myhostname.com,ingest.myhostname.com.

  IP addresses are not supported.

• An organization-level access token for authenticating to your Splunk Observability endpoint. Search for "Access tokens" in the Splunk Infrastructure Monitoring documentation for more information.

If you don't have these credentials, ask your Splunk Observability administrator for assistance.

Steps

1. In DSP, select the Connections page.
2. On the Connections page, click Create Connection.
3. On the Sink tab, select Connector for Splunk Observability and then click Next.
4. Complete the following fields:

   Field	Description
   Connection Name	A unique name for your Splunk Observability connection.
   Description (Optional)	A description of your Splunk Observability connection.
   Endpoint Type	The Splunk Observability endpoint type. Set to public_realm to use a Splunk Observability public realm as an endpoint. Set to URL to use a hostname as an endpoint. Set to multi_URL to use the Splunk Observability API and Ingest hostnames as an endpoint. This setting is case sensitive. All other values will fail validation.
   Endpoint	The Splunk Observability endpoint. If Endpoint Type is set to public_realm, enter the Splunk Observability public realm. For example, us1. If Endpoint Type is set to URL, enter the hostname. For example, myobservability.myhostname.com. IP addresses are not supported. If Endpoint Type is set to multi_URL, enter the Splunk Observability API and Ingest hostnames as a comma separated list. For example, api.myhostname.com,ingest.myhostname.com. IP addresses are not supported.
   Org Token	Your organization-level Splunk Observability access token used to authenticate to the Splunk Observability endpoint.

   Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.

5. Click Save.

If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes. When you reactivate a pipeline, you must select where you want to resume data ingestion. See Using activation checkpoints to activate your pipeline in the Use the Data Stream Processor manual for more information.

You can now use your connection in one of the Splunk Observability sink functions at the end of your data pipeline to send data to Splunk Infrastructure Monitoring or Splunk APM.

• For instructions on how to build a data pipeline, see the Building a pipeline chapter in the Use the Data Stream Processor manual. If you're planning to send metrics data to Splunk Infrastructure Monitoring, make sure that your data uses a compatible schema. See Formatting data into the Splunk Infrastructure Monitoring metrics schema.
• For information about the sink function for sending metrics data, see Send data to Splunk Infrastructure Monitoring in the Function Reference manual.
• For information about the sink function for sending trace data, see Send data to Splunk APM in the Function Reference manual.