Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Create a DSP connection to a Splunk index

To send data from a data pipeline in the to a Splunk index, you must first create a connection using the Connector for the Splunk Platform. You can then use the connection in the Send to Splunk HTTP Event Collector or Send to a Splunk Index sink functions to send data from your DSP pipeline to your Splunk index.

Prerequisites

Steps

  1. In DSP, select the Connections page.
  2. On the Connections page, click Create Connection.
  3. On the Sink tab, select Connector for the Splunk Platform and then click Next.
  4. Complete the following fields:
    Field Description
    Connection Name A unique name for your connection.
    Description (Optional) A description of your connection.
    Splunk HEC endpoint URLs Your HEC endpoint URLs, separated by commas. Load balancing is performed if more than one endpoint is provided.


    The HEC endpoint URL format varies depending on whether you are sending data to Splunk Enterprise or Splunk Cloud Platform.

    • If you are connecting to Splunk Enterprise, then the HEC URLs must be formatted as https://hostname:port, https://hostname:port.
    • If you are connecting to a paid Splunk Cloud Platform, then the HEC URLs must be formatted as https://http-inputs-<host1>.splunkcloud.com:443, https://http-inputs-<host2>.splunkcloud.com:443. By default, the paid version of Splunk Cloud Platform uses port number 443 to listen for connections.
    • If you are connecting to a trial version of Splunk Cloud Platform, then the HEC URLs must be formatted as https://inputs.<host>.splunkcloud.com:8088. By default, the trial version of Splunk Cloud Platform uses port number 8088 to listen for connections.
    Splunk HEC endpoint token HEC token for the Splunk Enterprise or Splunk Cloud Platform instance.

    Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.

  5. Click Save.
  6. If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes. When you reactivate a pipeline, you must select where you want to resume data ingestion. See Using activation checkpoints to activate your pipeline in the Use the Data Stream Processor manual for more information.

You can now use your connection to send data to an index in Splunk Enterprise or Splunk Cloud Platform using the HTTP Event Collector. For detailed instructions on how to send data to Splunk Enterprise or Splunk Cloud Platform, see Connecting Splunk indexes to your DSP pipeline.

Last modified on 25 March, 2022
PREVIOUS
Connecting your pipeline to a Splunk index
  NEXT
Format event data in for Splunk indexes

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.3.0, 1.3.1


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters