Splunk® Data Stream Processor

Connect to Data Sources and Destinations with DSP

On April 3, 2023, Splunk Data Stream Processor reached its end of sale, and will reach its end of life on February 28, 2025. If you are an existing DSP customer, please reach out to your account team for more information.

All DSP releases prior to DSP 1.4.0 use Gravity, a Kubernetes orchestrator, which has been announced end-of-life. We have replaced Gravity with an alternative component in DSP 1.4.0. Therefore, we will no longer provide support for versions of DSP prior to DSP 1.4.0 after July 1, 2023. We advise all of our customers to upgrade to DSP 1.4.0 in order to continue to receive full product support from Splunk.

Create a DSP connection to a Splunk index

To send data from a data pipeline in the to a Splunk index, you must first create a connection using the Connector for the Splunk Platform. You can then use the connection in the Send to Splunk HTTP Event Collector or Send to a Splunk Index sink functions to send data from your DSP pipeline to your Splunk index.

Prerequisites

Steps

  1. In DSP, select the Connections page.
  2. On the Connections page, click Create Connection.
  3. On the Sink tab, select Connector for the Splunk Platform and then click Next.
  4. Complete the following fields:
    Field Description
    Connection Name A unique name for your connection.
    Description (Optional) A description of your connection.
    Splunk HEC endpoint URLs Your HEC endpoint URLs, separated by commas. Load balancing is performed if more than one endpoint is provided.


    The HEC endpoint URL format varies depending on whether you are sending data to Splunk Enterprise or Splunk Cloud Platform.

    • If you are connecting to Splunk Enterprise, then the HEC URLs must be formatted as https://hostname:port, https://hostname:port.
    • If you are connecting to a paid Splunk Cloud Platform, then the HEC URLs must be formatted as https://http-inputs-<host1>.splunkcloud.com:443, https://http-inputs-<host2>.splunkcloud.com:443. By default, the paid version of Splunk Cloud Platform uses port number 443 to listen for connections.
    • If you are connecting to a trial version of Splunk Cloud Platform, then the HEC URLs must be formatted as https://inputs.<host>.splunkcloud.com:8088. By default, the trial version of Splunk Cloud Platform uses port number 8088 to listen for connections.
    Splunk HEC endpoint token HEC token for the Splunk Enterprise or Splunk Cloud Platform instance.

    Any credentials that you upload are transmitted securely by HTTPS, encrypted, and securely stored in a secrets manager.

  5. Click Save.
  6. If you're editing a connection that's being used by an active pipeline, you must reactivate that pipeline after making your changes. When you reactivate a pipeline, you must select where you want to resume data ingestion. See Using activation checkpoints to activate your pipeline in the Use the Data Stream Processor manual for more information.

You can now use your connection to send data to an index in Splunk Enterprise or Splunk Cloud Platform using the HTTP Event Collector. For detailed instructions on how to send data to Splunk Enterprise or Splunk Cloud Platform, see Connecting Splunk indexes to your DSP pipeline.

Last modified on 25 March, 2022
Connecting your pipeline to a Splunk index   Format event data in for Splunk indexes

This documentation applies to the following versions of Splunk® Data Stream Processor: 1.3.0, 1.3.1, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters