Splunk® IT Service Intelligence

Entity Integrations Manual

Send data to Splunk Cloud Platform with ITSI data collection agents

You have to specify a particular hostname and HTTP Event Collect (HEC) port when you configure data collection agents to send data to Splunk Cloud Platform.

When you deploy a universal forwarder to send data to Splunk Cloud Platform, confirm that you already configured credentials for the universal forwarder. For more information, see Configure a universal forwarder to send data to ITSI in Splunk Cloud Platform.

Use Splunk Web to configure data collection

If you're using the Data Integrations page in ITSI, use these field value pairs, when required, so the data collection agents ITSI configures can send data to Splunk Cloud Platform:

Field Value
Monitoring Machine http-inputs-<cloud_hostname>.splunkcloud.com
HEC port 443

Configure the universal forwarder for Splunk Cloud Platform

You need to install the Forwarder app on Splunk Cloud Platform to install the universal forwarder. A universal forwarder require a hostname and receiver port. For more information, see Use forwarders to get data in to Splunk Cloud in the Splunk Cloud Getting Data in Manual.

Manually configure collectd to collect data

You have to specify server and port for Splunk Cloud Platform in the write_splunk collectd plug-in in collectd.conf. Collectd requires a hostname and HEC port. The plug-in looks like this for Splunk Cloud Platform:

<Plugin write_splunk>
server "http-inputs-<cloud_hostname>.splunkcloud.com"
port "443"
token "<HEC TOKEN>"
ssl true
verifyssl false
Dimension "entity_type:nix_host" 
Dimension "key2:value2"
Last modified on 28 April, 2023
Configure a universal forwarder to send data to ITSI in Splunk Cloud Platform   Overview of creating custom content packs in ITSI

This documentation applies to the following versions of Splunk® IT Service Intelligence: 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.12.0 Cloud only, 4.12.1 Cloud only, 4.12.2 Cloud only, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.14.0 Cloud only, 4.14.1 Cloud only, 4.14.2 Cloud only, 4.15.0, 4.15.1, 4.15.2, 4.15.3, 4.16.0 Cloud only, 4.17.0, 4.17.1, 4.18.0, 4.18.1, 4.19.0

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters