Splunk® Infrastructure Monitoring Add-on

Splunk Infrastructure Monitoring Add-on

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Configure the Splunk Infrastructure Monitoring Add-on

To allow the Splunk Infrastructure Monitoring Add-on to access your Splunk Infrastructure Monitoring organization, configure an account using your organization's access token and API endpoint. You can configure multiple Infrastructure Monitoring accounts within the add-on.

The first account you create is automatically set as the default account, which is used to authenticate and fetch data from Infrastructure Monitoring. If you don't provide an org_id in the SIM search command, the add-on uses the credentials from the default account. You can't delete the default account until you make another account the default, unless only one account is configured.

Where to configure the add-on

The following table explains where to perform these configuration steps depending on your environment type:

Environment type Installation locations
Splunk Enterprise
  • Search head
  • Universal or heavy forwarders (if using the modular input)
Splunk Cloud
  • Search head
  • Inputs Data Manager (if using the modular input)


To set up an account in the Splunk Infrastructure Monitoring Add-on, go to the Configuration tab and click Connect an Account, then configure the following fields:


Perform the following steps to get your realm API endpoint:

  1. Within Infrastructure Monitoring, go to Settings > My Profile.
  2. Locate and copy the Realm assigned to your organization. For example, us1.
  3. Go back to the Splunk Infrastructure Monitoring Add-on and paste the URL in the Realm field.

Access Token

Perform the following steps to create an access token:

  1. Within Infrastructure Monitoring, click your avatar and choose Organization Settings > Access Tokens.
  2. Click New Token.
  3. Name you access token splunk_sim_integration_token or something similar, then click OK.
  4. Click the token's action menu and select Manage Token Limit.
  5. Expand Advanced Settings configure the following settings:
    Setting Value
    Job Start Rate 60
    Event Search Rate 30
  6. Click Update.
  7. Expand the token and click Show Token.
  8. Click Copy to copy the token to your clipboard.
  9. Go back to the Splunk Infrastructure Monitoring Add-on and paste the token in the Access Token field.

For more information about using access tokens, see Create and manage organization access tokens in the Infrastructure Monitoring documentation.

Check the connection and save

  1. Click Check Connection to make sure the add-on can successfully connect to your Infrastructure Monitoring organization. If it can't connect, go back to Infrastructure Monitoring and make sure you have the correct realm and access token combination.
  2. Click Submit. The Add-on fetches your organization name and ID and displays the information on the account lister page.

Enable data collection

When you are finished configuring your account, you can enable data collection for the account on the Splunk Infrastructure Monitoring Account Configuration page. To do so, select the toggle for the account you want to enable data collection for in the Data Collection column.

Programs with a SAMPLE_ prefix will not run when data collection is enabled. To enable sample programs you can manually enable the program or clone the program and rename it. See [http://docs.splunk.com/Documentation/SIMAddon/1.2.2/Install/ModInput#Sample_programs Sample programs] for steps to use a sample program.

Last modified on 10 January, 2022
Install the Splunk Infrastructure Monitoring Add-on
Configure inputs in the Splunk Infrastructure Monitoring Add-on

This documentation applies to the following versions of Splunk® Infrastructure Monitoring Add-on: 1.1.0, 1.2.0, 1.2.1, 1.2.2

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters