Configure Splunk Infrastructure Monitoring Add-on

To allow the Splunk Infrastructure Monitoring Add-on to access your Splunk Infrastructure Monitoring organization, configure an account using your organization's access token and API endpoint. You can configure multiple Infrastructure Monitoring accounts within the add-on.

The first account you create is automatically set as the default account, which is used to authenticate and fetch data from Infrastructure Monitoring. If you don't provide an org_id in the SIM search command, the add-on uses the credentials from the default account. You can't delete the default account until you make another account the default, unless only one account is configured.

Where to configure the add-on

The following table explains where to perform these configuration steps depending on your environment type:

Steps

To set up an account in the Splunk Infrastructure Monitoring Add-on, go to the Configuration tab and click Connect an Account, then configure the following fields:

Realm

You need to know your realm to configure the Splunk Infrastructure Monitoring Add-on. Perform the following steps to determine your realm:

1. In the Observability Cloud main menu, select Settings.
2. Select your user name at the top of the Settings menu.
3. On the Organizations tab, you can view or copy your realm, API endpoints, organizations, organization IDs, and API access token for your organization.
4. Go back to the Splunk Infrastructure Monitoring Add-on and enter your Realm in the Realm field.

Perform the following steps to get your realm API endpoint:

1. Within the profile accessed by clicking on your user name, click on the Organizations tab.
2. Locate and copy the Realm assigned to your organization. For example, us1 or eu0.
3. Locate and copy the API Endpoint URL displayed below the Realm.

Access Token

Perform the following steps to create an access token:

1. Within Infrastructure Monitoring, click your avatar and choose Organization Settings > Access Tokens.
2. Click New Token.
3. Name your access token splunk_sim_integration_token or something similar but unique, then click OK.
4. Select API Token from among the authorization scope choices so that this token will authenticate with Infrastructure Monitoring endpoints, as opposed to RUM ingest or data ingest endpoints.
5. Click the token's action menu and select Manage Token Limit.
6. Expand Advanced Settings configure the following settings:

   Setting	Value
   Job Start Rate	60
   Event Search Rate	30

7. Click Update.
8. Expand the token and click Show Token.
9. Click Copy to copy the token to your clipboard.
10. Go back to the Splunk Infrastructure Monitoring Add-on and paste the token in the Access Token field.

For more information about using access tokens, see Create and manage organization access tokens in the Infrastructure Monitoring documentation.

Check the connection and save

1. Click Check Connection to make sure the add-on can successfully connect to your Infrastructure Monitoring organization. If it can't connect, go back to Infrastructure Monitoring and make sure you have the correct realm and access token combination.
2. Click Submit. The Add-on fetches your organization name and ID and displays the information on the account lister page.

Enable data collection

When you are finished configuring your account, you can enable data collection for the account on the Splunk Infrastructure Monitoring Account Configuration page. To do so, select the toggle for the account you want to enable data collection for in the Data Collection column.

Programs with a SAMPLE_ prefix will not run when data collection is enabled. To enable sample programs you can manually enable the program or clone the program and rename it. See [http://docs.splunk.com/Documentation/SIMAddon/1.2.6/Install/ModInput#Sample_programs Sample programs] for steps to use a sample program.