Splunk Cloud Platform

Use Ingest Processors

Send data from Ingest Processor to your Splunk Observability Cloud deployment

Send data from Ingest Processor to your Splunk Observability Cloud deployment by creating a connection between your cloud tenant and your Splunk Observability Cloud deployment. You can use this connection to send data from Ingest Processor to the connected Splunk Observability Cloud deployment. To do this, you must create a pipeline that uses a destination that is associated with this connection, and then apply the pipeline.

To create a connection between your cloud tenant and your Splunk Observability Cloud deployment, perform the following steps:

Step 1: Create a Splunk Observability Cloud token

In your Splunk Observability Cloud deployment, create an organization access token. The organization access token must have authScope set to INGEST.

For more information, see the Create and manage authentication tokens using Splunk Observability Cloud topic in the Splunk Observability Cloud manual.

Step 2: Create a Splunk Observability Cloud connection

Create a Splunk Observability Cloud connection dataset in your Splunk Cloud Platform tenant. This connection dataset contains the realm and subdomain information for the connection between your Splunk Cloud Platform tenant, and your Splunk Observability Cloud deployment.

  1. On the home page of your Splunk Cloud Platform tenant, select the Settings cog, and then System connections.
  2. On the System Connections page, select New Splunk Observability Cloud Connection.
  3. On the Connect to Splunk Observability Cloud page, complete the following Connection information:
    Field Description
    Name Name of your connection. Name must be between 3 and 50 alphanumeric characters and underscores.
    Realm A realm is a self-contained deployment of Splunk Observability Cloud, in which your organization is hosted. Valid realm formatting consists of two letters, followed by a single digit number (For example, "us1", "us2"). See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your realm.
    Organization You can provide either your Organization ID or your Subdomain if your Splunk Observability Cloud deployment has one.
    • Organization ID - Your Splunk Observability Cloud organization ID. See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your organization ID.
    • Subdomain - Name of your subdomain. Subdomain must start and end with alphanumeric characters and can contain hyphens in between.

    You can test that your provided realm and Organization ID or Subdomain directs your connection to the correct Splunk Observability Cloud deployment by selecting the View your realm and organization link.

    If you provide an Organization ID and are not logged into Splunk Observability Cloud, selecting this link will take you to the general Splunk Observability Cloud sign-on page. If you provide a Subdomain, selecting the link will take you to your organization's Splunk Observability Cloud sign-on page.

    (Optional) Description Description of your connection. Description must be between 3 and 50 characters.
  4. Select Create connection.

Step 3: Create a Splunk Observability Cloud destination

Now that you've connected your Splunk Observability Cloud deployment, you can set up a Splunk Observability Cloud destination for your Ingest Processor.

  1. Navigate to the Destinations page, select New destination, then select Splunk Observability Cloud.
  2. On the Destination Information menu, enter the following:
    • A unique name starting with a letter. Names can contain only lowercase letters, numbers, underscores, or the at (@) character. Maximum 80 characters.
    • A description with a maximum of 250 characters.
  3. On the Splunk Observability Cloud Connection Settings menu, enter the following:
    • Select the connection that you want to use to connect to Splunk Observability Cloud. If you do not have a connection dataset, click Create Connection.
    • Enter the token for your Splunk Observability Cloud deployment.

      This token must have the authScope set to INGEST. See Step 1: Create a Splunk Observability Cloud token for more information.

  4. Select Add.

If you are generating logs into metrics for ingestion into your Splunk Observability Cloud deployment, you must use the logs to metrics function to get the metrics destination selection to display your Splunk Observability Cloud context dataset. For more information, see the Generate logs into metrics using Ingest Processor topic in this manual.

Last modified on 17 July, 2024
Send data from Ingest Processor to the Splunk Cloud Platform deployment connected to your tenant   Send metrics data from Ingest Processor to a Splunk platform metrics index

This documentation applies to the following versions of Splunk Cloud Platform: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters