Send data from Ingest Processor to your Splunk Observability Cloud deployment
Send data from Ingest Processor to your Splunk Observability Cloud deployment by creating a connection between your cloud tenant and your Splunk Observability Cloud deployment. You can use this connection to send data from Ingest Processor to the connected Splunk Observability Cloud deployment. To do this, you must create a pipeline that uses a destination that is associated with this connection, and then apply the pipeline.
To create a connection between your cloud tenant and your Splunk Observability Cloud deployment, perform the following steps:
- Step 1: Create a Splunk Observability Cloud token
- Step 2: Create a Splunk Observability Cloud connection
- Step 3: Create a Splunk Observability Cloud destination
Step 1: Create a Splunk Observability Cloud token
In your Splunk Observability Cloud deployment, create an organization access token. The organization access token must have authScope
set to INGEST
.
For more information, see the Create and manage authentication tokens using Splunk Observability Cloud topic in the Splunk Observability Cloud manual.
Step 2: Create a Splunk Observability Cloud connection
Create a Splunk Observability Cloud connection dataset in your Splunk Cloud Platform tenant. This connection dataset contains the realm and subdomain information for the connection between your Splunk Cloud Platform tenant, and your Splunk Observability Cloud deployment.
- On the home page of your Splunk Cloud Platform tenant, select the Settings cog, and then System connections.
- On the System Connections page, select New Splunk Observability Cloud Connection.
- On the Connect to Splunk Observability Cloud page, complete the following Connection information:
Field Description Name Name of your connection. Name must be between 3 and 50 alphanumeric characters and underscores. Realm A realm is a self-contained deployment of Splunk Observability Cloud, in which your organization is hosted. Valid realm formatting consists of two letters, followed by a single digit number (For example, "us1", "us2"). See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your realm. Organization You can provide either your Organization ID or your Subdomain if your Splunk Observability Cloud deployment has one. - Organization ID - Your Splunk Observability Cloud organization ID. See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your organization ID.
- Subdomain - Name of your subdomain. Subdomain must start and end with alphanumeric characters and can contain hyphens in between.
You can test that your provided realm and Organization ID or Subdomain directs your connection to the correct Splunk Observability Cloud deployment by selecting the View your realm and organization link.
If you provide an Organization ID and are not logged into Splunk Observability Cloud, selecting this link will take you to the general Splunk Observability Cloud sign-on page. If you provide a Subdomain, selecting the link will take you to your organization's Splunk Observability Cloud sign-on page.
(Optional) Description Description of your connection. Description must be between 3 and 50 characters. - Select Create connection.
Step 3: Create a Splunk Observability Cloud destination
Now that you've connected your Splunk Observability Cloud deployment, you can set up a Splunk Observability Cloud destination for your Ingest Processor.
- Navigate to the Destinations page, select New destination, then select Splunk Observability Cloud.
- On the Destination Information menu, enter the following:
- A unique name starting with a letter. Names can contain only lowercase letters, numbers, underscores, or the at (@) character. Maximum 80 characters.
- A description with a maximum of 250 characters.
- On the Splunk Observability Cloud Connection Settings menu, enter the following:
- Select the connection that you want to use to connect to Splunk Observability Cloud. If you do not have a connection dataset, click Create Connection.
- Enter the token for your Splunk Observability Cloud deployment.
This token must have the
authScope
set toINGEST
. See Step 1: Create a Splunk Observability Cloud token for more information.
- Select Add.
If you are generating logs into metrics for ingestion into your Splunk Observability Cloud deployment, you must use the logs to metrics function to get the metrics destination selection to display your Splunk Observability Cloud context dataset. For more information, see the Generate logs into metrics using Ingest Processor topic in this manual.
Send data from Ingest Processor to the Splunk Cloud Platform deployment connected to your tenant | Send metrics data from Ingest Processor to a Splunk platform metrics index |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!