Splunk Cloud Platform

Use Ingest Processors

Ingest Processor is currently released as a preview only and is not officially supported. See Splunk General Terms for more information. For any questions on this preview, please reach out to ingestprocessor@splunk.com.

Send data from Ingest Processor to your Splunk Observability Cloud deployment

Send data from Ingest Processor to your Splunk Observability Cloud deployment by creating a connection between your cloud tenant and your Splunk Observability Cloud deployment. You can use this connection to send data from Ingest Processor to the connected Splunk Observability Cloud deployment. To do this, you must create a pipeline that uses a destination that is associated with this connection, and then apply the pipeline. If you want to send data to an index that was created after the Splunk Observability Cloud deployment was connected to the tenant, then you might need to refresh the connection before that index becomes available as a destination.

The specific index that the data from Ingest Processor gets routed to is determined by a precedence order of configurations. For more information, see Index precedence order when using S2S.

To create a connection between your cloud tenant and your Splunk Observability Cloud deployment, perform the following steps:

Step 1: Create a Splunk Observability Cloud token

In your Splunk Observability Cloud deployment, create an organization access token. The organization access token must have authScope set to INGEST.

For more information, see the Create and manage authentication tokens using Splunk Observability Cloud topic in the Splunk Observability Cloud manual.

Step 2: Create a Splunk Observability Cloud connection

Create a Splunk Observability Cloud connection dataset in your Splunk Cloud Platform tenant. This connection dataset contains the realm and subdomain information for the connection between your Splunk Cloud Platform tenant, and your Splunk Observability Cloud deployment.

  1. On the home page of your Splunk Cloud Platform tenant, select the Settings cog, and then System connections.
  2. On the System Connections page, select New, then Observability Connection.
  3. On the Connect to Splunk Observability Cloud page, complete the following Connection information:
    Field Description
    Name Name of your connection. Name must be between 3 and 50 alphanumeric characters and underscores.
    Realm A realm is a self-contained deployment of Splunk Observability Cloud, in which your organization is hosted. Valid realm formatting consists of two letters, followed by a single digit number (For example, "us1", "us2"). See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your realm.
    Organization You can provide either your Organization ID or your Subdomain if your Splunk Observability Cloud deployment has one.
    • Organization ID - Your Splunk Observability Cloud organization ID. See View your realm, API endpoints, and organization in the Splunk Observability Cloud documentation for steps on how to find your organization ID.
    • Subdomain - Name of your subdomain. Subdomain must start and end with alphanumeric characters and can contain hyphens in between.
    (Optional) Description Description of your connection. Description must be between 3 and 50 characters.
  4. Select Create connection.

Step 3: Create a Splunk Observability Cloud destination

Now that you've connected your Splunk Observability Cloud deployment, you can set up a Splunk Observability Cloud destination for your Ingest Processor.

  1. Navigate to the Destinations page, select New destination, then select Splunk Observability Cloud.
  2. On the Destination Information menu, enter the following:
    • A unique name starting with a letter. Names can contain only lowercase letters, numbers, underscores, or the at (@) character. Maximum 80 characters.
    • A description with a maximum of 250 characters.
  3. On the Splunk Observability Cloud Connection Settings menu, enter the following:
    • Select the connection that you want to use to connect to Splunk Observability Cloud. If you do not have a connection dataset, click Create Connection.
    • Enter the token for your Splunk Observability Cloud deployment.
  4. Select Add.

If you are generating logs into metrics for ingestion into your Splunk Observability Cloud deployment, you must use the logs to metrics function to get the metrics destination selection to display your Splunk Observability Cloud context dataset. For more information, see the Generate logs into metrics using Ingest Processor topic in this manual.

Last modified on 14 March, 2024
Send data from Ingest Processor to the Splunk Cloud Platform deployment connected to your tenant   Send metrics data from Ingest Processor to a Splunk platform metrics index

This documentation applies to the following versions of Splunk Cloud Platform: 9.1.2308 (latest FedRAMP release), 9.1.2312

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters