Splunk

A Splunk integration can be added via HEC in both the UI and the API.

Requirements

Here are the requirments for setting up a Splunk integration in Grepr.

1. To create a Splunk integration, you'll need an HEC Token. See the instruction on how to create an HEC token in Splunk at https://docs.splunk.com/Documentation/Splunk/9.4.1/Data/UsetheHTTPEventCollector (opens in a new tab).

2. You need to configure Splunk collectors to send data to Grepr. Below we explain how to do this using the Splunk OpenTelemetry Collector helm charts, though the same configuration would apply if not using helm charts.

3. Grepr supports Splunk Cloud without requiring any further configurations. However, for Splunk Enterprise, Grepr SaaS requires access to your Splunk Enterprise instance. Contact us for help if you're running Splunk Enterprise.

Sending data to Grepr

To send data to Grepr from the Splunk collector, you need to configure the collector to use the ingestion URL. You can get this ingestion URL from the pipeline's detail view, by going to the "Sources" section as shown below.

Splunk OpenTelemetry Collector helm chart configuration

To configure this collector:

1. Set splunkPlatform.endpoint to the Grepr ingest URL.
2. Set splunkPlatform.token to the HEC token.
3. Set splunkPlatform.logsEnabled to true.

splunkPlatform:
  endpoint: <Ingest URL>
  token: <HEC token>
  logsEnabled: true

Visit https://github.com/signalfx/splunk-otel-collector-chart (opens in a new tab) for more information on deploying Splunk collector using helm charts.

Creating a Splunk Integration in Grepr

To create a Splunk integration, follow the instructions below.

1. Go to the Integrations page in the Grepr UI and click on the Add new button in front of Observability Vendors.

2. Select Splunk from the list of vendors. 3. Enter a name for the integration 4. Enter the Splunk URL 5. Enter the HEC token you created earlier.