Sources & Sinks
Operations
Splunk Log HTTP Source

Splunk Log HTTP Source

This guide explains how to send log data to Grepr using the Splunk HTTP Source. This source allows Grepr to read log data directly from a Splunk server. This allows you to use Grepr to synchronize logs between different vendors or to test out Grepr in a Splunk environment without modifying forwarders.

Prerequisites

Before setting up the Splunk HTTP Source:

  1. Get a REST API token by following the instructions in the Splunk documentation (opens in a new tab).
  2. Ensure your user role has capabilities: search, rest_access_server_endpoints.

Note: If you are using a Splunk Cloud account, please contact support@grepr.ai for assistance.

Setting Up Splunk Integration

Follow these steps to configure the Splunk integration in Grepr:

  1. In Grepr, navigate to the Integrations section and create a new Splunk integration.
  2. Enter the REST URL for your Splunk instance.
  3. Enter the REST token you created earlier. Splunk Integration
  4. Click on Create to save the integration.

Creating a Pipeline with Splunk HTTP Source

Once your Splunk integration is set up, follow these steps to create a pipeline:

  1. Navigate to the Pipelines section in Grepr.
  2. Begin setting up a new pipeline.
  3. When adding a source, select the Splunk integration created above from the HTTP source options. Splunk Integration
  4. Configure any additional pipeline settings as needed.
  5. Complete the pipeline setup following the standard workflow.
Storage location sourceTransforms