Version 25.3.9396

• Add the Splunk Connector
• Authenticate to Splunk
  • Basic
  • Access Token
  • HTTP Event Collector Token
• Complete Your Connection
• More Information

You can use the Splunk connector from the CData Sync application to capture data from Splunk and move it to any supported destination. To do so, you need to add the connector, authenticate to the connector, and complete your connection.

Add the Splunk Connector

To enable Sync to use data from Splunk, you first must add the connector, as follows:

1. Open the Connections page of the Sync dashboard.

2. Click Add Connection to open the Select Connectors page.

3. Click the Sources tab and locate the Splunk row.

4. Click the Configure Connection icon at the end of that row to open the New Connection page. If the Configure Connection icon is not available, click the Download Connector icon to install the Splunk connector. For more information about installing new connectors, see Connections.

Authenticate to Splunk

After you add the connector, you need to set the required properties.

• Connection Name - Enter a connection name of your choice.

• URL - Enter the URL for your Splunk endpoint (for example, https://YourSiteName.splunk.com:8089).

CData Sync supports authenticating to Splunk in several ways. Select your authentication method below to proceed to the relevant section that contains the authentication details.

• Basic (default)
• Access Token
• HTTP Event Collector Token

Basic

To connect with your user credentials, set the following properties:

• Auth Scheme: Select Basic.

• User: Enter the username that you use to authenticate to your Splunk account.

• Password: Enter the password that you use to authenticate to your Splunk account.

Access Token

To connect with an access token, specify the following properties:

• Auth Scheme - Select AccessToken.

• Access Token - Specify your Splunk access token. To obtain a token, navigate to Users and Authentication > Tokens to access your assigned authentication token. If you do not have a token, request one from the administrator of the instance that you want to access.

HTTP Event Collector Token

To connect with an HTTP Event Collector token, specify the following properties:

• Auth Scheme - Select HTTPEventCollectorToken.

• HTTP Event Collector Token - Enter the HTTP Event Collector (HEC) token that is used to access the HTTP Event Controller feature in your Splunk account.

  If you do not know the HEC token, you need to generate one, as follows:

  1. Log into your Splunk account and navigate to Settings > Data Inputs.

  2. Under Local Inputs, click HTTP Event Collector.

  3. Click the New Token button (upper right).

  4. Configure token settings by filling in required fields such as name, source, and index.

  5. Enable the token by sliding the toggle switch to Enabled.

  6. Click Save to generate the token.

  7. Copy the token value shown on the confirmation screen and paste it in the HTTP Event Collector Token text box in Sync.

Complete Your Connection

To complete your connection:

1. Define advanced connection settings on the Advanced tab. (In most cases, though, you should not need these settings.)

2. Click Create & Test to create your connection.

More Information

For more information about interactions between CData Sync and Splunk, see Splunk Connector for CData Sync.