You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: src/content/docs/logs/get-started/enable-destinations/splunk.mdx
+5-6Lines changed: 5 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,7 +10,7 @@ head:
10
10
11
11
import { Render } from"~/components";
12
12
13
-
Cloudflare Logpush supports pushing logs directly to Splunk via the Cloudflare dashboard or via API.
13
+
The [HTTP Event Collector (HEC)](https://dev.splunk.com/enterprise/docs/devtools/httpeventcollector/) is a reliable method to receive data from Splunk Enterprise or Splunk Cloud Platform. Cloudflare Logpush supports pushing logs directly to Splunk HEC via the Cloudflare dashboard or API.
14
14
15
15
## Manage via the Cloudflare dashboard
16
16
@@ -19,9 +19,9 @@ Cloudflare Logpush supports pushing logs directly to Splunk via the Cloudflare d
19
19
5. In **Select a destination**, choose **Splunk**.
20
20
21
21
6. Enter or select the following destination information:
22
-
-**Splunk raw HTTP Event Collector URL**
23
-
-**Channel ID** - This is a random GUID that you can generate using [guidgenerator.com](http://guidgenerator.com/).
24
-
-**Auth Token**
22
+
-**Splunk HEC URL**
23
+
-**Channel ID** - This is a random GUID that you can generate using [guidgenerator.com](https://guidgenerator.com/).
24
+
-**Auth Token** - Event Collector token.
25
25
-**Source Type** - For example, `cloudflare:json`. If you are using the [Cloudflare App for Splunk](https://splunkbase.splunk.com/app/4501), refer to the appropriate source type for the corresponding datasets under the **Details** section. For instance, for Zero Trust Access requests logs, the source type is `cloudflare:access`.
@@ -64,10 +64,9 @@ To create a job, make a `POST` request to the Logpush jobs endpoint with the fol
64
64
-**destination_conf** - A log destination consisting of an endpoint URL, channel id, insecure-skip-verify flag, source type, authorization header in the string format below.
65
65
66
66
-**\<SPLUNK_ENDPOINT_URL>**: The Splunk raw HTTP Event Collector URL with port. For example: `splunk.cf-analytics.com:8088/services/collector/raw`.
67
-
- Cloudflare expects the HEC network port to be configured to `:443` or `:8088`.
68
67
- Cloudflare expects the Splunk endpoint to be `/services/collector/raw` while configuring and setting up the Logpush job.
69
68
- Ensure you have enabled HEC in Splunk. Refer to [Splunk Analytics Integrations](/analytics/analytics-integrations/splunk/) for information on how to set up HEC in Splunk.
70
-
- You may notice an API request failed with a 504 error, when adding an incorrect URL. Splunk Cloud endpoint URL usually contains `http-inputs-` or similar text before the hostname. Refer to [Send data to HTTP Event Collector on Splunk Cloud Platform](https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_Event_Collector) for more details.
69
+
- You may notice an API request failed with a 504 error, when adding an incorrect URL. Splunk Cloud endpoint URL usually contains `http-inputs-` or similar text before the hostname.
71
70
-**\<SPLUNK_CHANNEL_ID>**: A unique channel ID. This is a random GUID that you can generate by:
72
71
- Using an online tool like the [GUID generator](https://www.guidgenerator.com/).
73
72
- Using the command line. For example: `python -c 'import uuid; print(uuid.uuid4())'`.
0 commit comments