Integrating Splunk with BetterCloud



When integrating a new application with your BetterCloud instance, the overall installation process is consistent. However, each integration is different, and may require varying levels and types of authentication. This article provides instructions for configuring and collecting all the information you need in order to add the Splunk integration in BetterCloud.

BetterCloud integrates with Splunk’s HTTP Event Collector in order to send information from your BetterCloud instance to your Splunk account. When adding this integration you must enter the following information:

  • API Token

*Please Note: This integration will only function for domains using Splunk Cloud. We cannot currently integrate with on-prem Splunk instances.

API Token

Creating a valid API token will first require you to configure Splunk’s HTTP Event Collector. To start, login to Splunk and navigate to “Settings” > “Data inputs” from the top right corner of your page.


Select “HTTP Event Collector.”


If you have not yet enable the event collector, you will need to do so under the “Global Settings” option.


Enable all tokens.


Once the event collector has been enabled, you will need a token to authorize BetterCloud to interact with it. Click “New Token” to create a token.


Name your token. All other fields aside from name are optional.


In the token’s input settings, select “json” as your source type, as BetterCloud will send information to Splunk in JSON.


Review your information and click “Submit.”


Once the token has been successfully created, you will be presented with the token value. Copy this value into the API key field.


You can also retrieve this value from the HTTP Event Collector configuration page at any time.


In order to finalize your configuration, you must add the HEC URI for your Splunk instance as an additional environment variable. You can find instructions on how to get your Splunk Cloud instance's HEC URI here.

When adding these variables, please note the following important formatting requirements:

  • You must prepend the required "Splunk" prefix when entering your Splunk API token into BetterCloud. A space is required after Splunk: "Splunk {your Splunk access token}"
  • The HECURI environment variable must NOT include the protocol at the beginning of the URI. For example, if your full HEC URI is https://input-host:port/services/collector, you would enter simply "input-host:port/services/collector"



Configure what events gets sent to Splunk

Once you've entered the variables above and clicked "Save", you will need need to configure the Integration's "Send Data to Splunk Cloud" Action to tell BetterCloud which logs to send to Splunk. 

To configure this Action, navigate to the "Extensions" tab inside your new Splunk Integration and select the "Send Data to Splunk Cloud" Action:


Inside that Action, select the Push Events you want to be sent to Splunk: 



Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request