Integrating Splunk with BetterCloud

Follow

When integrating a new application with your BetterCloud instance, the overall installation process is consistent. However, each integration is different, and may require varying levels and types of authentication. This article provides instructions for configuring and collecting all the information you need in order to add the Splunk integration in BetterCloud.

BetterCloud integrates with Splunk’s HTTP Event Collector in order to send information from your BetterCloud instance to your Splunk account. When adding this integration you must enter the following information:

  • API Token
  • HECURI (HEC URI)

*Please Note: This integration will only function for domains using Splunk Cloud. We cannot currently integrate with on-prem Splunk instances.

API Token

Creating a valid API token will first require you to configure Splunk’s HTTP Event Collector. To start, login to Splunk and navigate to “Settings” > “Data inputs” from the top right corner of your page.

Splunk-1.png

Select “HTTP Event Collector.”

Splunk-2.png

If you have not yet enable the event collector, you will need to do so under the “Global Settings” option.

Splunk-3.png

Enable all tokens.

Splunk-4.png

Once the event collector has been enabled, you will need a token to authorize BetterCloud to interact with it. Click “New Token” to create a token.

Splunk-5.png

Name your token. All other fields aside from name are optional.

Splunk-6.png

In the token’s input settings, select “json” as your source type, as BetterCloud will send information to Splunk in JSON.

Splunk-7.png

Review your information and click “Submit.”

Splunk-8.png

Once the token has been successfully created, you will be presented with the token value. Copy this value into the API key field.

Splunk-9.png

You can also retrieve this value from the HTTP Event Collector configuration page at any time.

HEC URI

In order to finalize your configuration, you must add the HEC URI for your Splunk instance as an additional header. You can find instructions on how to get your Splunk Cloud instance's HEC URI here.

Once you have successfully added the integration, you can update your API token from the integration’s basic information. Your base URL will be added as an encrypted environment variable.

Configure what events gets sent to Splunk

Once you've entered the variables above and clicked "Save", you will need need to configure the Integration's "Send Data to Splunk Cloud" Action to tell BetterCloud which logs to send to Splunk. 

To configure this Action, navigate to the "Extensions" tab inside your new Splunk Integration and select the "Send Data to Splunk Cloud" Action:

Send_Data_to_Splunk_Cloud.png

Inside that Action, select the Push Events you want to be sent to Splunk. Then under "Test your Push Event", select an event type and click "Run Test" to confirm BetterCloud can successfully push an event to Splunk: 

Test_Push_Event.png

If your test was successful, you will be able to "Save" the configuration!

Successful_test.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request