Set up a Splunk integration

1. In the side menu, go to Platform, then select Integrations.

2. Click Create Integration. Filter by selecting the Notifications category.

3. Click Splunk.

4. In the Name of Integration field, enter a name for the integration.

5. Enter the HTTP Collector endpoint. View the Splunk documentation to determine the format of the endpoint you should use.

   • Example: https://http-inputs-.splunkcloud.com:8088/services/collector/event
   • Using Splunk Free Trial. Mark as enabled if you currently using the Spunk free trial. If enabled this will turn off SSL Verify as free trials use self signed certificates.

6. HTTP Collector API Token - Paste your Splunk API token into this field. To create a token in Splunk:

   • Go to the Settings menu. Click Add Data.
   • Click Monitor.
   • Select HTTP Event Collector. Click Next.
   • Select Main as the Index.
   • Click Review. Click Submit.
   • Copy the token.

View the Splunk documentation for more information about creating an Event Collector token on the Splunk Cloud Platform.

7. Click Submit.

The integration is created and listed under the existing integrations tab You can now select this integration as a notification method when you create an alert or create a resource policy.