Feature: Events to Splunk

Overview

The Support Application provides a method of sending events directly to Splunk from the device. The desired Splunk instance will need to support the HTTP Event Collection endpoint.

Configuration

Basic configuration values needed:

  • ignoreSSLCerts - set to True, to bypass SSL Cert issues with Splunk
  • splunkUrl - The Splunk Host / Port to send event data
  • splunkAuthToken - HEC authorization token
  • splunkApiPath - collector path, typically services/collector/raw

Example:

{
      ...
    "emsSupportTool" : {
        ...
        "ignoreSSLCerts": true,
        "splunkUrl": "https://input-prd-p-xq37wf7l8c7l.cloud.splunk.com:8088",
        "splunkAuthToken": "adkkdkd-043c-4936-8f1b-1askldsakl",
        "splunkApiPath" : "services/collector/raw",
    }
     ...
}

Feature Introduced

Feature introduced in Support Application 5.4.4.