Skip to content

Feature: Events to Splunk


The Support Application provides a method of sending events directly to Splunk from the device. The desired Splunk instance will need to support the HTTP Event Collection endpoint.


Basic configuration values needed:

  • ignoreSSLCerts - set to True, to bypass SSL Cert issues with Splunk
  • splunkUrl - The Splunk Host / Port to send event data
  • splunkAuthToken - HEC authorization token
  • splunkApiPath - collector path, typically services/collector/raw


    "emsSupportTool" : {
        "ignoreSSLCerts": true,
        "splunkUrl": "",
        "splunkAuthToken": "adkkdkd-043c-4936-8f1b-1askldsakl",
        "splunkApiPath" : "services/collector/raw",

Feature Introduced

Feature introduced in Support Application 5.4.4.