Send data to Splunk

Log in to your Onum tenant and click Data Sinks> New Data sink.

Double-click the Splunk HEC Sink.

Enter a Name for the new Data Sink. Optionally, add a Description and some Tags to identify the Sink.

Decide whether or not to include this Data sink info in the metrics and graphs of the Home area.

Add the Splunk instance URL*

• For on-premises deployments, this will be <protocol>://<host>

• In Cloud deployment setups, this will be <protocol>://http-inputs-<host>.splunkcloud.com

Find all your instances in My Splunk > Instances.

For the URL port number*, if not specified, port 8088 is used by default.

Choose how to Authenticate your connection to Splunk.

• For Token authentication, choose the required Token*. Select your token from the list of your tenant's Secrets or create a new one.

  
• For Basic authentication, enter your Username* and Password*. Select your password from the list of your tenant's Secrets or create a new one.

  The username is the same as the one used to log in to the instance via the browser, and the password is the token value you'll use.

  

In the Secrets area, New secret to create a new one:

• Give the secret a Name.

• Turn off the Expiration date option.

• Click Add new value and paste the corresponding value.

• Click Save.

You can now select the created secrets in the configuration.

Choose whether to send the message in JSON or Raw format.

If you want to send your events in raw format. Set the following parameters:

• Channel* - Indicate the ID of the channel used to send events. This helps streamline event searches on the server. Learn more about channels in this article.

• Source type* - Select the required source type to parse your data from the dropdown list. See here for a comprehensive list.

  • Choose manual if you don't have a specific source type to use.

  • Select none to add a custom source type in the Custom source type* field that appears.

  Learn how to create new source types here.

Activate the Bulk configuration toggle if you want to allow bulk sending. Configure the following parameters:

• Event time limit* - If the bulk amount is not reached, enter the maximum time lapse between sends (in seconds). The minimum value is 1.

Now, set the conditions to trigger bulk sending:

• Event amount - Enter the maximum number of events per batch. The minimum value is 1 and the maximum value is 15000 (default).

• Event size - Enter the maximum number of bytes in each batch. The minimum value is 1 and the maximum value is 5000000 (default).

Activate the TLS configuration toggle if you want to set a TLS connection. Configure the following parameters:

• Minimum TLS version* - Choose the minimum TLS version required for incoming connections.

• Certificate* - Select your CA certificate from the list of your tenant's Secrets or create a new one.

• Private key* - Select your private key from the list of your tenant's Secrets or create a new one.

By default, the Skip TLS validations toggle is activated. Deactivate it to configure the following:

• CA chain* - CA chain used by the Data sink to verify client certificates. Choose it from the list of your tenant's Secrets or create a new one.

• Subject Alternative Name - Optionally, enter a Subject Alternative Name (SAN) for your TLS connection.

If your organization uses proxy servers, activate the Proxy configuration toggle and establish the connection here:

• Scheme* - Choose the required proxy scheme (HTTP or HTTPS).

• Host* - Set the required proxy address.

• Port* - Set the required proxy port.

• Username - Enter your proxy username.

• Password - Select your proxy password from the list of your tenant's Secrets or create a new one.

Activate the Use Gzip compression toggle to allow using this type of compression.