Stream logs to Splunk

DataStream 2 supports sending logs to Splunk. It is an interface that lets you search, monitor, and analyze your data.

Depending on your choice, DataStream 2 can upload either uncompressed or compressed log files.

Before you begin

To use Splunk as a destination for your logs, you need to:

Set up an HTTP Event Collector instance (HEC), create a token, and enable it. Set up an HEC instance that matches the type of Splunk software you use. See Set up and use HTTP Event Collector in Splunk Web.
Save the HEC token that you enabled, and the URL for your event connector. The URL structure depends on the type of your Splunk instance. See Send data to Event Collector.

In Destination, select Splunk.
In Display name, enter a human-readable description for the destination. The name can’t be longer than 255 characters.
In Endpoint, enter the HTTP Event Collector URL to a Splunk endpoint, where you want to send your logs in the <protocol>://<host>:<port>/<endpoint> format. For example,https://<splunk-host>:8088/services/collector/raw. The URL can’t be longer than 1000 characters.
DataStream 2 supports only Splunk HEC URLs for raw events. Entering endpoint URLs ending with /collector or /collector/event will result in an error.
In Event collector token, enter the HEC token you created and enabled in Splunk.
If you want to send compressed GZIP logs to this destination, check Send compressed data.
Click Validate & Save to validate the connection to the destination and save the details you provided.