Splunk

• Prerequisites
• Setup Instructions
  • Step 1: Configure Splunk HEC
  • Step 2: Configure Destination in Datable
• Configuration Options
• Troubleshooting
  • Events Not Appearing
  • Authentication Errors
• Support

Send data to Splunk using the HTTP Event Collector (HEC) for centralized logging and analysis.

Prerequisites

• Splunk instance with HEC enabled
• HEC token configured

Setup Instructions

Step 1: Configure Splunk HEC

1. In Splunk, enable HTTP Event Collector
2. Create a new HEC token
3. Note the token and HEC endpoint URL

Step 2: Configure Destination in Datable

1. Navigate to Destinations in Datable
2. Select Splunk HTTP
3. Provide configuration:
   • Destination Name: A descriptive name
   • HEC URL: Your Splunk HEC endpoint
   • HEC Token: Authentication token
   • Index: Target Splunk index
   • Source Type: Event source type
4. Click Save

Configuration Options

• Batch Size: Events per request
• Compression: Enable gzip compression
• SSL Verification: Certificate validation
• Custom Fields: Add metadata fields

Troubleshooting

Events Not Appearing

• Verify HEC token is enabled
• Check index permissions
• Review firewall settings

Authentication Errors

• Confirm HEC token is correct
• Check token permissions
• Verify SSL certificates

Support

For additional support with the Splunk integration, please contact the Datable support team.