Using Splunk to receive data from Azion Data Streaming
Data Streaming is one of Azion’s Observe products designed to help you access your content and application data in real time. To successfully use Data Streaming with connectors, you first need to set up the endpoints.
After completing the initial setup, you can use Splunk to receive data from Azion Data Streaming. Once you finish connecting the endpoint, you can improve your monitoring and use other Azion products to continue exploring information on your data.
Continue reading this hands-on guide to see step by step of how to connect Splunk’s endpoint to Data Streaming.
To use Splunk as a destination for your logs, you’ll need to:
- Create and configure a HTTP Event Collector (HEC) instance corresponding to the type of Splunk instance you’re using.
- Create a HEC token.
- Enable the created HEC token.
- Save the HEC token you’ve enabled and your event’s connector URL.
The URL structure varies depending on the Splunk instance you’re using.
Find more details about Splunk configurations in the documentation page.
2. Configuring the new endpoint in Azion DataStreaming
Next, you’ll follow these steps to configure the new endpoint you created in Splunk in your Azion Data Streaming.
- If you are a new user of Data Streaming, access the Account Menu > Billing & Subscriptions in Real-Time Manager (RTM) and enable the product in the Subscriptions tab.
- On the upper left corner of the page, select Products Menu > Data Streaming.
- Click the Add Streaming button.
- Type a name for your Data Streaming.
- In the Data Source dropdown list, select the option you’ll use:
- Edge Applications
- Edge Functions
- WAF Events
For more information on creating Edge Applications, see the documentation page.
- In Template, choose the option that fits your Data Source choice:
- WAF Event Collector
- Edge Functions Event Collector
- Edge Applications + WAF Event Collector
- Custom Template
In case you select Custom Template, you’ll need to provide information in a JSON format in the Data Set field.
- In Options, you can:
- Select Filter Domains and add the domains you want to receive the logs by selecting them in the Available Domains box.
- Select All Domains.
- In the Destination configurations, select Splunk from the Endpoint Type dropdown list.
- Fill the following fields:
- Splunk URL: URL that will receive the collected data from Data Streaming. If you have an alternative index to point, you can add it at the end of the URL. For example: https://inputs.splunkcloud.com:8080/services/collector?index=myindex
- API Key: The HTTP Event Collector Token provided in your Splunk installation. Here’s an example of the generated token:
- Make sure the Active switch is on.
- Click the Save button.
After saving the configurations, you can keep track of the calls made by Data Streaming to Splunk in the Real-Time Events product, available at the Products Menu in RTM. To do so, select the Data Source > Data Streaming and choose the filters options as you desire.
Splunk is a registered trademark of Splunk Inc in the United States and other countries.
Didn’t find what you were looking for? Open a support ticket.