Create a Splunk Profile Service
Use the following procedure to create an alert profile for the Splunk service:
Before you begin
You must have the following configured and ready:
-
Create an API Key in Multicloud Defense and store both the key and secret. See Create an API Key in Multicloud Defense for more information.
-
Set up the HTTP Event Collector (HEC) in Splunk Web. See Configure HTTP Event Collector on Splunk Cloud for more information.
-
Your Splunk HEC must have the following configured:
-
HEC must be enabled.
-
You must have at least one active HEC token available.
-
You must use an active token to authenticate into HEC.
-
You must format the data that goes to HEC in a certain way. See Format events for HTTP Event Collector.
-
Procedure
Step 1 | Navigate to . |
Step 2 | Click Create. |
Step 3 | Name - Enter unique name for the alert integration. |
Step 4 | Description (optional) - Enter a description for the alert integration. |
Step 5 | Type - Using the pulldown, choose Splunk. |
Step 6 | API Key - Copy the Splunk API key generated above, or other PagerDuty API Key as desired. |
Step 7 | Check the Skip Verify Certificate box if your server doesnt have certificates with SAN field matching with domain. If you server does have ceritficats with SAN fields matching the domain, leave this unchecked. |
Step 8 | Index(default - main) is Splunk's default index where all the processed data is stored. This is provided when you configure the Splunk HEC. |
Step 9 | Enter the API URL for the Splunk HTTP Event Collector. We recommend this URL |
Step 10 | Click Save. |
What to do next
Create an alert rule with this new profile.