Configure Amazon EventBridge to send data to the Splunk Platform¶
- Go to the AWS Management Console to configure Amazon EventBridge to send data to the Splunk platform. See https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-api-destination-create.html.
- Repeat this process for each token that you configured in the HTTP event collector, or that Splunk Support configured for you.
- When prompted during the configuration, enter the following information:
| Field in Amazon EventBridge configuration page | Value |
|---|---|
| API destination endpoint | If you are using managed Splunk Cloud, enter your ELB URL in this format:https://http-inputs-.splunkcloud.com:443/services/collector/raw. For example, if your Splunk Cloud URL is https://mydeployment.splunkcloud.com, enter https://http-inputs-mydeployment.splunkcloud.com:443/services/collector/raw.If you are on a distributed Splunk Enterprise deployment, enter the URL and port of your data receiver node. For example, if you have an ELB that proxies traffic to your indexers with DNS name example-test-123456789.us-east-1.elb.amazonaws.com and port 443, enter https://example-test-123456789.us-east-1.elb.amazonaws.com:443/services/collector/raw.If you want to send data directly to multiple Splunk indexers acting as your data collection nodes, you need a URL that resolves to multiple IP addresses (one for each node) with the port enabled for HTTP event collector on those nodes. For example, if the hostname that resolves to your indexers is inputs.example-deployment.com, enter https://inputs.example-deployment.com:8088/services/collector/raw.If you are on a single-instance Splunk Enterprise deployment, enter the HEC endpoint URL and port. For example, if your HEC endpoint is https://10.130.33.112:8088/services/collector/raw, enter https://10.130.33.112:8088/services/collector/raw. |
| HTTP method | Select POST. |
| Connection type | Select Create a new connection. |
| API type | Choose Public, unless your Splunk deployment is hosted in a VPC with a private link. In that case, choose Private. |
| Configure authorization | Select Use partner template and choose Splunk from the dropdown menu. |
| Authorization type | Select API key. Use Authorization as API key name and Splunk <YourHECToken> as the API key value. |
After you configure Amazon EventBridge to send data to the Splunk platform, go to the Splunk search page and search for the source types of the data you are collecting. See Source types for the Splunk Add-on for AWS for a list of source types that this add-on applies to your EventBridge data.
If you are unable to see your data in the Splunk platform, see Troubleshoot the Splunk Add-on for Amazon Web Services.